legionfonts.com Open in urlscan Pro
188.42.162.76 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://legionfonts.com/
Submission: On February 01 via manual (February 1st 2023, 12:15:47 pm UTC) from IN — Scanned from DE

Summary HTTP 226 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 41 IPs in 9 countries across 25 domains to perform 226 HTTP transactions. The main IP is 188.42.162.76, located in Luxembourg and belongs to WEBZILLA, NL. The main domain is legionfonts.com.

This is the only time legionfonts.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
23	188.42.162.76 188.42.162.76	35415 (WEBZILLA) (WEBZILLA)
2	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:400d:80c::2002	15169 (GOOGLE) (GOOGLE)
1 1	13.32.27.75 13.32.27.75	16509 (AMAZON-02) (AMAZON-02)
1	13.32.27.61 13.32.27.61	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
5 10	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206f:e400:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.125.136.212 3.125.136.212	16509 (AMAZON-02) (AMAZON-02)
25	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	65.9.66.108 65.9.66.108	16509 (AMAZON-02) (AMAZON-02)
5	2600:9000:211... 2600:9000:211a:a600:1d:85c3:6640:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400d:803::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:80a::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400d:802::2002	15169 (GOOGLE) (GOOGLE)
49	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:400d:80d::2002	15169 (GOOGLE) (GOOGLE)
6	185.29.132.242 185.29.132.242	30419 (MEDIAMATH...) (MEDIAMATH-INC)
3 4	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
2	142.250.201.195 142.250.201.195	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
8	138.201.63.150 138.201.63.150	24940 (HETZNER-AS) (HETZNER-AS)
2	92.123.37.164 92.123.37.164	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	176.9.26.250 176.9.26.250	24940 (HETZNER-AS) (HETZNER-AS)
3	46.4.10.47 46.4.10.47	24940 (HETZNER-AS) (HETZNER-AS)
2	2a0b:4d07:401::1 2a0b:4d07:401::1	44239 (PROINITY ...) (PROINITY PROINITY)
4 4	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
2	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
2	18.168.165.36 18.168.165.36	16509 (AMAZON-02) (AMAZON-02)
2 4	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
2 2	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
2	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
2	104.96.132.42 104.96.132.42	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:400d:80c::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:80a::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:80d::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:803::2008	15169 (GOOGLE) (GOOGLE)
2	52.222.139.62 52.222.139.62	16509 (AMAZON-02) (AMAZON-02)
2	18.66.15.61 18.66.15.61	16509 (AMAZON-02) (AMAZON-02)
4	3.9.112.14 3.9.112.14	16509 (AMAZON-02) (AMAZON-02)
226	41

23 188.42.162.76 (Luxembourg)

ASN35415 (WEBZILLA, NL)
PTR: ispmanager1.v.fozzy.com

legionfonts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:400d:80c::2002 (Ireland)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.75 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-75.fra56.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-61.fra56.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:6b8::1:119 (Moscow, Russian Federation) 5 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:e400:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.125.136.212 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-136-212.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-108.fra56.r.cloudfront.net

count-server.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:211a:a600:1d:85c3:6640:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-cdn.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:803::2002 (Ireland)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80a::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:802::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:400d:80d::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.29.132.242 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.201.195 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s35-in-f3.1e100.net

p4-ha6ua5mzwf7xe-g35hqfdymarasv6b-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 138.201.63.150 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.150.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 92.123.37.164 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-37-164.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 176.9.26.250 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.250.26.9.176.clients.your-server.de

hal900014.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.4.10.47 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.47.10.4.46.clients.your-server.de

hal90002.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:401::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 145.239.193.130 (France) 4 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.168.165.36 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-168-165-36.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.70 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.23.99.218 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.96.132.42 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a104-96-132-42.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80c::200e (Ireland)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80a::200e (Ireland)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80d::200e (Ireland)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:803::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.139.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-62.ams50.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.15.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-15-61.vie50.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.9.112.14 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-9-112-14.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
67	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	723 KB
29	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 29 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 219491	252 KB
24	gstatic.com fonts.gstatic.com p4-ha6ua5mzwf7xe-g35hqfdymarasv6b-if-v6exp3-v4.metric.gstatic.com www.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com	334 KB
23	legionfonts.com legionfonts.com	212 KB
15	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 31195 hal900014.redintelligence.net — Cisco Umbrella Rank: 188515 hal90002.redintelligence.net — Cisco Umbrella Rank: 244314	106 KB
10	sharethis.com 1 redirects platform-api.sharethis.com — Cisco Umbrella Rank: 4428 buttons-config.sharethis.com — Cisco Umbrella Rank: 5738 l.sharethis.com — Cisco Umbrella Rank: 4655 count-server.sharethis.com — Cisco Umbrella Rank: 13367 platform-cdn.sharethis.com — Cisco Umbrella Rank: 11064	52 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 186	432 KB
8	mathtag.com tags.mathtag.com — Cisco Umbrella Rank: 4453 pixel.mathtag.com — Cisco Umbrella Rank: 975	6 KB
8	google.com 3 redirects adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	2 KB
8	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 295 fonts.googleapis.com — Cisco Umbrella Rank: 34	39 KB
7	yandex.com 3 redirects mc.yandex.com — Cisco Umbrella Rank: 9092	2 KB
6	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 19463 api.webgains.io — Cisco Umbrella Rank: 57676	62 KB
6	medialead.de 6 redirects pv.medialead.de — Cisco Umbrella Rank: 49955 medialead.de — Cisco Umbrella Rank: 49425	2 KB
3	yandex.ru 2 redirects mc.yandex.ru — Cisco Umbrella Rank: 3735	58 KB
2	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 58936	6 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	80 KB
2	awin1.com www.awin1.com — Cisco Umbrella Rank: 15368	1 KB
2	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 89372	624 B
2	webgains.com track.webgains.com — Cisco Umbrella Rank: 47375	4 KB
2	media01.eu pb.media01.eu — Cisco Umbrella Rank: 51826	829 B
2	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 125862	2 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 8741	696 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 21	20 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 742	72 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 858	607 B
226	25

	Domain	Requested by
49	tpc.googlesyndication.com	googleads.g.doubleclick.net legionfonts.com tpc.googlesyndication.com pagead2.googlesyndication.com
25	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net legionfonts.com
23	legionfonts.com	legionfonts.com
18	pagead2.googlesyndication.com	legionfonts.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
10	fonts.gstatic.com	legionfonts.com fonts.googleapis.com
9	www.googletagservices.com	googleads.g.doubleclick.net
8	hal9000.redintelligence.net	legionfonts.com hal900014.redintelligence.net hal90002.redintelligence.net
7	fonts.googleapis.com	googleads.g.doubleclick.net hal900014.redintelligence.net hal90002.redintelligence.net
7	mc.yandex.com	3 redirects legionfonts.com
6	www.gstatic.com	googleads.g.doubleclick.net
6	tags.mathtag.com	googleads.g.doubleclick.net tags.mathtag.com
5	platform-cdn.sharethis.com	legionfonts.com
4	api.webgains.io	analytics.webgains.io
4	5994599.fls.doubleclick.net	2 redirects legionfonts.com
4	pv.medialead.de	4 redirects
4	hal900014.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900014.redintelligence.net
4	www.google.com	3 redirects tpc.googlesyndication.com
4	adservice.google.com	pagead2.googlesyndication.com 5994599.fls.doubleclick.net
3	hal90002.redintelligence.net	hal9000.redintelligence.net hal90002.redintelligence.net
3	mc.yandex.ru	2 redirects legionfonts.com
2	cdn.track.production.webgains.team	googleads.g.doubleclick.net
2	analytics.webgains.io	track.webgains.com
2	www.googletagmanager.com	adv.office-partner.de
2	encrypted-tbn2.gstatic.com	legionfonts.com
2	encrypted-tbn1.gstatic.com	legionfonts.com
2	encrypted-tbn0.gstatic.com	legionfonts.com
2	www.awin1.com	googleads.g.doubleclick.net
2	ad-server.eu	googleads.g.doubleclick.net
2	medialead.de	2 redirects
2	track.webgains.com	legionfonts.com
2	pb.media01.eu	hal900014.redintelligence.net hal90002.redintelligence.net
2	adv.office-partner.de	hal900014.redintelligence.net hal90002.redintelligence.net
2	pixel.mathtag.com	tags.mathtag.com
2	p4-ha6ua5mzwf7xe-g35hqfdymarasv6b-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-ha6ua5mzwf7xe-g35hqfdymarasv6b-if-v6exp3-v4.metric.gstatic.com
2	adservice.google.de	pagead2.googlesyndication.com
2	www.google-analytics.com	legionfonts.com www.google-analytics.com
2	platform-api.sharethis.com	1 redirects legionfonts.com
2	maxcdn.bootstrapcdn.com	legionfonts.com maxcdn.bootstrapcdn.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	count-server.sharethis.com	platform-api.sharethis.com
1	l.sharethis.com	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	ajax.googleapis.com	legionfonts.com
226	43

This site contains links to these domains. Also see Links.

Domain
ru.legionfonts.com
vk.com
www.facebook.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2022-10-18` - `2023-03-30`	5 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
sharethis.com Amazon	`2022-06-19` - `2023-07-18`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-18` - `2023-04-25`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
redintelligence.net R3	`2022-12-05` - `2023-03-05`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
adv.office-partner.de R3	`2023-01-01` - `2023-04-01`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-05-20` - `2023-05-21`	a year	crt.sh
*.webgains.com Amazon	`2022-06-14` - `2023-07-13`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
www.awin1.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-18` - `2023-04-19`	a year	crt.sh
*.webgains.io Amazon	`2022-08-23` - `2023-09-21`	a year	crt.sh
cdn.track.production.webgains.team Amazon	`2022-09-29` - `2023-10-28`	a year	crt.sh

This page contains 36 frames:

Primary Page: http://legionfonts.com/
Frame ID: 05EEAB5665BAA012C8033BAADC4F61D5
Requests: 58 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20190131/zrt_lookup.html
Frame ID: 90E81246AE1BE9B40A9E2EC958CE5BBA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=639621840&adf=3220732023&pi=t.ma~as.8759776057&w=1140&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=1140x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741530&bpp=3&bdt=264&idt=324&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&correlator=8028008848254&frm=20&pv=2&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=700&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=x11NHvwnyW&p=http%3A//legionfonts.com&dtd=349
Frame ID: 3F3F2B97B66E9ECBBA7ED6A574BF332A
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=2334688461&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741533&bpp=1&bdt=268&idt=355&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=2643&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=16PltRtiY1&p=http%3A//legionfonts.com&dtd=358
Frame ID: 3CA8B3F13834160A544D0E5092A18308
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361
Frame ID: B258870085AB963F45BE349C9C7FA214
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=3927259650&adk=1708141794&adf=2682461192&pi=t.ma~as.3927259650&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=270&idt=362&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1636&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=rCJDzYB28H&p=http%3A//legionfonts.com&dtd=364
Frame ID: 5A9F66883B6626A10B81E87BA07F9531
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=2295884158&adf=3620188380&pi=t.ma~as.8759776057&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=269&idt=366&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461%2C360x280&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1956&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3enEpMI86B&p=http%3A//legionfonts.com&dtd=368
Frame ID: 45F6778D7BACAF771663C6EC98CF1980
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&adk=1812271804&adf=3025194257&lmt=1675253741&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&plas=212x675_l%7C212x945_r&format=0x0&url=http%3A%2F%2Flegionfonts.com%2F&ea=0&pra=7&wgl=1&dt=1675253741547&bpp=2&bdt=281&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461%2C360x280%2C360x280&nras=1&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=6&uci=a!6&fsb=1&dtd=372
Frame ID: FEC6172D1AFBBEF045F56DC6EF652153
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 1004C4CAD66A241AFA5446C14BC58035
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CCsb_7VfaY6a9O_e1vPIP886BYM-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTQwNDk0NjA5NzMxODgyODDIAQmoAwGqBM0BT9CO6P9ZgMv-Nu1jkmDw3-1bqJWFI_1QmcJboau-6ImC0WCXkQBEG02KnOiR1UjPmCFvKe877IsufHWerH6BOveAfJ4OKsBH3dA-thnsVLbf8cGq-CF8zbO5rzyruIfwyoB-s3lraJ8g-6dX7THqwEh4Jk01Fn_SeiZW1KSA-rsD3o_yczGk4spnqO8QI5fpE-94JE50zKLNOocyUQsEj1lKkdoT0iFlFGAUvmLs0W2xilqg-zpYrlgnM3GLqyFfGGyaYJ2Pcxpg9zayoIAGyZH3mtnQr63UAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNDA0OTQ2MDk3MzE4ODI4MBgA&sigh=YeO2e4O05pA&uach_m=[UACH]&cid=CAQSGwDUE5ymZGEZ_9ta4nuXjAM2Bg6erqtj-Th9ZhgB&tpd=AGWhJmv0i34Zr9GxiefYlUwu69da029I526_mDSOdER3kzzWT40P_U7JjDYMjQHIvQxx3IOmr_ieXiRINvi_B8fzuC2jiOJrEKOVoLKE82WxVsMScFChArX0b9IRVfT1un6d0hvkP5jsOR4VB0qsLCOhbAZjC66nRiTgQMl-mnZi9tycFU5EpNAcWVgZMYVf3qhUpUrrrmkE8gUQ7RWJC2yl3PqNNZjrg8fEUz7nuVoKvELVU4ifulMY17oPT5qmo_0nujy8mAicixdwI9YygAbaShgi7Mwh3ucfEx2CH7YMq9rizXHfVdiKbpogFnao9kLnM8v4mPRhbpVmYcXe9Mry7H7HXIhiCfZhmHpfN9BWQLw5bgG8mAp7bcQ1PKjjWd5G0Upz0QZ4fjlbrXCUnYi_PVkLYYkGcjv2qeg3WddmqNKJgcBYVfN9NghtauVj5rpg7H1Boo_-WKbaw651KiesFAp-K-usUD3HNeO38rFYJLF544bS1D81mgiLNlRokBzU3HzFxxkiFZmXTnHBW_VQMKUipdqvxo2ErbX7Yh4OgmeSDzEf79OSAMf2P5LmJoxwE5e2_cs0fgLvjbuzAcldXJx0-nbCe_hglbqXdjzJRWguBznelXB2bnJ-QX7TongKH0F-cqCfO0a50tqL9p7l1VHVzwBbn3LOOdhdrXaj2Q4883JXvVvzHpLmI14SXLUzBjV3q201sS9_LC5jeBP7_H3Ccq0qneGRigS0VB7SkvQzb9fEX5kanRGUh0X8DegjIreXXkhZFShuzqpDHxc67b3lhERuzu0FmZx1_dMa9mMC-_xl1Hd8MPPnDK1OaiisMbngS02Z0FgfW621nwpjujArpnfGoyxvrvdyFoOTpGNSMHbpYa4S4jUPcjIG4BGojSVf-H1XT_rx29URntjyZXoM9lYMlnWP4WZNRlpg5pbU78KrjmjqVfyufa15BXdnq6H58E09jY4wCsadravNiXOcfPAFlkDrkwzA4W8mLjaDIapxnqiWfwDfL6g4_dRDqocdwBPCNOPlQpfrjuMKEBvCrJE0cARAEs9we4n9EYQvHnpcLYc8yqmtX7coJp8VbXuwtfkgaDneOeV2biB5_FPYFQJ04qg36MpTndBsXBu8WbYYhLdrvgA
Frame ID: F9DC9F2C3601A860625365C4CD04C2F6
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: DD15740276D8DB690CD7866324D0558E
Requests: 2 HTTP requests in this frame

Frame: https://p4-ha6ua5mzwf7xe-g35hqfdymarasv6b-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: 8BC1EC1BF3E4DB2D5E64966ECFB35907
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=C7qtn7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTNAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPhOEwIeHH2wxgp1qJ2KyhvmDOEDs5u7R4Wt2lL2yOVoP6bFnHWsSABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTQwNDk0NjA5NzMxODgyODAYAA&sigh=bheJtfHFx_Q&uach_m=[UACH]&cid=CAQSGwDUE5ym-6XggUjKvG43fnQMWwenZpWPfO9yExgB&tpd=AGWhJmtc_-3OSJshdE750LG6YXrIjYGp3pCkAMO8IrcoqWOEwGUu4dCgUWimTFodt_grh6Z5_2_P67_MGxsH9x_Vijz_fBNR0dwtfTcHe5Q2MtzRIUA_tvHVLQKHeevfqOcXe2B00nxeWhc3kRM6g86H0qLUOWL4oB46PyGViIqFUZlF97B5B9KtvC9Tb9twOEzkEYMx6oOfcxv3OP4AYFj668S_LnZPc2cb9jJSG0d7orU9G3EHFwVQfNRpQrI7T2qoMI65GA7DPD4NauuvUHYDinFYvXhCskwN1TNibnWZ4W_aiiIDXLMl3m-f7VwPJjnI0iGKVC8WzQB2EmTwvDb-XB5AN9Dsd5vYchNq5WTkDjbW67lUp5tkmCBY7x9CECGogS7hh5sVt7WkPJxlAPdAJyyuLveQx4xwc4VarAB1r2jQBobRhXiTDsLt6IfNxRWCsSDho5yzt6_NSlBI7IF59HYdApOrph4PU0VMrpYFPimGzyESCE8MLxi7jpE5st56a1T1yKuednJx2MOrLlCzCAmEhlDKg7ob0DxY759qoGDjMMQcAZvT-StyhtkYnn0EV6uec3SCLLockgsvVdGIbk9PbACTLSA_K8HTW2yMYJxvtVjsQg2ziqr-qKmHBduQ-leB2dmu9ZPR6MBPCnotJziULoxG0yywj2JAnkFmMdvcrsXhlqjBe7qEHfvB4zJnLKvNZ6WXSVqT-CRcaU_fHcKiJ48EczpwcQjdNyRO1jQzaSFWNCVLt6M0gZbg7r_Mf4vlasi0oESFGVCQyJgnSJZZ1uriqfyrjns9RBVNMZD6gYr4rRGgPIu_BUxuswsSmYQLrdhoyxBP4wiHcpEsht9-5q2UrFL9PJI_SVXI_IWHbKZaYhZwgLAw_NnQn_zXnxZ0hmodDQoqpAnnPq8MvMdW1pyFdHhrS4fb18XpOf27-gO9_OJxpQl-2Ts9DmGIfoxprt0gKbbNHSS8KM8I9_EjT1NIstLbJX7cICeS7Dq5rDAs5LfC-FPt1kXWp9dQFPohmOYUL3AfN1XQgeP34AaQWMs1r8BqpVa4UrlO_YCTy2e_QxaeIhhATgiMA8R75MMBEwqHTlhXovSRNWK0dnDI3VjVB0FzBfgGswW46-FRmiP7jIQodQ
Frame ID: 73A9140D0B376F6817ECD3DBA0126EBB
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js
Frame ID: 806A7B452DD31825CA0151893ED4B06C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js
Frame ID: CB563451F2479F32C2C569B3E57A7878
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js
Frame ID: 4C3A700B69CE68D20018B54EEE00F795
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1
Frame ID: BC9AC9B3DB34E204B47449B8A439F938
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1
Frame ID: 205C026B74E1B75D013AEC988986295B
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1
Frame ID: 1CCEC53DD175E6023C80F179A6935188
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1
Frame ID: 45AE6662F5DABA80230FD28B17661843
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/index.html
Frame ID: 87A63E938E99703B519CD463BCEA2C9A
Requests: 12 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 1C852A15D85FE3B976F3A27C1C70F71E
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D5A59F8BE1AAE616D854C26F9A2DA9EA
Requests: 2 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 08AFC9489782D0C159F9992C9A615B5F
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=63773300087986300951407012222014&actionid=981741&produktid=&dt_url=
Frame ID: 03BB2685EE963547C1EFC720BA92F078
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMmImsKm9PwCFYVIHgIdyvEILw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4816599952758.065
Frame ID: 8E1DE2FCA73974B2FD3B8CDFD6A634DA
Requests: 2 HTTP requests in this frame

Frame: https://hal900014.redintelligence.net/request_content.php?s=63773300087986300951407012222014&a=305f86b5
Frame ID: 0E0F352D6B575A620C684EEAE1669C51
Requests: 8 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 57EF6B2CE1D97DA2DC12634A849CE34C
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=92883300089544500951407012222002&actionid=981741&produktid=&dt_url=
Frame ID: 3DD4F4A2B964A7581EB89B268305A39F
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNaLmsKm9PwCFTNWwgodlBYO0Q;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3001110567332.6523
Frame ID: 2F29F2DCE53E1CC44DC3795D4C09C664
Requests: 2 HTTP requests in this frame

Frame: https://hal90002.redintelligence.net/request_content.php?s=92883300089544500951407012222002&a=a3a6ddda
Frame ID: 6C1F8F8D537B220BB6ED72967D68BB09
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js
Frame ID: 6347661EE29499B86EC866C63FBA179E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js
Frame ID: F934BEFD870CA15004F0E1CBD613187E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js
Frame ID: 9BAA44549BC20DDAD0D0C6D36A9F47FE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8780D33134AB511E696D2E8DBA15C9D6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 436C01255DB604B9480C0DA12E112D53
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

LegionFonts: Download 60378 Fonts

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

prettyPhoto (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery\.prettyPhoto\.js

Page Statistics

226
Requests

84 %
HTTPS

51 %
IPv6

25
Domains

43
Subdomains

41
IPs

9
Countries

2460 kB
Transfer

6022 kB
Size

26
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: http://ru.legionfonts.com/
Title: РУССКИЙ

Search URL Search Domain Scan URL

URL: https://vk.com/legionfonts

Search URL Search Domain Scan URL

URL: https://www.facebook.com/legionfonts/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

http://platform-api.sharethis.com/js/sharethis.js HTTP 301
https://platform-api.sharethis.com/js/sharethis.js

Request Chain 45

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9901.NSs2OBjt90qjwdVWSZnZDV5a9gX4BQmkcwyZpc83AVngcP1JmreWEtXx_ULRR3Q6.LXO1B2ieTOXVNUvRCmTmuaJyNIQ%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9901.rMD2DwI6VvQUoB8i1lQNICOBxB6QAkRAKcfdQXzMgWnwshz53adhtI__MvINjepBhxGSSmqzbBugiGUXAwR4keQQt0OWh4GdkqCgJtZTve8%2C.LdL8ctWPrGzlOcufOyh7WIhwcKw%2C

Request Chain 56

https://mc.yandex.com/watch/43528364?wmode=7&page-url=http%3A%2F%2Flegionfonts.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3llbk0t3v1opl3fs6ve8z%3Afp%3A657%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1062198392055%3Ahid%3A247342012%3Az%3A0%3Ai%3A20230201121541%3Aet%3A1675253742%3Ac%3A1%3Arn%3A222198102%3Arqn%3A1%3Au%3A1675253742700874964%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A33%2C28%2C495%2C1%2C0%2C0%2C%2C248%2C4%2C%2C%2C%2C806%3Aco%3A0%3Acpf%3A1%3Antf%3A1%3Ans%3A1675253740707%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1675253742%3At%3ALegionFonts%3A%20Download%2060378%20Fonts&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(2) HTTP 302
https://mc.yandex.com/watch/43528364/1?wmode=7&page-url=http%3A%2F%2Flegionfonts.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3llbk0t3v1opl3fs6ve8z%3Afp%3A657%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1062198392055%3Ahid%3A247342012%3Az%3A0%3Ai%3A20230201121541%3Aet%3A1675253742%3Ac%3A1%3Arn%3A222198102%3Arqn%3A1%3Au%3A1675253742700874964%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A33%2C28%2C495%2C1%2C0%2C0%2C%2C248%2C4%2C%2C%2C%2C806%3Aco%3A0%3Acpf%3A1%3Antf%3A1%3Ans%3A1675253740707%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1675253742%3At%3ALegionFonts%3A%20Download%2060378%20Fonts&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29

Request Chain 57

https://mc.yandex.com/sync_cookie_image_check_secondary HTTP 302
https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=9901.12CCFAEX6Hw2GecEfG7CRTbW-pZeqs5lAAsxOwYEHcczVUrR7Kstd6CZbqwTxMXf.v3TdS_X7THmpyU52TS1M7iBtAM4%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide_secondary?token=9901.MpRLJDN0X0BjtvHNUrVfB9GtZ47pEp8PdE0tQiihMsJjCu4jFh1qXqJBoMInYlGTCc-i-FlLyUioocgQpN0uJxqqo8wUFn_OU22yu0Y1f34%2C.cIcI3CQLr4pD-t5k7h2eaWjD2AE%2C

Request Chain 79

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 95

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 111

https://hal900014.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=f8778bb8b9&subid=&uid=ecdac8309aec7110&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D9gpOPMDkWLwFeSfvBQNJdA%26exch_seat%3D20035004448%26mt_aid%3D8691134666064488422%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_cid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCX8CC7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTQAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPxuMRs017fwvtAxIiAOwOTn3aGoczlayZ5x3lgJYvSK_iwsB7XUk8koWABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1zRNeAHnLfbwPickJzr0H-B9l-lg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4049460973188280%26output%3Dhtml%26h%3D280%26slotname%3D3927259650%26adk%3D1708141794%26adf%3D2682461192%26pi%3Dt.ma~as.3927259650%26w%3D360%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1675253741%26rafmt%3D1%26format%3D360x280%26url%3Dhttp%253A%252F%252Flegionfonts.com%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26dt%3D1675253741535%26bpp%3D1%26bdt%3D270%26idt%3D362%26shv%3Dr20230125%26mjsv%3Dm202301190101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1140x280%252C750x461%252C750x461%26correlator%3D8028008848254%26frm%3D20%26pv%3D1%26ga_vid%3D1562666858.1675253742%26ga_sid%3D1675253742%26ga_hid%3D2072381198%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26adx%3D1010%26ady%3D1636%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C31071811%26oid%3D2%26pvsid%3D697255621503209%26tmod%3D817463369%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26xpc%3DrCJDzYB28H%26p%3Dhttp%253A%2F%2Flegionfonts.com%26dtd%3D364&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Flegionfonts.com&random=5899533681099&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900014.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=f8778bb8b9&subid=&uid=ecdac8309aec7110&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D9gpOPMDkWLwFeSfvBQNJdA%26exch_seat%3D20035004448%26mt_aid%3D8691134666064488422%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_cid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCX8CC7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTQAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPxuMRs017fwvtAxIiAOwOTn3aGoczlayZ5x3lgJYvSK_iwsB7XUk8koWABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1zRNeAHnLfbwPickJzr0H-B9l-lg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4049460973188280%26output%3Dhtml%26h%3D280%26slotname%3D3927259650%26adk%3D1708141794%26adf%3D2682461192%26pi%3Dt.ma~as.3927259650%26w%3D360%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1675253741%26rafmt%3D1%26format%3D360x280%26url%3Dhttp%253A%252F%252Flegionfonts.com%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26dt%3D1675253741535%26bpp%3D1%26bdt%3D270%26idt%3D362%26shv%3Dr20230125%26mjsv%3Dm202301190101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1140x280%252C750x461%252C750x461%26correlator%3D8028008848254%26frm%3D20%26pv%3D1%26ga_vid%3D1562666858.1675253742%26ga_sid%3D1675253742%26ga_hid%3D2072381198%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26adx%3D1010%26ady%3D1636%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C31071811%26oid%3D2%26pvsid%3D697255621503209%26tmod%3D817463369%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26xpc%3DrCJDzYB28H%26p%3Dhttp%253A%2F%2Flegionfonts.com%26dtd%3D364&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Flegionfonts.com&random=5899533681099&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 166

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 168

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=63773300087986300951407012222014&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=63773300087986300951407012222014&actionid=981741&produktid=&dt_url=

Request Chain 170

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4816599952758.065 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMmImsKm9PwCFYVIHgIdyvEILw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4816599952758.065

Request Chain 172

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=63773300087986300951407012222014 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=63773300087986300951407012222014 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 177

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=92883300089544500951407012222002&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=92883300089544500951407012222002&actionid=981741&produktid=&dt_url=

Request Chain 179

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3001110567332.6523 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CNaLmsKm9PwCFTNWwgodlBYO0Q;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3001110567332.6523

Request Chain 181

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=92883300089544500951407012222002 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=92883300089544500951407012222002 HTTP 302
https://ad-server.eu/wm/pb/native.png

226 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
legionfonts.com/ 27 KB
6 KB 556ms
495ms Document
text/html 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: a809913a90f05f7a3cca68229ab4d0e3e59eb9be0230c53ac91692232ee5ef2a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 01 Feb 2023 12:15:41 GMT
Expires: Thu, 02 Feb 2023 00:15:40 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H/1.1 200
OK bootstrap.css
legionfonts.com/css/ 118 KB
20 KB 30ms
30ms Stylesheet
text/css 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://legionfonts.com/css/bootstrap.css
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: e80656bef24caf99fc3319a6bab31f3de64b7acf4766018d5e00e6b2935ac390

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Aug 2017 16:52:50 GMT
Server: nginx
ETag: W/"59a44a62-1d9e8"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 27 KB
7 KB 79ms
31ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 940
age: 2455949
cdn-cachedat: 07/06/2022 16:35:57
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"4fbd15cb6047af93373f4f895639c8bf"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: c2ac29fefd200cd8a80bd09221b23858
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 792a9d2b3e112c1b-FRA
cdn-requestpullsuccess: True

GET
H/1.1 200
OK style.css
legionfonts.com/css/ 15 KB
4 KB 58ms
29ms Stylesheet
text/css 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://legionfonts.com/css/style.css
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 31f63637d9078c622334df3ca6ad6b59c8ecad463787f9b460f8be4f633e5223

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Content-Encoding: gzip
Last-Modified: Sun, 03 Dec 2017 10:57:49 GMT
Server: nginx
ETag: W/"5a23d8ad-3b67"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK legionfonts-logo.png
legionfonts.com/img/ 17 KB
18 KB 58ms
29ms Image
image/png 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://legionfonts.com/img/legionfonts-logo.png
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 9b102dc5e03cfe55b244c73c73d81ea980ff5c3947d005e7ee7d9da6116cd289

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Last-Modified: Mon, 28 Aug 2017 16:53:00 GMT
Server: nginx
ETag: "59a44a6c-44e1"
Content-Type: image/png
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17633
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK antique-olive-compact-font.jpg
legionfonts.com/img-fonts/antique-olive-compact/ 10 KB
10 KB 57ms
28ms Image
image/jpeg 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://legionfonts.com/img-fonts/antique-olive-compact/antique-olive-compact-font.jpg
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 96047da552e7b5fb39cf3889b24fdf23fafe9b65d545ac192bf9101f5183c5ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Last-Modified: Mon, 28 Aug 2017 18:36:51 GMT
Server: nginx
ETag: "59a462c3-27fc"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10236
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK arial-bold-italic-font.jpg
legionfonts.com/img-fonts/arial-bold-italic/ 11 KB
12 KB 60ms
29ms Image
image/jpeg 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://legionfonts.com/img-fonts/arial-bold-italic/arial-bold-italic-font.jpg
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 05ba82d70aa106b4b3a8cd113c2911d2baee03d8a2256091360f1c9013f073a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Last-Modified: Mon, 28 Aug 2017 18:46:18 GMT
Server: nginx
ETag: "59a464fa-2d94"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11668
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK sofia-pro-bold-font.jpg
legionfonts.com/img-fonts/sofia-pro-bold/ 10 KB
10 KB 28ms
28ms Image
image/jpeg 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://legionfonts.com/img-fonts/sofia-pro-bold/sofia-pro-bold-font.jpg
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: ee65ee7e55c397506c66caa9bbc0e9ba0c72c750070d6cbdfd362f1e29f1e85e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Last-Modified: Sun, 03 Sep 2017 13:14:50 GMT
Server: nginx
ETag: "59ac004a-26a5"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9893
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK arial-italic-font.jpg
legionfonts.com/img-fonts/arial-italic/ 12 KB
12 KB 29ms
29ms Image
image/jpeg 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://legionfonts.com/img-fonts/arial-italic/arial-italic-font.jpg
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 39a85228c66c4f0b56bbcbca8b9a8b70ee31db38c20a37b2f78792f724ef3bd4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Last-Modified: Mon, 28 Aug 2017 18:46:41 GMT
Server: nginx
ETag: "59a46511-2e74"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11892
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK propisi-font.jpg
legionfonts.com/img-fonts/propisi/ 4 KB
4 KB 28ms
28ms Image
image/jpeg 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://legionfonts.com/img-fonts/propisi/propisi-font.jpg
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 304d9052cbb93a071a2e78bd2b1d3eeb83011fc0cad5285aaf7b24ef1048cb9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Last-Modified: Sun, 03 Sep 2017 13:57:30 GMT
Server: nginx
ETag: "59ac0a4a-f48"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3912
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK banty-bold-font.jpg
legionfonts.com/img-fonts/banty-bold/ 12 KB
12 KB 29ms
29ms Image
image/jpeg 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://legionfonts.com/img-fonts/banty-bold/banty-bold-font.jpg
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 99c3df45b308051c97b1f28f8cae361fa333d4efefe0d0a35d91610baf3233b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Last-Modified: Mon, 28 Aug 2017 19:29:01 GMT
Server: nginx
ETag: "59a46efd-30a1"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12449
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK metroplex-shadow-font.jpg
legionfonts.com/img-fonts/metroplex-shadow/ 12 KB
13 KB 28ms
28ms Image
image/jpeg 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://legionfonts.com/img-fonts/metroplex-shadow/metroplex-shadow-font.jpg
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 85562940aae6b0f25dc7be19fbaa935f76193bef96a62dc2a5f3a8968735160f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Last-Modified: Sun, 03 Sep 2017 14:24:20 GMT
Server: nginx
ETag: "59ac1094-30f3"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12531
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK pfagoraslabpro-bold-font.jpg
legionfonts.com/img-fonts/pfagoraslabpro-bold/ 11 KB
11 KB 29ms
29ms Image
image/jpeg 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://legionfonts.com/img-fonts/pfagoraslabpro-bold/pfagoraslabpro-bold-font.jpg
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 5e10dd7f468c97913a2d9f1d1259a1e748a582497f311038a30ad24822e4e0d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Last-Modified: Sun, 03 Sep 2017 14:10:27 GMT
Server: nginx
ETag: "59ac0d53-2b34"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11060
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK v5-pixelpals-font.jpg
legionfonts.com/img-fonts/v5-pixelpals/ 15 KB
15 KB 28ms
28ms Image
image/jpeg 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://legionfonts.com/img-fonts/v5-pixelpals/v5-pixelpals-font.jpg
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 6cd949324510b10b42681406cb44c0068dfdae102e29a0bbc4b55087882647b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Last-Modified: Sun, 03 Sep 2017 20:18:44 GMT
Server: nginx
ETag: "59ac63a4-3a62"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14946
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK abbieshire-font.jpg
legionfonts.com/img-fonts/abbieshire/ 10 KB
10 KB 28ms
28ms Image
image/jpeg 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://legionfonts.com/img-fonts/abbieshire/abbieshire-font.jpg
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: d3e18e3c529c5111d5e0237d5f459ada3bc0e3cf5300fe637ce5390ddd2461a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Last-Modified: Mon, 28 Aug 2017 17:31:10 GMT
Server: nginx
ETag: "59a4535e-267b"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9851
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ 94 KB
33 KB 77ms
23ms Script
text/javascript 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 12:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87238
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33576
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Jan 2024 12:01:43 GMT

GET
H/1.1 200
OK bootstrap.min.js Show response
legionfonts.com/js/ 28 KB
8 KB 30ms
30ms Script
application/javascript 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://legionfonts.com/js/bootstrap.min.js
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Aug 2017 16:53:04 GMT
Server: nginx
ETag: W/"59a44a70-71b6"
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK retina-1.1.0.js Show response
legionfonts.com/js/ 4 KB
2 KB 28ms
28ms Script
application/javascript 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://legionfonts.com/js/retina-1.1.0.js
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 982fa97eccae21e893548687e91b35de93861805706a57fa1eab73455f9ed72f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Aug 2017 16:53:05 GMT
Server: nginx
ETag: W/"59a44a71-f9b"
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK jquery.hoverdir.js Show response
legionfonts.com/js/ 5 KB
2 KB 29ms
29ms Script
application/javascript 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://legionfonts.com/js/jquery.hoverdir.js
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: c50883db64c29539a40e6b1164789cd2ab1c269a0e29c05fc0046e1807d85788

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Aug 2017 16:53:04 GMT
Server: nginx
ETag: W/"59a44a70-14bb"
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK jquery.hoverex.min.js Show response
legionfonts.com/js/ 4 KB
2 KB 29ms
29ms Script
application/javascript 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://legionfonts.com/js/jquery.hoverex.min.js
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 1c54011d828ac230f54e1ea9c9a2e5c151d1ea3ade910debea2b2f44793bf757

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Aug 2017 16:53:05 GMT
Server: nginx
ETag: W/"59a44a71-eb8"
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK jquery.prettyPhoto.js Show response
legionfonts.com/js/ 22 KB
6 KB 29ms
28ms Script
application/javascript 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://legionfonts.com/js/jquery.prettyPhoto.js
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 7d4adb5e9401f2d3c71467d1c2ab1a153e5b65fdc1d9f90ba7504fd700d7fac6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Aug 2017 16:53:05 GMT
Server: nginx
ETag: W/"59a44a71-562c"
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK jquery.isotope.min.js Show response
legionfonts.com/js/ 16 KB
5 KB 37ms
37ms Script
application/javascript 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://legionfonts.com/js/jquery.isotope.min.js
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 98d6427651f10db6f71e5f7ee348dbf2718fc7079e9db54bc40846e41643dc6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Aug 2017 16:53:05 GMT
Server: nginx
ETag: W/"59a44a71-3ea1"
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK custom.js Show response
legionfonts.com/js/ 368 B
602 B 31ms
31ms Script
application/javascript 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://legionfonts.com/js/custom.js
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: ffdfbb33ca9ff9ce340303397828f0545bdee4784e46474f02f3d8d239da24eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Aug 2017 16:53:04 GMT
Server: nginx
ETag: W/"59a44a70-170"
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H/1.1 404
Not Found modernizr.js
legionfonts.com/js/ 0
0 29ms
29ms Script
text/html 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://legionfonts.com/js/modernizr.js
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 149 KB
52 KB 141ms
107ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

HTTP/1.1

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c9136e86ccc22618d1c6f2932ce155eac7315251ed2e63b41b8b2b62ce9adf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Length: 52962
X-XSS-Protection: 0
Server: cafe
ETag: 7726442504543552756
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=3600
Timing-Allow-Origin: *
Expires: Wed, 01 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK jquery-1.5.1.min.js Show response
legionfonts.com/js/ 83 KB
30 KB 59ms
30ms Script
application/javascript 188.42.162.76
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://legionfonts.com/js/jquery-1.5.1.min.js
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Server: 188.42.162.76 , Luxembourg, ASN35415 (WEBZILLA, NL),
Reverse DNS: ispmanager1.v.fozzy.com
Software: nginx /
Resource Hash: 764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Aug 2017 16:53:04 GMT
Server: nginx
ETag: W/"59a44a70-14d0c"
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Wed, 08 Feb 2023 12:15:41 GMT

GET
H2

200

sharethis.js Show response
platform-api.sharethis.com/js/
Redirect Chain

http://platform-api.sharethis.com/js/sharethis.js
https://platform-api.sharethis.com/js/sharethis.js

197 KB
44 KB

73ms
26ms

Script
text/javascript

13.32.27.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Server

13.32.27.61 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-61.fra56.r.cloudfront.net

Software

Resource Hash

4c762350bf5dcf159a3adfddb1c33d90a8d85daaf7c5de9ea82b5fd201dd2d5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:08:56 GMT
content-encoding: gzip
via: 1.1 8e83c42d247a31c5b365c08a0352d8f8.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-C2
age: 405
etag: W/"31224-Gf78CYYYtb3Uvr+/+bTpOi3PB9M"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-cache: Hit from cloudfront
x-amz-cf-id: 2dqIZDj2_a9FUhlTfMuu62sXQmF4RGLUCjHFs7j-PgMP1bsvGNkVgA==

Redirect headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Via: 1.1 0d5d2d408eb42296c7636196e25ef8a2.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: FRA56-C2
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://platform-api.sharethis.com/js/sharethis.js
Connection: keep-alive
Content-Length: 167
X-Amz-Cf-Id: stMf56BuBzHcsbZXkiHWbozhxPkBzgp8UTXCWczq1NSk2Omu_4tigw==

GET
H/1.1 200
OK PKCRbVvRfd5n7BTjtGiFZPk_vArhqVIZ0nv9q090hN8.woff2
fonts.gstatic.com/s/raleway/v11/ 20 KB
21 KB 41ms
21ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/raleway/v11/PKCRbVvRfd5n7BTjtGiFZPk_vArhqVIZ0nv9q090hN8.woff2

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/css/style.css

Protocol

HTTP/1.1

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14127780573f882562c896db948eb0a8b6ba1e4abc3d1055e7294134bc562eb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Origin: http://legionfonts.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Fri, 27 Jan 2023 22:07:47 GMT
X-Content-Type-Options: nosniff
Age: 396474
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 20692
X-XSS-Protection: 0
Last-Modified: Thu, 19 May 2016 23:52:54 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sat, 27 Jan 2024 22:07:47 GMT

GET
H/1.1 200
OK tI4j516nok_GrVf4dhunkg.woff2
fonts.gstatic.com/s/lato/v13/ 22 KB
22 KB 42ms
21ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/lato/v13/tI4j516nok_GrVf4dhunkg.woff2

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/css/style.css

Protocol

HTTP/1.1

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40ceb670daf6af4dd3bbac15882e7da081e2948058c5e76ab0ae694474a1d1d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Origin: http://legionfonts.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Fri, 27 Jan 2023 19:07:07 GMT
X-Content-Type-Options: nosniff
Age: 407314
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 22256
X-XSS-Protection: 0
Last-Modified: Thu, 09 Feb 2017 19:14:11 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sat, 27 Jan 2024 19:07:07 GMT

GET
H/1.1 200
OK JbtMzqLaYbbbCL9X6EvaI_k_vArhqVIZ0nv9q090hN8.woff2
fonts.gstatic.com/s/raleway/v11/ 20 KB
21 KB 43ms
23ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/raleway/v11/JbtMzqLaYbbbCL9X6EvaI_k_vArhqVIZ0nv9q090hN8.woff2

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/css/style.css

Protocol

HTTP/1.1

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cb9e995177b57d7c077041796176f1c1a95c3105d6a1437c3d8d970d0d8f81fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Origin: http://legionfonts.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Sat, 28 Jan 2023 02:51:55 GMT
X-Content-Type-Options: nosniff
Age: 379426
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 20528
X-XSS-Protection: 0
Last-Modified: Thu, 19 May 2016 23:53:43 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sun, 28 Jan 2024 02:51:55 GMT

GET
H/1.1 200
OK 0dTEPzkLWceF7z0koJaX1A.woff2
fonts.gstatic.com/s/raleway/v11/ 20 KB
21 KB 44ms
23ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/raleway/v11/0dTEPzkLWceF7z0koJaX1A.woff2

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/css/style.css

Protocol

HTTP/1.1

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

026c2cd9d5f266ad0361ea023a215d23d06d997084148ddc6967013ce364f23c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Origin: http://legionfonts.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Fri, 27 Jan 2023 22:19:42 GMT
X-Content-Type-Options: nosniff
Age: 395759
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 20332
X-XSS-Protection: 0
Last-Modified: Thu, 19 May 2016 23:52:52 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sat, 27 Jan 2024 22:19:42 GMT

GET
H/1.1 200
OK 1YwB1sO8YE1Lyjf12WNiUA.woff2
fonts.gstatic.com/s/lato/v13/ 23 KB
23 KB 42ms
21ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/lato/v13/1YwB1sO8YE1Lyjf12WNiUA.woff2

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/css/style.css

Protocol

HTTP/1.1

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9687ee5934e8a8b125cd0e3f7e21b9eea12c5eba602dfb12941aeafaad44fbe3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Origin: http://legionfonts.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Fri, 27 Jan 2023 02:10:18 GMT
X-Content-Type-Options: nosniff
Age: 468323
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 23216
X-XSS-Protection: 0
Last-Modified: Thu, 09 Feb 2017 19:14:22 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sat, 27 Jan 2024 02:10:18 GMT

GET
H2 200 watch.js Show response
mc.yandex.ru/metrika/ 162 KB
57 KB 218ms
70ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

aea8d6d7292a79ae391517c8ec2c0f3b55c34b20c1eb330a24edaaadc4cca3d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "63c93a4b-e351"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 58193
expires: Wed, 01 Feb 2023 13:15:41 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 88ms
24ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 01 Feb 2023 10:54:50 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 4851
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Wed, 01 Feb 2023 12:54:50 GMT

GET
H3 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/ 65 KB
66 KB 54ms
31ms Font
font/woff2 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Origin: http://legionfonts.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723
age: 8254878
cdn-cachedat: 08/15/2022 13:52:58
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 66624
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: "db812d8a70a4e88e888744c1c9a27e89"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 98c0da23e142c1938e42dd9b3b39943c
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 792a9d2bbbc46961-FRA
cdn-requestpullsuccess: True

GET
H2 200 58de209b11d0a70011b390c3.js Show response
buttons-config.sharethis.com/js/ 487 B
931 B 87ms
24ms Script
text/javascript 2600:9000:206f:e400:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/58de209b11d0a70011b390c3.js

Requested by

Host: platform-api.sharethis.com
URL: http://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:e400:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2bc20f814dcce1cee809cc335c6e2a665e8321fb085dfac7fc1e5174ec0e9349

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:41 GMT
via: 1.1 afb3db4ac63e94a7684b97827417941c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-C1
age: 4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 487
last-modified: Mon, 28 Jun 2021 10:31:48 GMT
server: AmazonS3
etag: "4e15b804821adbe00091b44f8da115fa"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=60
accept-ranges: bytes
x-amz-cf-id: 2VAxe2e4jSDSehrJFOdtGzC_t1GYGstlcB5rKiwyEzA2cHFFo81qlQ==

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
401 B 109ms
24ms XHR
text/plain 3.125.136.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://l.sharethis.com/pview?event=pview&hostname=legionfonts.com&location=%2F&product=sticky-share-buttons&url=http%3A%2F%2Flegionfonts.com%2F&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=LegionFonts%3A%20Download%2060378%20Fonts&cms=unknown&publisher=58de209b11d0a70011b390c3&sop=true&version=st_sop.js&lang=en&description=LegionFonts%20offers%20a%20wide%20range%20of%20free%20fonts%20for%20desktop%20with%20preview.%20Here%20you%20can%20download%20fonts%20for%20Windows%20and%20Macintosh.

Requested by

Host: platform-api.sharethis.com
URL: http://platform-api.sharethis.com/js/sharethis.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.125.136.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-125-136-212.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:41 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: http://legionfonts.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
206 B 30ms
29ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=2072381198&t=pageview&_s=1&dl=http%3A%2F%2Flegionfonts.com%2F&ul=en-us&de=UTF-8&dt=LegionFonts%3A%20Download%2060378%20Fonts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1006421983&gjid=1851836763&cid=1562666858.1675253742&tid=UA-44580485-5&_gid=554991047.1675253742&_r=1&_slc=1&z=1306556319

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://legionfonts.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 12:15:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://legionfonts.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301190101/ 360 KB
119 KB 190ms
99ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301190101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4049460973188280&plah=legionfonts.com&bust=31071811

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a6569f1f5579aefeb3abc512c7916ce3a98e94ff56990c4b5af05632178aeb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121045
x-xss-protection: 0
server: cafe
etag: 17714841738132771568
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 01 Feb 2023 12:15:41 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230125/r20190131/ Frame 90E8 10 KB
5 KB 75ms
22ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230125/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 76604
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 14:58:57 GMT
etag: 10353107486223812946
expires: Tue, 14 Feb 2023 14:58:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 get_counts Show response
count-server.sharethis.com/v2.0/ 435 B
797 B 102ms
25ms Script
text/javascript 65.9.66.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=http%3A%2F%2Flegionfonts.com%2F

Requested by

Host: platform-api.sharethis.com
URL: http://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.66.108 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-108.fra56.r.cloudfront.net

Software

Resource Hash

89cb6468edc1061183cac2216a72cf9a15139a2ff5c962887a11f0e0347be295

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:56:51 GMT
via: 1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-C1
age: 2104
etag: f117f745e3766184d0dc41b8a1297c30
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=3600
content-length: 435
apigw-requestid: fp3oPgHIoAMEPxA=
x-amz-cf-id: T5wR1RFPnM5kC1oeDDQhYNsdgYEyfNuZ9l7eZcWkL1F8QgnZWyTsdQ==

GET
H2 200 facebook.svg
platform-cdn.sharethis.com/img/ 301 B
727 B 123ms
32ms Image
image/svg+xml 2600:9000:211a:a600:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/facebook.svg

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:a600:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 04:29:27 GMT
via: 1.1 3cf68d8be617999c7beade955cf69ddc.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-C2
age: 1755975
etag: "c6e9be45643e197ce1db1d7e24a99adc"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 301
x-amz-cf-id: mfFygyciUklO45X_Ezmy2VZqCG4M8Q1X693jHofUPu3qG8Pg5v5ilA==

GET
H2 200 twitter.svg
platform-cdn.sharethis.com/img/ 731 B
1 KB 124ms
33ms Image
image/svg+xml 2600:9000:211a:a600:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/twitter.svg

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:a600:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:58:50 GMT
via: 1.1 3cf68d8be617999c7beade955cf69ddc.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-C2
age: 1196211
etag: "0af2fb38987598376c99e21af17ade45"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 731
x-amz-cf-id: kv3ISsai-HgsdZpa3ny3mEoT-J8p8nO2ahwKy0MnwnFPfRiKehxDLA==

GET
H2 200 sharethis.svg
platform-cdn.sharethis.com/img/ 514 B
939 B 125ms
34ms Image
image/svg+xml 2600:9000:211a:a600:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/sharethis.svg

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:a600:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9a83c65bdd0ff9488af9d25720686457ea7295c9c44f9f1d285a0c9ec89bab99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 01:12:37 GMT
via: 1.1 3cf68d8be617999c7beade955cf69ddc.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-C2
age: 1767785
etag: "deecdaa377907db5cc1722fc831670a1"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 514
x-amz-cf-id: c4YaEU_JrbKLXAgtl2RUv5jRIVKDQcUbJWcgF2Utaj98N47lMOTHZw==

GET
H2 200 arrow_left.svg
platform-cdn.sharethis.com/img/ 565 B
991 B 125ms
34ms Image
image/svg+xml 2600:9000:211a:a600:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/arrow_left.svg

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:a600:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 16:12:16 GMT
via: 1.1 3cf68d8be617999c7beade955cf69ddc.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-C2
age: 1713806
etag: "b55d8d2b9321e381a3c38a4bddb74037"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 565
x-amz-cf-id: BHi1vu-K3OQDFT0luRYAZtoRsSCdKZ2YDJawdOGCCD6mh-cESRPIMw==

GET
H2 200 arrow_right.svg
platform-cdn.sharethis.com/img/ 565 B
989 B 126ms
35ms Image
image/svg+xml 2600:9000:211a:a600:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/arrow_right.svg

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:a600:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1bae747c7fd090f56608956a97c870391e1c43f89d24d5766129b75628985c1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 01:14:48 GMT
via: 1.1 3cf68d8be617999c7beade955cf69ddc.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-C2
age: 1508454
etag: "9928d025bd5792b718ee0a185f62e67c"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 565
x-amz-cf-id: zusy-dPmWdtmp6VOv4iTlfnfSTPCdVJb3VouXbIL73Kdgb1dY0XquQ==

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9901.NSs2OBjt90qjwdVWSZnZDV5a9gX4BQmkcwyZpc83AVngcP1JmreWEtXx_ULRR3Q6.LXO1B2ieTOXVNUvRCmTmuaJyNIQ%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9901.rMD2DwI6VvQUoB8i1lQNICOBxB6QAkRAKcfdQXzMgWnwshz53adhtI__MvINjepBhxGSSmqzbBugiGUXAwR4keQQt0OWh4GdkqCgJtZTve8%2C.LdL8ctWPrGzlOcufOyh7WIhwcKw%2C

43 B
91 B

69ms
69ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9901.rMD2DwI6VvQUoB8i1lQNICOBxB6QAkRAKcfdQXzMgWnwshz53adhtI__MvINjepBhxGSSmqzbBugiGUXAwR4keQQt0OWh4GdkqCgJtZTve8%2C.LdL8ctWPrGzlOcufOyh7WIhwcKw%2C

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:42 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9901.rMD2DwI6VvQUoB8i1lQNICOBxB6QAkRAKcfdQXzMgWnwshz53adhtI__MvINjepBhxGSSmqzbBugiGUXAwR4keQQt0OWh4GdkqCgJtZTve8%2C.LdL8ctWPrGzlOcufOyh7WIhwcKw%2C
date: Wed, 01 Feb 2023 12:15:41 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
113 B 151ms
68ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:41 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "63c93a4b-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Wed, 01 Feb 2023 13:15:41 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 397 B
607 B 182ms
56ms Script
text/javascript 2a00:1450:400d:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=legionfonts.com&callback=_gfp_s_&client=ca-pub-4049460973188280

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301190101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4049460973188280&plah=legionfonts.com&bust=31071811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bea5fac5d6e83fea731646d26ab9c1c28713b53c2d54e39e6c541df73e103c82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 221ms
61ms Script
application/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=legionfonts.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 149ms
58ms Script
application/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=legionfonts.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3F3F 96 KB
33 KB 626ms
625ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=639621840&adf=3220732023&pi=t.ma~as.8759776057&w=1140&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=1140x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741530&bpp=3&bdt=264&idt=324&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&correlator=8028008848254&frm=20&pv=2&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=700&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=x11NHvwnyW&p=http%3A//legionfonts.com&dtd=349

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e300204b04aed776df431b8748952bc2db79472861e7c070ffbb4cd6085cdb17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 33286
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:42 GMT
expires: Wed, 01 Feb 2023 12:15:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3CA8 85 KB
32 KB 374ms
374ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=2334688461&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741533&bpp=1&bdt=268&idt=355&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=2643&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=16PltRtiY1&p=http%3A//legionfonts.com&dtd=358

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3812b65bb97be9acccdbf62d57363ac3577560f3002a634aef2eae2e02819839

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 32165
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:42 GMT
expires: Wed, 01 Feb 2023 12:15:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B258 83 KB
31 KB 443ms
443ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d01174a4cfc0a369bbe5c6c2424601603bac9b030f81ee56f35163114a71e06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 31803
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:42 GMT
expires: Wed, 01 Feb 2023 12:15:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5A9F 29 KB
11 KB 574ms
574ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=3927259650&adk=1708141794&adf=2682461192&pi=t.ma~as.3927259650&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=270&idt=362&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1636&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=rCJDzYB28H&p=http%3A//legionfonts.com&dtd=364

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58c088301e8dec84489473d40a914dbfeab3c9f4bea279552ed2a0a266f47678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 11240
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:42 GMT
expires: Wed, 01 Feb 2023 12:15:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 45F6 29 KB
11 KB 467ms
467ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=2295884158&adf=3620188380&pi=t.ma~as.8759776057&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=269&idt=366&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461%2C360x280&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1956&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3enEpMI86B&p=http%3A//legionfonts.com&dtd=368

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cb89a7eebcebe6ab57f91dd1d2c5d83014d12330e5d237a46c350cc1a95eb3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 11281
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:42 GMT
expires: Wed, 01 Feb 2023 12:15:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FEC6 540 KB
111 KB 762ms
762ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&adk=1812271804&adf=3025194257&lmt=1675253741&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&plas=212x675_l%7C212x945_r&format=0x0&url=http%3A%2F%2Flegionfonts.com%2F&ea=0&pra=7&wgl=1&dt=1675253741547&bpp=2&bdt=281&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461%2C360x280%2C360x280&nras=1&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=6&uci=a!6&fsb=1&dtd=372

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4637e3c8f7651c09633af448b3061446b2f1504e95439dc958b543dfb7599259

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 113029
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:42 GMT
expires: Wed, 01 Feb 2023 12:15:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

1 Show response
mc.yandex.com/watch/43528364/
Redirect Chain

https://mc.yandex.com/watch/43528364?wmode=7&page-url=http%3A%2F%2Flegionfonts.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3llbk0t3v1opl3fs6ve8z%3Afp%3A657%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3A...
https://mc.yandex.com/watch/43528364/1?wmode=7&page-url=http%3A%2F%2Flegionfonts.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3llbk0t3v1opl3fs6ve8z%3Afp%3A657%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%...

447 B
530 B

70ms
70ms

XHR
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/43528364/1?wmode=7&page-url=http%3A%2F%2Flegionfonts.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3llbk0t3v1opl3fs6ve8z%3Afp%3A657%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1062198392055%3Ahid%3A247342012%3Az%3A0%3Ai%3A20230201121541%3Aet%3A1675253742%3Ac%3A1%3Arn%3A222198102%3Arqn%3A1%3Au%3A1675253742700874964%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A33%2C28%2C495%2C1%2C0%2C0%2C%2C248%2C4%2C%2C%2C%2C806%3Aco%3A0%3Acpf%3A1%3Antf%3A1%3Ans%3A1675253740707%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1675253742%3At%3ALegionFonts%3A%20Download%2060378%20Fonts&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

3cbca36cd70f56352ebed66d9c92395ab94967601dac16ec76848320d4dfc7a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 12:15:42 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Wed, 01-Feb-2023 12:15:42 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: http://legionfonts.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 447
x-xss-protection: 1; mode=block
expires: Wed, 01-Feb-2023 12:15:42 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Feb 2023 12:15:42 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 01-Feb-2023 12:15:42 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/43528364/1?wmode=7&page-url=http%3A%2F%2Flegionfonts.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3llbk0t3v1opl3fs6ve8z%3Afp%3A657%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1062198392055%3Ahid%3A247342012%3Az%3A0%3Ai%3A20230201121541%3Aet%3A1675253742%3Ac%3A1%3Arn%3A222198102%3Arqn%3A1%3Au%3A1675253742700874964%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A33%2C28%2C495%2C1%2C0%2C0%2C%2C248%2C4%2C%2C%2C%2C806%3Aco%3A0%3Acpf%3A1%3Antf%3A1%3Ans%3A1675253740707%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1675253742%3At%3ALegionFonts%3A%20Download%2060378%20Fonts&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29
access-control-allow-origin: http://legionfonts.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Wed, 01-Feb-2023 12:15:42 GMT

GET
H2

200

sync_cookie_image_decide_secondary
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check_secondary
https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=9901.12CCFAEX6Hw2GecEfG7CRTbW-pZeqs5lAAsxOwYEHcczVUrR7Kstd6CZbqwTxMXf.v3TdS_X7THmpyU52TS1M7iBtAM4%2C
https://mc.yandex.com/sync_cookie_image_decide_secondary?token=9901.MpRLJDN0X0BjtvHNUrVfB9GtZ47pEp8PdE0tQiihMsJjCu4jFh1qXqJBoMInYlGTCc-i-FlLyUioocgQpN0uJxqqo8wUFn_OU22yu0Y1f34%2C.cIcI3CQLr4pD-t5k7h...

43 B
101 B

73ms
73ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide_secondary?token=9901.MpRLJDN0X0BjtvHNUrVfB9GtZ47pEp8PdE0tQiihMsJjCu4jFh1qXqJBoMInYlGTCc-i-FlLyUioocgQpN0uJxqqo8wUFn_OU22yu0Y1f34%2C.cIcI3CQLr4pD-t5k7h2eaWjD2AE%2C

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:42 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide_secondary?token=9901.MpRLJDN0X0BjtvHNUrVfB9GtZ47pEp8PdE0tQiihMsJjCu4jFh1qXqJBoMInYlGTCc-i-FlLyUioocgQpN0uJxqqo8wUFn_OU22yu0Y1f34%2C.cIcI3CQLr4pD-t5k7h2eaWjD2AE%2C
date: Wed, 01 Feb 2023 12:15:42 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 5309941552204635649
tpc.googlesyndication.com/simgad/ Frame 3CA8 43 KB
44 KB 94ms
28ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5309941552204635649?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkBu4_VIFQzROZkcQ4Loo2R13BjJQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=2334688461&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741533&bpp=1&bdt=268&idt=355&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=2643&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=16PltRtiY1&p=http%3A//legionfonts.com&dtd=358

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

491975192626853d975dc47487606cc93ec27640b2dd367c531c7c6f389b3a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 22:21:47 GMT
x-content-type-options: nosniff
age: 309235
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44470
x-xss-protection: 0
last-modified: Mon, 31 Oct 2022 16:59:22 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 28 Jan 2024 22:21:47 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/ Frame 3CA8 22 KB
9 KB 86ms
21ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3201
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 11:22:21 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 3CA8 3 KB
1 KB 81ms
27ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 09:35:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9629
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 09:35:13 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 3CA8 18 KB
7 KB 79ms
24ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76600
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 14:59:02 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3CA8 157 KB
48 KB 265ms
160ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 12:15:42 GMT

GET
H2 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 3CA8 33 KB
13 KB 113ms
60ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b511b5104524c0b25f553fbaa7c6d92564f0770a222d9ad642bffa36aa3920d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 23:51:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44660
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13488
x-xss-protection: 0
server: cafe
etag: 7956080266137140730
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 23:51:22 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3CA8 0
0 73ms
73ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CxQsF7VfaY7LCOsv6xtYP5Y-7kAq9qZGsbqinho70EKWy6c_IAhABILj7shdglfrwgYwHoAGG3ZShAsgBAqgDAcgDyQSqBN0BT9AyWrKHKnQI888RQlLleccvSr6HEEBvfMcgUz9CErjK3Ypc2M24ILzgOHgxd_AK0SVAGWF43NOLFw5_5oiWVoL02zTmbiTPC6ZzlqN06qYL-gufJb4PYwp2uomzNl8OzlbyGh0Wmjb1lXprp_HxPoOoVtbKmsB0Ppd5ShrJbDq9gPeSmqKtbzA0kYY_MNszoDk2gZzNiUOORV42ycKAfKoOqxitl-zgwnYJmA-5KFTHbJr_Ppm7ppnkixFo4mOGXcLE3emj4k_hcQ9ZYB3AfdJdOsNzowIf81ivGoDABLLngYeBBJIFBAgEGAGSBQQIBRgEoAYCgAeYmITgA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcDEP0u0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwzQFQGAFwGyFxwKGggAEhRwdWItNDA0OTQ2MDk3MzE4ODI4MBgA&sigh=-ljh0aUodkY&uach_m=[UACH]&cid=CAQSGwDUE5ymdtfzz6DRzqb5bw_Ked8_tu3wQbamNBgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=2334688461&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741533&bpp=1&bdt=268&idt=355&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=2643&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=16PltRtiY1&p=http%3A//legionfonts.com&dtd=358
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Feb 2023 12:15:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 01 Feb 2023 12:15:42 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B258 0
0 66ms
66ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C5H9B7VfaY6GiO8jgxtYP7vqrqAf_n-2LbYj0o-2uEcCNtwEQASC4-7IXYJX68IGMB6AB8K21twPIAQKoAwHIA8kEqgTVAU_QBBC5iKXnkaDJmV7cJONd27vIyNrf8dgmhLrCf4tv1dwdhNVGgnwIDkJ0PaN_a3-mzGxmlJrLr2YE8CeqlwEMpVkJ1O82h5twPmM4NxmogB_vxJ8EGTpZNByY6nzC-5M90qoO33MsNmse19Gsxp_pu8PW3JwWYOPTJQ-eax0ogIJnE0eUPlDP6zuHxp4Lin4h3s1oz4pE9f16gMx0NbQureuAb2g3kAL1R5sr6MPBtNuzKz2TgB24Chpx--dEaRBNzIrBDZPsQHmL5EnWAVpfaq4xxsAEmsuBsP0DkgUECAQYAZIFBAgFGASgBgKAB_jRykioB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDc4gPSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDNAVAYAXAbIXHAoaCAASFHB1Yi00MDQ5NDYwOTczMTg4MjgwGAA&sigh=uKCqVMJTj5M&uach_m=[UACH]&cid=CAQSGwDUE5ymCoveiwqfE-_WH-vMAexdwKJSrHtQNhgB

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Feb 2023 12:15:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 01 Feb 2023 12:15:42 GMT

GET
H2 200 14832240537043954778
tpc.googlesyndication.com/simgad/ Frame B258 61 KB
61 KB 61ms
61ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14832240537043954778?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnJFsPUkO2DGoPKmYrVAf1vGfW8Jg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe18d414b7475c5ca1dfc73d88a76dba28c5bd4883b085d9fef2d4ac2b8ed68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 08:10:02 GMT
x-content-type-options: nosniff
age: 360340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62029
x-xss-protection: 0
last-modified: Tue, 05 Jul 2022 09:28:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 28 Jan 2024 08:10:02 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/ Frame B258 22 KB
9 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3201
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 11:22:21 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame B258 3 KB
1 KB 68ms
68ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 09:35:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9629
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 09:35:13 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame B258 18 KB
7 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76600
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 14:59:02 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B258 157 KB
48 KB 197ms
153ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 12:15:42 GMT

GET
H2 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame B258 33 KB
13 KB 77ms
77ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b511b5104524c0b25f553fbaa7c6d92564f0770a222d9ad642bffa36aa3920d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 23:51:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44660
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13488
x-xss-protection: 0
server: cafe
etag: 7956080266137140730
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 23:51:22 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1004 143 B
166 B 21ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=2334688461&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741533&bpp=1&bdt=268&idt=355&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=2643&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=16PltRtiY1&p=http%3A//legionfonts.com&dtd=358
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 772
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:02:50 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame F9DC 0
0 68ms
67ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CCsb_7VfaY6a9O_e1vPIP886BYM-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTQwNDk0NjA5NzMxODgyODDIAQmoAwGqBM0BT9CO6P9ZgMv-Nu1jkmDw3-1bqJWFI_1QmcJboau-6ImC0WCXkQBEG02KnOiR1UjPmCFvKe877IsufHWerH6BOveAfJ4OKsBH3dA-thnsVLbf8cGq-CF8zbO5rzyruIfwyoB-s3lraJ8g-6dX7THqwEh4Jk01Fn_SeiZW1KSA-rsD3o_yczGk4spnqO8QI5fpE-94JE50zKLNOocyUQsEj1lKkdoT0iFlFGAUvmLs0W2xilqg-zpYrlgnM3GLqyFfGGyaYJ2Pcxpg9zayoIAGyZH3mtnQr63UAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNDA0OTQ2MDk3MzE4ODI4MBgA&sigh=YeO2e4O05pA&uach_m=[UACH]&cid=CAQSGwDUE5ymZGEZ_9ta4nuXjAM2Bg6erqtj-Th9ZhgB&tpd=AGWhJmv0i34Zr9GxiefYlUwu69da029I526_mDSOdER3kzzWT40P_U7JjDYMjQHIvQxx3IOmr_ieXiRINvi_B8fzuC2jiOJrEKOVoLKE82WxVsMScFChArX0b9IRVfT1un6d0hvkP5jsOR4VB0qsLCOhbAZjC66nRiTgQMl-mnZi9tycFU5EpNAcWVgZMYVf3qhUpUrrrmkE8gUQ7RWJC2yl3PqNNZjrg8fEUz7nuVoKvELVU4ifulMY17oPT5qmo_0nujy8mAicixdwI9YygAbaShgi7Mwh3ucfEx2CH7YMq9rizXHfVdiKbpogFnao9kLnM8v4mPRhbpVmYcXe9Mry7H7HXIhiCfZhmHpfN9BWQLw5bgG8mAp7bcQ1PKjjWd5G0Upz0QZ4fjlbrXCUnYi_PVkLYYkGcjv2qeg3WddmqNKJgcBYVfN9NghtauVj5rpg7H1Boo_-WKbaw651KiesFAp-K-usUD3HNeO38rFYJLF544bS1D81mgiLNlRokBzU3HzFxxkiFZmXTnHBW_VQMKUipdqvxo2ErbX7Yh4OgmeSDzEf79OSAMf2P5LmJoxwE5e2_cs0fgLvjbuzAcldXJx0-nbCe_hglbqXdjzJRWguBznelXB2bnJ-QX7TongKH0F-cqCfO0a50tqL9p7l1VHVzwBbn3LOOdhdrXaj2Q4883JXvVvzHpLmI14SXLUzBjV3q201sS9_LC5jeBP7_H3Ccq0qneGRigS0VB7SkvQzb9fEX5kanRGUh0X8DegjIreXXkhZFShuzqpDHxc67b3lhERuzu0FmZx1_dMa9mMC-_xl1Hd8MPPnDK1OaiisMbngS02Z0FgfW621nwpjujArpnfGoyxvrvdyFoOTpGNSMHbpYa4S4jUPcjIG4BGojSVf-H1XT_rx29URntjyZXoM9lYMlnWP4WZNRlpg5pbU78KrjmjqVfyufa15BXdnq6H58E09jY4wCsadravNiXOcfPAFlkDrkwzA4W8mLjaDIapxnqiWfwDfL6g4_dRDqocdwBPCNOPlQpfrjuMKEBvCrJE0cARAEs9we4n9EYQvHnpcLYc8yqmtX7coJp8VbXuwtfkgaDneOeV2biB5_FPYFQJ04qg36MpTndBsXBu8WbYYhLdrvgA

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=2295884158&adf=3620188380&pi=t.ma~as.8759776057&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=269&idt=366&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461%2C360x280&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1956&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3enEpMI86B&p=http%3A//legionfonts.com&dtd=368
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Feb 2023 12:15:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame F9DC 2 KB
2 KB 506ms
215ms Script
application/x-javascript 185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRZMk56TmhOR1V0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NzM2MDU2MzczNTA5NjM0NTQvNjYyMjMyOC80NTYyMzA2LzQvS3hmM2hodU8waVhhNGlINmh5V3o3TlV2aXRScktpYTNWR3pXSnBUVGc4SS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8xNzczNjA1NjM3MzUwOTYzNDU0L2lhZC8wLzI3My81NS85OTkvMzIyLzIwMDE6MWI2MDoxMDEwOjovMC4wMDAvMTY3NTI1Mzc0Mi8xNjc1MjY2MzQyLzQvcHViLTQwNDk0NjA5NzMxODgyODAv/zPP0HPwKyD_6BPLa1u3KXMESEwM&nodeid=3961&group=iad&auctionid=1773605637350963454&pbs_auctionid=1773605637350963454&shardkey=1773605637350963454&sid=4562306&cid=6622328&bp=a_agiica&nfy_act=LD5weg&type=adm&client=c2s&bfip=216.200.232.66&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCtJ0z7VfaY6a9O_e1vPIP886BYM-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTQwNDk0NjA5NzMxODgyODDIAQmoAwGqBNABT9CO6P9ZgMv-Nu1jkmDw3-1bqJWFI_1QmcJboau-6ImC0WCXkQBEG02KnOiR1UjPmCFvKe877IsufHWerH6BOveAfJ4OKsBH3dA-thnsVLbf8cGq-CF8zbO5rzyruIfwyoB-s3lraJ8g-6dX7THqwEh4Jk01Fn_SeiZW1KSA-rsD3o_yczGk4spnqO8QI5fpE-94JE50zKLNOocyUQsEj1lKkdoT0iEnFkGGEt5I1uAVwvF4u5Wos0wtj3uls8Di2Cw1mjyRXwLOboq1LTUCD4AGyZH3mtnQr63UAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2XZiOSyA5fSf5nn7s5NTCv7kGMlg%26client%3Dca-pub-4049460973188280%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=2295884158&adf=3620188380&pi=t.ma~as.8759776057&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=269&idt=366&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461%2C360x280&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1956&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3enEpMI86B&p=http%3A//legionfonts.com&dtd=368
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.378.0 /
Resource Hash: 6766a094b640c7320ea7ea8a7a16ee91a9059ddb001c1c35e1d0b99a6dff0f6d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:42 GMT
x-mm-nodeid: 3961
Content-Encoding: gzip
x-mm-bid-request-time: 1675253742
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: close
x-mm-handled-by-owner: true
Last-Modified: Wed, 01 Feb 2023 12:15:42 GMT
Server: MMBD/3.378.0
x-mm-latency: 187 (2)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: zrh-router-x64, iad-bidder-x58
x-mm-lag: 0
Expires: Wed, 01 Feb 2023 12:15:41 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame F9DC 3 KB
1 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=2295884158&adf=3620188380&pi=t.ma~as.8759776057&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=269&idt=366&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461%2C360x280&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1956&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3enEpMI86B&p=http%3A//legionfonts.com&dtd=368

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 09:35:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9629
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 09:35:13 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame F9DC 18 KB
7 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76600
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 14:59:02 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F9DC 157 KB
49 KB 92ms
86ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 12:15:42 GMT

GET
DATA 200
OK truncated
/ Frame 3CA8 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d4a77679decd6243b7cafd2bc6f737843c770fe524d565be32248e59b51f8b17

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1004
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

42ms
40ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:42 GMT
expires: Wed, 01 Feb 2023 12:15:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:42 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DD15 143 B
166 B 22ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 772
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:02:50 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 redir.html Show response
p4-ha6ua5mzwf7xe-g35hqfdymarasv6b-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 8BC1 247 B
871 B 205ms
69ms Document
text/html 142.250.201.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-ha6ua5mzwf7xe-g35hqfdymarasv6b-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.201.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s35-in-f3.1e100.net

Software

sffe /

Resource Hash

adabc524c9258e7dffb58fa91dceb4e4f70206b0fd9a599d97e304ca9b39c8fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 205
content-security-policy-report-only: script-src 'nonce-ux4rR4mvRR3XGw9HpZ6W8w' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:42 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
pragma: no-cache
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B258 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be651856477d7a57e86323a1d611b264ca6932af89849e9ceed6635af7401648

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 73A9 0
0 64ms
63ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C7qtn7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTNAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPhOEwIeHH2wxgp1qJ2KyhvmDOEDs5u7R4Wt2lL2yOVoP6bFnHWsSABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTQwNDk0NjA5NzMxODgyODAYAA&sigh=bheJtfHFx_Q&uach_m=[UACH]&cid=CAQSGwDUE5ym-6XggUjKvG43fnQMWwenZpWPfO9yExgB&tpd=AGWhJmtc_-3OSJshdE750LG6YXrIjYGp3pCkAMO8IrcoqWOEwGUu4dCgUWimTFodt_grh6Z5_2_P67_MGxsH9x_Vijz_fBNR0dwtfTcHe5Q2MtzRIUA_tvHVLQKHeevfqOcXe2B00nxeWhc3kRM6g86H0qLUOWL4oB46PyGViIqFUZlF97B5B9KtvC9Tb9twOEzkEYMx6oOfcxv3OP4AYFj668S_LnZPc2cb9jJSG0d7orU9G3EHFwVQfNRpQrI7T2qoMI65GA7DPD4NauuvUHYDinFYvXhCskwN1TNibnWZ4W_aiiIDXLMl3m-f7VwPJjnI0iGKVC8WzQB2EmTwvDb-XB5AN9Dsd5vYchNq5WTkDjbW67lUp5tkmCBY7x9CECGogS7hh5sVt7WkPJxlAPdAJyyuLveQx4xwc4VarAB1r2jQBobRhXiTDsLt6IfNxRWCsSDho5yzt6_NSlBI7IF59HYdApOrph4PU0VMrpYFPimGzyESCE8MLxi7jpE5st56a1T1yKuednJx2MOrLlCzCAmEhlDKg7ob0DxY759qoGDjMMQcAZvT-StyhtkYnn0EV6uec3SCLLockgsvVdGIbk9PbACTLSA_K8HTW2yMYJxvtVjsQg2ziqr-qKmHBduQ-leB2dmu9ZPR6MBPCnotJziULoxG0yywj2JAnkFmMdvcrsXhlqjBe7qEHfvB4zJnLKvNZ6WXSVqT-CRcaU_fHcKiJ48EczpwcQjdNyRO1jQzaSFWNCVLt6M0gZbg7r_Mf4vlasi0oESFGVCQyJgnSJZZ1uriqfyrjns9RBVNMZD6gYr4rRGgPIu_BUxuswsSmYQLrdhoyxBP4wiHcpEsht9-5q2UrFL9PJI_SVXI_IWHbKZaYhZwgLAw_NnQn_zXnxZ0hmodDQoqpAnnPq8MvMdW1pyFdHhrS4fb18XpOf27-gO9_OJxpQl-2Ts9DmGIfoxprt0gKbbNHSS8KM8I9_EjT1NIstLbJX7cICeS7Dq5rDAs5LfC-FPt1kXWp9dQFPohmOYUL3AfN1XQgeP34AaQWMs1r8BqpVa4UrlO_YCTy2e_QxaeIhhATgiMA8R75MMBEwqHTlhXovSRNWK0dnDI3VjVB0FzBfgGswW46-FRmiP7jIQodQ

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=3927259650&adk=1708141794&adf=2682461192&pi=t.ma~as.3927259650&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=270&idt=362&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1636&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=rCJDzYB28H&p=http%3A//legionfonts.com&dtd=364
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Feb 2023 12:15:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 73A9 2 KB
2 KB 193ms
31ms Script
application/x-javascript 185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRZMk56TmhOR1V0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg2OTExMzQ2NjYwNjQ0ODg0MjIvNjYyMjMyOC80NTYyMzA2LzQvS3hmM2hodU8waVhhNGlINmh5V3o3Q3cwM1kwODdXNTZ4UjBFTEEzWHpGNC8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NjkxMTM0NjY2MDY0NDg4NDIyL3pyaC8wLzI3My81NS85OTkvMzIyLzIwMDE6MWI2MDoxMDEwOjovMC4wMDAvMTY3NTI1Mzc0Mi8xNjc1MjY2MzQyLzQvcHViLTQwNDk0NjA5NzMxODgyODAv/JJKa744RLhjHbS4uhYcw-K_lj80&nodeid=3803&group=zrh&auctionid=8691134666064488422&pbs_auctionid=8691134666064488422&shardkey=8691134666064488422&sid=4562306&cid=6622328&bp=a_agiica&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.96&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCX8CC7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTQAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPxuMRs017fwvtAxIiAOwOTn3aGoczlayZ5x3lgJYvSK_iwsB7XUk8koWABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zRNeAHnLfbwPickJzr0H-B9l-lg%26client%3Dca-pub-4049460973188280%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=3927259650&adk=1708141794&adf=2682461192&pi=t.ma~as.3927259650&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=270&idt=362&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1636&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=rCJDzYB28H&p=http%3A//legionfonts.com&dtd=364
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.378.0 /
Resource Hash: 0530c7374154918cb4334c6d42d7fbfaee057b7d4c7c20eca137f42bb5960da8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:42 GMT
x-mm-nodeid: 3803
Content-Encoding: gzip
x-mm-bid-request-time: 1675253742
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: close
x-mm-handled-by-owner: true
Last-Modified: Wed, 01 Feb 2023 12:15:42 GMT
Server: MMBD/3.378.0
x-mm-latency: 1 (1)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: zrh-router-x42, zrh-bidder-x60
x-mm-lag: 0
Expires: Wed, 01 Feb 2023 12:15:41 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 73A9 3 KB
1 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=3927259650&adk=1708141794&adf=2682461192&pi=t.ma~as.3927259650&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=270&idt=362&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1636&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=rCJDzYB28H&p=http%3A//legionfonts.com&dtd=364

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 09:35:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9629
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 09:35:13 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 73A9 18 KB
7 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76600
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 14:59:02 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 73A9 157 KB
48 KB 94ms
93ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 12:15:42 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3F3F 8 KB
1 KB 91ms
33ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=639621840&adf=3220732023&pi=t.ma~as.8759776057&w=1140&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=1140x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741530&bpp=3&bdt=264&idt=324&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&correlator=8028008848254&frm=20&pv=2&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=700&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=x11NHvwnyW&p=http%3A//legionfonts.com&dtd=349

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Feb 2023 12:15:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 11:05:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Feb 2023 12:15:42 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 3F3F 2 KB
765 B 28ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=639621840&adf=3220732023&pi=t.ma~as.8759776057&w=1140&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=1140x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741530&bpp=3&bdt=264&idt=324&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&correlator=8028008848254&frm=20&pv=2&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=700&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=x11NHvwnyW&p=http%3A//legionfonts.com&dtd=349

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3201
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 11:22:21 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/ Frame 3F3F 22 KB
9 KB 29ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=639621840&adf=3220732023&pi=t.ma~as.8759776057&w=1140&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=1140x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741530&bpp=3&bdt=264&idt=324&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&correlator=8028008848254&frm=20&pv=2&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=700&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=x11NHvwnyW&p=http%3A//legionfonts.com&dtd=349

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3201
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 11:22:21 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 3F3F 3 KB
1 KB 31ms
26ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=639621840&adf=3220732023&pi=t.ma~as.8759776057&w=1140&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=1140x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741530&bpp=3&bdt=264&idt=324&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&correlator=8028008848254&frm=20&pv=2&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=700&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=x11NHvwnyW&p=http%3A//legionfonts.com&dtd=349

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 09:35:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9629
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 09:35:13 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 3F3F 18 KB
7 KB 28ms
23ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=639621840&adf=3220732023&pi=t.ma~as.8759776057&w=1140&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=1140x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741530&bpp=3&bdt=264&idt=324&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&correlator=8028008848254&frm=20&pv=2&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=700&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=x11NHvwnyW&p=http%3A//legionfonts.com&dtd=349

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76600
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 14:59:02 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3F3F 157 KB
48 KB 105ms
99ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=639621840&adf=3220732023&pi=t.ma~as.8759776057&w=1140&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=1140x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741530&bpp=3&bdt=264&idt=324&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&correlator=8028008848254&frm=20&pv=2&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=700&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=x11NHvwnyW&p=http%3A//legionfonts.com&dtd=349

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 12:15:42 GMT

GET
H2 200 8aec859a266e19fb42fee7f82edeac28.js Show response
www.gstatic.com/mysidia/ Frame 3F3F 33 KB
14 KB 76ms
21ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=639621840&adf=3220732023&pi=t.ma~as.8759776057&w=1140&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=1140x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741530&bpp=3&bdt=264&idt=324&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&correlator=8028008848254&frm=20&pv=2&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=700&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=x11NHvwnyW&p=http%3A//legionfonts.com&dtd=349

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6612
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14079
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 00:31:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 02 May 2023 10:25:30 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DD15
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

38ms
38ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:42 GMT
expires: Wed, 01 Feb 2023 12:15:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:42 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3F3F 0
0 70ms
65ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=ChVgp7VfaY4WBOs6txtYPzqeIoAfM6OOaWvyv4-qnEcCNtwEQASC4-7IXYJX68IGMB6ABnMbV1APIAQmpAvGE77NEQbI-qAMByAPLBKoE1gFP0GAYzMG5fUWRUlubAJEzrS7lXXMT2oAkqJVZmjMaCo644WdJIYopo7BGbJlNyyvnZFze-imadvBeKJIabwLkxoUNry3AjeBFHSyBo46uHZRhZmBKzb4DtN0tV8fNO94eS1CYfo4ODZJFFwZwx2Xp1wc9MaeXxoRz60FTEh2qzN6gUbl7NLErXZMnUe6bi-j96Go0GER9uP0bUBD93wUv_PulhcXyWLt3Ap-y0tdpgMzQxeWTUfbZ-tycYGD5MyTorkh73cQHMgKaYoR_us0wEZ8nbRyXwATvopOwtQKSBQQIBBgBkgUECAUYBKAGLoAHzLmqK6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEENn8HNIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMK0BUBmBYBgBcBshccChoIABIUcHViLTQwNDk0NjA5NzMxODgyODAYAA&sigh=UQS7yk3xWUA&uach_m=[UACH]&cid=CAQSGwDUE5ymzfi0lIVzJFQXDzaZjhNcriPgo_7QIBgB&template_id=5000

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=639621840&adf=3220732023&pi=t.ma~as.8759776057&w=1140&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=1140x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741530&bpp=3&bdt=264&idt=324&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&correlator=8028008848254&frm=20&pv=2&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=700&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=x11NHvwnyW&p=http%3A//legionfonts.com&dtd=349

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=639621840&adf=3220732023&pi=t.ma~as.8759776057&w=1140&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=1140x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741530&bpp=3&bdt=264&idt=324&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&correlator=8028008848254&frm=20&pv=2&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=700&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=x11NHvwnyW&p=http%3A//legionfonts.com&dtd=349
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Feb 2023 12:15:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/12170002433891528857/ Frame 3F3F 18 KB
18 KB 75ms
70ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12170002433891528857/14763004658117789537?w=600&h=314

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=639621840&adf=3220732023&pi=t.ma~as.8759776057&w=1140&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=1140x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741530&bpp=3&bdt=264&idt=324&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&correlator=8028008848254&frm=20&pv=2&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=700&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=x11NHvwnyW&p=http%3A//legionfonts.com&dtd=349

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec50451f1c97a0ca5df8c05d3e39740502b37e85123b7bcbbaa02f1a25ca044a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:42 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18507
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 13:32:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 01 Feb 2024 12:15:42 GMT

GET
DATA 200
OK truncated
/ Frame 3F3F 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 3F3F 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 3F3F 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fde74653b84899ebcde600b2c9c810ca1b8c94028bfaa9172c6faf74be645afc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 iframe.html Show response
p4-ha6ua5mzwf7xe-g35hqfdymarasv6b-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 8BC1 4 KB
2 KB 70ms
68ms Document
text/html 142.250.201.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-ha6ua5mzwf7xe-g35hqfdymarasv6b-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-ha6ua5mzwf7xe-g35hqfdymarasv6b-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-ha6ua5mzwf7xe-g35hqfdymarasv6b-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.201.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s35-in-f3.1e100.net

Software

sffe /

Resource Hash

51f074163f450f1e5e6e69fb006f202f61816171b815da4348b4d1be2063c1eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-ha6ua5mzwf7xe-g35hqfdymarasv6b-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 1860
content-security-policy-report-only: script-src 'nonce-TIL4cq7eg4USXmdiIT-n4g' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:42 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Thu, 29 Apr 2021 21:38:00 GMT
pragma: no-cache
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js Show response
pagead2.googlesyndication.com/bg/ Frame 806A 36 KB
14 KB 35ms
34ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d54a3e19d60cf239b39137bd230f5a829c7d5c43a109ec28ff2f19acbeda1e1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 08:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13319
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14301
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 08:33:43 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 3F3F 28 KB
28 KB 73ms
22ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 21:35:41 GMT
x-content-type-options: nosniff
age: 484801
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 Jan 2024 21:35:41 GMT

GET
H2 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301190101/ 150 KB
51 KB 169ms
169ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301190101/reactive_library_fy2021.js?bust=31071811

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2557e4d35e58e5d14826828343ca8fee6efa3f86f9e4733029f8586d3686e374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52190
x-xss-protection: 0
server: cafe
etag: 18144990353152046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Feb 2023 12:15:42 GMT

GET
H/1.1 200
OK h78o6ojw9z7r Show response
hal9000.redintelligence.net/zone/ Frame 73A9 11 KB
4 KB 112ms
29ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/h78o6ojw9z7r?subid=&rnd=8691134666064488422&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D9gpOPMDkWLwFeSfvBQNJdA%26exch_seat%3D20035004448%26mt_aid%3D8691134666064488422%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_cid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCX8CC7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTQAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPxuMRs017fwvtAxIiAOwOTn3aGoczlayZ5x3lgJYvSK_iwsB7XUk8koWABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1zRNeAHnLfbwPickJzr0H-B9l-lg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 0a81ff0653ae4abd7694c7600d47f5508b73a77167106d44015fd59665d45175

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:42 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3453
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 73A9 49 B
329 B 30ms
29ms Image
image/gif 185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=8691134666064488422&node_id=3803&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRZMk56TmhOR1V0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg2OTExMzQ2NjYwNjQ0ODg0MjIvNjYyMjMyOC80NTYyMzA2LzQvS3hmM2hodU8waVhhNGlINmh5V3o3Q3cwM1kwODdXNTZ4UjBFTEEzWHpGNC8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NjkxMTM0NjY2MDY0NDg4NDIyL3pyaC8wLzI3My81NS85OTkvMzIyLzIwMDE6MWI2MDoxMDEwOjovMC4wMDAvMTY3NTI1Mzc0Mi8xNjc1MjY2MzQyLzQvcHViLTQwNDk0NjA5NzMxODgyODAv/JJKa744RLhjHbS4uhYcw-K_lj80&nodeid=3803&group=zrh&auctionid=8691134666064488422&pbs_auctionid=8691134666064488422&shardkey=8691134666064488422&sid=4562306&cid=6622328&bp=a_agiica&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.96&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCX8CC7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTQAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPxuMRs017fwvtAxIiAOwOTn3aGoczlayZ5x3lgJYvSK_iwsB7XUk8koWABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zRNeAHnLfbwPickJzr0H-B9l-lg%26client%3Dca-pub-4049460973188280%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.378.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:42 GMT
Server: MMBD/3.378.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x79, zrh-bidder-x60
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Wed, 01 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 73A9 43 B
404 B 185ms
82ms Image
image/gif 92.123.37.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=8691134666064488422&v3=651871&v4=4562306&v5=6622328&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRZMk56TmhOR1V0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg2OTExMzQ2NjYwNjQ0ODg0MjIvNjYyMjMyOC80NTYyMzA2LzQvS3hmM2hodU8waVhhNGlINmh5V3o3Q3cwM1kwODdXNTZ4UjBFTEEzWHpGNC8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NjkxMTM0NjY2MDY0NDg4NDIyL3pyaC8wLzI3My81NS85OTkvMzIyLzIwMDE6MWI2MDoxMDEwOjovMC4wMDAvMTY3NTI1Mzc0Mi8xNjc1MjY2MzQyLzQvcHViLTQwNDk0NjA5NzMxODgyODAv/JJKa744RLhjHbS4uhYcw-K_lj80&nodeid=3803&group=zrh&auctionid=8691134666064488422&pbs_auctionid=8691134666064488422&shardkey=8691134666064488422&sid=4562306&cid=6622328&bp=a_agiica&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.96&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCX8CC7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTQAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPxuMRs017fwvtAxIiAOwOTn3aGoczlayZ5x3lgJYvSK_iwsB7XUk8koWABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zRNeAHnLfbwPickJzr0H-B9l-lg%26client%3Dca-pub-4049460973188280%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.37.164 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-37-164.deploy.static.akamaitechnologies.com
Software: MT3 404 ce67235 master cdg-pixel-x13 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:42 GMT
Server: MT3 404 ce67235 master cdg-pixel-x13 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Wed, 01 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 73A9 49 B
329 B 59ms
28ms Image
image/gif 185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=8691134666064488422&st=4562306&time=1675253742&nodeid=3803
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRZMk56TmhOR1V0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg2OTExMzQ2NjYwNjQ0ODg0MjIvNjYyMjMyOC80NTYyMzA2LzQvS3hmM2hodU8waVhhNGlINmh5V3o3Q3cwM1kwODdXNTZ4UjBFTEEzWHpGNC8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NjkxMTM0NjY2MDY0NDg4NDIyL3pyaC8wLzI3My81NS85OTkvMzIyLzIwMDE6MWI2MDoxMDEwOjovMC4wMDAvMTY3NTI1Mzc0Mi8xNjc1MjY2MzQyLzQvcHViLTQwNDk0NjA5NzMxODgyODAv/JJKa744RLhjHbS4uhYcw-K_lj80&nodeid=3803&group=zrh&auctionid=8691134666064488422&pbs_auctionid=8691134666064488422&shardkey=8691134666064488422&sid=4562306&cid=6622328&bp=a_agiica&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.96&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCX8CC7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTQAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPxuMRs017fwvtAxIiAOwOTn3aGoczlayZ5x3lgJYvSK_iwsB7XUk8koWABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zRNeAHnLfbwPickJzr0H-B9l-lg%26client%3Dca-pub-4049460973188280%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.378.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:42 GMT
Server: MMBD/3.378.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x77, zrh-bidder-x60
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Wed, 01 Feb 2023 12:15:41 GMT

GET
H3 200 1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js Show response
pagead2.googlesyndication.com/bg/ Frame CB56 36 KB
14 KB 37ms
37ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=461&slotname=6780632986&adk=3427534439&adf=1281264905&pi=t.ma~as.6780632986&w=750&lmt=1675253741&rafmt=11&format=750x461&url=http%3A%2F%2Flegionfonts.com%2F&wgl=1&dt=1675253741534&bpp=1&bdt=269&idt=359&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&rplot=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=4131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=q6dt2lryrJ&p=http%3A//legionfonts.com&dtd=361

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d54a3e19d60cf239b39137bd230f5a829c7d5c43a109ec28ff2f19acbeda1e1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 08:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13319
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14301
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 08:33:43 GMT

GET
H3 200 1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js Show response
pagead2.googlesyndication.com/bg/ Frame 4C3A 36 KB
14 KB 36ms
36ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=639621840&adf=3220732023&pi=t.ma~as.8759776057&w=1140&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=1140x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741530&bpp=3&bdt=264&idt=324&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&correlator=8028008848254&frm=20&pv=2&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=230&ady=700&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=x11NHvwnyW&p=http%3A//legionfonts.com&dtd=349

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d54a3e19d60cf239b39137bd230f5a829c7d5c43a109ec28ff2f19acbeda1e1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 08:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13319
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14301
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 08:33:43 GMT

GET
H/1.1

200
OK

request.php Show response
hal900014.redintelligence.net/ Frame 73A9
Redirect Chain

https://hal900014.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=f8778bb8b9&subid=&uid=ecdac8309aec7110&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900014.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=f8778bb8b9&subid=&uid=ecdac8309aec7110&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

168ms
112ms

Script
application/x-javascript

176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=f8778bb8b9&subid=&uid=ecdac8309aec7110&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D9gpOPMDkWLwFeSfvBQNJdA%26exch_seat%3D20035004448%26mt_aid%3D8691134666064488422%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_cid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCX8CC7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTQAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPxuMRs017fwvtAxIiAOwOTn3aGoczlayZ5x3lgJYvSK_iwsB7XUk8koWABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1zRNeAHnLfbwPickJzr0H-B9l-lg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4049460973188280%26output%3Dhtml%26h%3D280%26slotname%3D3927259650%26adk%3D1708141794%26adf%3D2682461192%26pi%3Dt.ma~as.3927259650%26w%3D360%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1675253741%26rafmt%3D1%26format%3D360x280%26url%3Dhttp%253A%252F%252Flegionfonts.com%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26dt%3D1675253741535%26bpp%3D1%26bdt%3D270%26idt%3D362%26shv%3Dr20230125%26mjsv%3Dm202301190101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1140x280%252C750x461%252C750x461%26correlator%3D8028008848254%26frm%3D20%26pv%3D1%26ga_vid%3D1562666858.1675253742%26ga_sid%3D1675253742%26ga_hid%3D2072381198%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26adx%3D1010%26ady%3D1636%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C31071811%26oid%3D2%26pvsid%3D697255621503209%26tmod%3D817463369%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26xpc%3DrCJDzYB28H%26p%3Dhttp%253A%2F%2Flegionfonts.com%26dtd%3D364&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Flegionfonts.com&random=5899533681099&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=3927259650&adk=1708141794&adf=2682461192&pi=t.ma~as.3927259650&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=270&idt=362&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1636&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=rCJDzYB28H&p=http%3A//legionfonts.com&dtd=364
Protocol: HTTP/1.1
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: 688000fe9ae19b4982910eed1e63f9a23a9f051b49a3a32660b9d5e66f573aa2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Feb 2023 12:15:43 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 63773300087986300951407012222014
Connection: close
Content-Length: 1312
Expires: Wed, 01 Feb 2023 12:15:43 +0100

Redirect headers

Pragma: no-cache
Date: Wed, 01 Feb 2023 12:15:42 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=f8778bb8b9&subid=&uid=ecdac8309aec7110&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D9gpOPMDkWLwFeSfvBQNJdA%26exch_seat%3D20035004448%26mt_aid%3D8691134666064488422%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_cid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCX8CC7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTQAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPxuMRs017fwvtAxIiAOwOTn3aGoczlayZ5x3lgJYvSK_iwsB7XUk8koWABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1zRNeAHnLfbwPickJzr0H-B9l-lg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4049460973188280%26output%3Dhtml%26h%3D280%26slotname%3D3927259650%26adk%3D1708141794%26adf%3D2682461192%26pi%3Dt.ma~as.3927259650%26w%3D360%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1675253741%26rafmt%3D1%26format%3D360x280%26url%3Dhttp%253A%252F%252Flegionfonts.com%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26dt%3D1675253741535%26bpp%3D1%26bdt%3D270%26idt%3D362%26shv%3Dr20230125%26mjsv%3Dm202301190101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1140x280%252C750x461%252C750x461%26correlator%3D8028008848254%26frm%3D20%26pv%3D1%26ga_vid%3D1562666858.1675253742%26ga_sid%3D1675253742%26ga_hid%3D2072381198%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26adx%3D1010%26ady%3D1636%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C31071811%26oid%3D2%26pvsid%3D697255621503209%26tmod%3D817463369%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26xpc%3DrCJDzYB28H%26p%3Dhttp%253A%2F%2Flegionfonts.com%26dtd%3D364&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Flegionfonts.com&random=5899533681099&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 01 Feb 2023 12:15:42 +0100

GET
H/1.1 200
OK h78o6ojw9z7r Show response
hal9000.redintelligence.net/zone/ Frame F9DC 11 KB
4 KB 80ms
27ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/h78o6ojw9z7r?subid=&rnd=1773605637350963454&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Dm9YrXefTrXBwBheWjEW-RQ%26exch_seat%3D20035004448%26mt_aid%3D1773605637350963454%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D8e9863da-57ee-4a01-8e91-34c3cde913ed%26mt_cid%3D8e9863da-57ee-4a01-8e91-34c3cde913ed%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCtJ0z7VfaY6a9O_e1vPIP886BYM-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTQwNDk0NjA5NzMxODgyODDIAQmoAwGqBNABT9CO6P9ZgMv-Nu1jkmDw3-1bqJWFI_1QmcJboau-6ImC0WCXkQBEG02KnOiR1UjPmCFvKe877IsufHWerH6BOveAfJ4OKsBH3dA-thnsVLbf8cGq-CF8zbO5rzyruIfwyoB-s3lraJ8g-6dX7THqwEh4Jk01Fn_SeiZW1KSA-rsD3o_yczGk4spnqO8QI5fpE-94JE50zKLNOocyUQsEj1lKkdoT0iEnFkGGEt5I1uAVwvF4u5Wos0wtj3uls8Di2Cw1mjyRXwLOboq1LTUCD4AGyZH3mtnQr63UAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2XZiOSyA5fSf5nn7s5NTCv7kGMlg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 665278381f9245c87d75d02b23e4059102a7961631e70f23f182e3e023bb8535

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:42 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3447
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame F9DC 49 B
329 B 216ms
216ms Image
image/gif 185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=1773605637350963454&node_id=3961&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRZMk56TmhOR1V0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NzM2MDU2MzczNTA5NjM0NTQvNjYyMjMyOC80NTYyMzA2LzQvS3hmM2hodU8waVhhNGlINmh5V3o3TlV2aXRScktpYTNWR3pXSnBUVGc4SS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8xNzczNjA1NjM3MzUwOTYzNDU0L2lhZC8wLzI3My81NS85OTkvMzIyLzIwMDE6MWI2MDoxMDEwOjovMC4wMDAvMTY3NTI1Mzc0Mi8xNjc1MjY2MzQyLzQvcHViLTQwNDk0NjA5NzMxODgyODAv/zPP0HPwKyD_6BPLa1u3KXMESEwM&nodeid=3961&group=iad&auctionid=1773605637350963454&pbs_auctionid=1773605637350963454&shardkey=1773605637350963454&sid=4562306&cid=6622328&bp=a_agiica&nfy_act=LD5weg&type=adm&client=c2s&bfip=216.200.232.66&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCtJ0z7VfaY6a9O_e1vPIP886BYM-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTQwNDk0NjA5NzMxODgyODDIAQmoAwGqBNABT9CO6P9ZgMv-Nu1jkmDw3-1bqJWFI_1QmcJboau-6ImC0WCXkQBEG02KnOiR1UjPmCFvKe877IsufHWerH6BOveAfJ4OKsBH3dA-thnsVLbf8cGq-CF8zbO5rzyruIfwyoB-s3lraJ8g-6dX7THqwEh4Jk01Fn_SeiZW1KSA-rsD3o_yczGk4spnqO8QI5fpE-94JE50zKLNOocyUQsEj1lKkdoT0iEnFkGGEt5I1uAVwvF4u5Wos0wtj3uls8Di2Cw1mjyRXwLOboq1LTUCD4AGyZH3mtnQr63UAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2XZiOSyA5fSf5nn7s5NTCv7kGMlg%26client%3Dca-pub-4049460973188280%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.378.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:43 GMT
Server: MMBD/3.378.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x31, iad-bidder-x58
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Wed, 01 Feb 2023 12:15:42 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame F9DC 43 B
404 B 93ms
72ms Image
image/gif 92.123.37.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=1773605637350963454&v3=651871&v4=4562306&v5=6622328&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRZMk56TmhOR1V0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NzM2MDU2MzczNTA5NjM0NTQvNjYyMjMyOC80NTYyMzA2LzQvS3hmM2hodU8waVhhNGlINmh5V3o3TlV2aXRScktpYTNWR3pXSnBUVGc4SS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8xNzczNjA1NjM3MzUwOTYzNDU0L2lhZC8wLzI3My81NS85OTkvMzIyLzIwMDE6MWI2MDoxMDEwOjovMC4wMDAvMTY3NTI1Mzc0Mi8xNjc1MjY2MzQyLzQvcHViLTQwNDk0NjA5NzMxODgyODAv/zPP0HPwKyD_6BPLa1u3KXMESEwM&nodeid=3961&group=iad&auctionid=1773605637350963454&pbs_auctionid=1773605637350963454&shardkey=1773605637350963454&sid=4562306&cid=6622328&bp=a_agiica&nfy_act=LD5weg&type=adm&client=c2s&bfip=216.200.232.66&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCtJ0z7VfaY6a9O_e1vPIP886BYM-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTQwNDk0NjA5NzMxODgyODDIAQmoAwGqBNABT9CO6P9ZgMv-Nu1jkmDw3-1bqJWFI_1QmcJboau-6ImC0WCXkQBEG02KnOiR1UjPmCFvKe877IsufHWerH6BOveAfJ4OKsBH3dA-thnsVLbf8cGq-CF8zbO5rzyruIfwyoB-s3lraJ8g-6dX7THqwEh4Jk01Fn_SeiZW1KSA-rsD3o_yczGk4spnqO8QI5fpE-94JE50zKLNOocyUQsEj1lKkdoT0iEnFkGGEt5I1uAVwvF4u5Wos0wtj3uls8Di2Cw1mjyRXwLOboq1LTUCD4AGyZH3mtnQr63UAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2XZiOSyA5fSf5nn7s5NTCv7kGMlg%26client%3Dca-pub-4049460973188280%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.37.164 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-37-164.deploy.static.akamaitechnologies.com
Software: MT3 404 ce67235 master zrh-pixel-x13 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:42 GMT
Server: MT3 404 ce67235 master zrh-pixel-x13 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Wed, 01 Feb 2023 12:15:41 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame F9DC 49 B
329 B 214ms
213ms Image
image/gif 185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=1773605637350963454&st=4562306&time=1675253742&nodeid=3961
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRZMk56TmhOR1V0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NzM2MDU2MzczNTA5NjM0NTQvNjYyMjMyOC80NTYyMzA2LzQvS3hmM2hodU8waVhhNGlINmh5V3o3TlV2aXRScktpYTNWR3pXSnBUVGc4SS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8xNzczNjA1NjM3MzUwOTYzNDU0L2lhZC8wLzI3My81NS85OTkvMzIyLzIwMDE6MWI2MDoxMDEwOjovMC4wMDAvMTY3NTI1Mzc0Mi8xNjc1MjY2MzQyLzQvcHViLTQwNDk0NjA5NzMxODgyODAv/zPP0HPwKyD_6BPLa1u3KXMESEwM&nodeid=3961&group=iad&auctionid=1773605637350963454&pbs_auctionid=1773605637350963454&shardkey=1773605637350963454&sid=4562306&cid=6622328&bp=a_agiica&nfy_act=LD5weg&type=adm&client=c2s&bfip=216.200.232.66&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCtJ0z7VfaY6a9O_e1vPIP886BYM-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTQwNDk0NjA5NzMxODgyODDIAQmoAwGqBNABT9CO6P9ZgMv-Nu1jkmDw3-1bqJWFI_1QmcJboau-6ImC0WCXkQBEG02KnOiR1UjPmCFvKe877IsufHWerH6BOveAfJ4OKsBH3dA-thnsVLbf8cGq-CF8zbO5rzyruIfwyoB-s3lraJ8g-6dX7THqwEh4Jk01Fn_SeiZW1KSA-rsD3o_yczGk4spnqO8QI5fpE-94JE50zKLNOocyUQsEj1lKkdoT0iEnFkGGEt5I1uAVwvF4u5Wos0wtj3uls8Di2Cw1mjyRXwLOboq1LTUCD4AGyZH3mtnQr63UAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2XZiOSyA5fSf5nn7s5NTCv7kGMlg%26client%3Dca-pub-4049460973188280%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.378.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:43 GMT
Server: MMBD/3.378.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x26, iad-bidder-x58
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Wed, 01 Feb 2023 12:15:42 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 59ms
58ms Script
application/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=legionfonts.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 57ms
56ms Script
application/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=legionfonts.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/ Frame BC9A 10 KB
4 KB 24ms
24ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 62490
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 18:54:12 GMT
etag: 10353107486223812946
expires: Tue, 14 Feb 2023 18:54:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/ Frame 205C 10 KB
4 KB 21ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 62490
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 18:54:12 GMT
etag: 10353107486223812946
expires: Tue, 14 Feb 2023 18:54:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/ Frame 1CCE 10 KB
4 KB 22ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 62490
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 18:54:12 GMT
etag: 10353107486223812946
expires: Tue, 14 Feb 2023 18:54:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/ Frame 45AE 10 KB
4 KB 23ms
22ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 62490
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 18:54:12 GMT
etag: 10353107486223812946
expires: Tue, 14 Feb 2023 18:54:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request.php Show response
hal90002.redintelligence.net/ Frame F9DC 4 KB
2 KB 190ms
108ms Script
application/x-javascript 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=e59e88e4ab&subid=&uid=cf417264fd4e5362&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Dm9YrXefTrXBwBheWjEW-RQ%26exch_seat%3D20035004448%26mt_aid%3D1773605637350963454%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D8e9863da-57ee-4a01-8e91-34c3cde913ed%26mt_cid%3D8e9863da-57ee-4a01-8e91-34c3cde913ed%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCtJ0z7VfaY6a9O_e1vPIP886BYM-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTQwNDk0NjA5NzMxODgyODDIAQmoAwGqBNABT9CO6P9ZgMv-Nu1jkmDw3-1bqJWFI_1QmcJboau-6ImC0WCXkQBEG02KnOiR1UjPmCFvKe877IsufHWerH6BOveAfJ4OKsBH3dA-thnsVLbf8cGq-CF8zbO5rzyruIfwyoB-s3lraJ8g-6dX7THqwEh4Jk01Fn_SeiZW1KSA-rsD3o_yczGk4spnqO8QI5fpE-94JE50zKLNOocyUQsEj1lKkdoT0iEnFkGGEt5I1uAVwvF4u5Wos0wtj3uls8Di2Cw1mjyRXwLOboq1LTUCD4AGyZH3mtnQr63UAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2XZiOSyA5fSf5nn7s5NTCv7kGMlg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4049460973188280%26output%3Dhtml%26h%3D280%26slotname%3D8759776057%26adk%3D2295884158%26adf%3D3620188380%26pi%3Dt.ma~as.8759776057%26w%3D360%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1675253741%26rafmt%3D1%26format%3D360x280%26url%3Dhttp%253A%252F%252Flegionfonts.com%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26dt%3D1675253741535%26bpp%3D1%26bdt%3D269%26idt%3D366%26shv%3Dr20230125%26mjsv%3Dm202301190101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1140x280%252C750x461%252C750x461%252C360x280%26correlator%3D8028008848254%26frm%3D20%26pv%3D1%26ga_vid%3D1562666858.1675253742%26ga_sid%3D1675253742%26ga_hid%3D2072381198%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26adx%3D1010%26ady%3D1956%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C31071811%26oid%3D2%26pvsid%3D697255621503209%26tmod%3D817463369%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D5%26uci%3Da!5%26btvi%3D4%26fsb%3D1%26xpc%3D3enEpMI86B%26p%3Dhttp%253A%2F%2Flegionfonts.com%26dtd%3D368&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Flegionfonts.com&random=4856608149040&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/h78o6ojw9z7r?subid=&rnd=1773605637350963454&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Dm9YrXefTrXBwBheWjEW-RQ%26exch_seat%3D20035004448%26mt_aid%3D1773605637350963454%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D8e9863da-57ee-4a01-8e91-34c3cde913ed%26mt_cid%3D8e9863da-57ee-4a01-8e91-34c3cde913ed%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCtJ0z7VfaY6a9O_e1vPIP886BYM-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTQwNDk0NjA5NzMxODgyODDIAQmoAwGqBNABT9CO6P9ZgMv-Nu1jkmDw3-1bqJWFI_1QmcJboau-6ImC0WCXkQBEG02KnOiR1UjPmCFvKe877IsufHWerH6BOveAfJ4OKsBH3dA-thnsVLbf8cGq-CF8zbO5rzyruIfwyoB-s3lraJ8g-6dX7THqwEh4Jk01Fn_SeiZW1KSA-rsD3o_yczGk4spnqO8QI5fpE-94JE50zKLNOocyUQsEj1lKkdoT0iEnFkGGEt5I1uAVwvF4u5Wos0wtj3uls8Di2Cw1mjyRXwLOboq1LTUCD4AGyZH3mtnQr63UAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2XZiOSyA5fSf5nn7s5NTCv7kGMlg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e8c73c5026dc95b713d71daccd03ab363b20d5bf4c42452a05da95fa21e6701b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Feb 2023 12:15:43 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 92883300089544500951407012222002
Connection: close
Content-Length: 1308
Expires: Wed, 01 Feb 2023 12:15:43 +0100

GET
H2 200 css2
fonts.googleapis.com/ Frame BC9A 4 KB
732 B 33ms
32ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 12:14:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Feb 2023 12:15:43 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame BC9A 205 B
518 B 22ms
21ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 09:31:18 GMT
x-content-type-options: nosniff
age: 9865
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 01 Feb 2024 09:31:18 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame BC9A 604 B
695 B 22ms
21ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 09:11:11 GMT
x-content-type-options: nosniff
age: 11072
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 01 Feb 2024 09:11:11 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/elements/html/ Frame BC9A 19 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

962b5a0b1058fb793fa137b948d5751e208b016bd67b27f886ba1b888e3ef9c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3204
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8248
x-xss-protection: 0
server: cafe
etag: 14490807653988091183
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 11:22:19 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 205C 2 KB
608 B 33ms
33ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 11:06:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Feb 2023 12:15:43 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 205C 2 KB
765 B 23ms
23ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 11:22:21 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/ Frame 205C 22 KB
9 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 11:22:21 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 205C 3 KB
1 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 09:35:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9630
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 09:35:13 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 205C 18 KB
7 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 14:59:02 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 205C 157 KB
48 KB 109ms
109ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 12:15:43 GMT

GET
H2 200 8aec859a266e19fb42fee7f82edeac28.js Show response
www.gstatic.com/mysidia/ Frame 205C 33 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6613
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14079
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 00:31:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 02 May 2023 10:25:30 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 1CCE 2 KB
608 B 33ms
32ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 10:58:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Feb 2023 12:15:43 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 1CCE 2 KB
765 B 23ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 11:22:21 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/ Frame 1CCE 22 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 11:22:21 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 1CCE 3 KB
1 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 09:35:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9630
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 09:35:13 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 1CCE 18 KB
7 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 14:59:02 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1CCE 157 KB
48 KB 181ms
181ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 12:15:43 GMT

GET
H2 200 8aec859a266e19fb42fee7f82edeac28.js Show response
www.gstatic.com/mysidia/ Frame 1CCE 33 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6613
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14079
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 00:31:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 02 May 2023 10:25:30 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/ Frame 87A6 71 KB
17 KB 24ms
23ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/index.html

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

325b46fb8bd98a3850eefa76dba4d87f274388f50c4dd3f070a8a651ef793e6d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 460984
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 17232
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 04:12:39 GMT
expires: Sat, 27 Jan 2024 04:12:39 GMT
last-modified: Wed, 24 Feb 2021 20:28:38 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 45AE 0
0 65ms
64ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C_RVw7VfaY73iPPflxtYP94eH0AjVzcbebqTwg6yqEL7WutSyKhABILj7shdglfrwgYwHoAH_24rIA8gBCagDAcgDSKoE3QFP0BQSh6LOLIL4al7ERDeoYd9ULFSt_IfdObsMavnUBNp3mq8A9Zme50gzPYQjCtiVkOcqsPqoHKL9kgZ7H--iNFdjZ7id_9U7NSwteLecSOYd0W3WTyvAyVg9BwZuWv_QkfOMomNlhWa8jvnsR-3yAkL89fp4PQiq5lcb4xuSb1d9USUZGwIwUwvxenBpyfPNgXPXlPSeIlKXV_ay2D733Qii5rV3JoOcNIrtgIeDEFKYLIOCfjzHd-mY-NnG9PhMZgE8EFp21RusCA6oLfSAu8WdfKPs70LhFbcpnsAEodOSyt0DkgUECAQYAZIFBAgFGASgBi6AB_DurKICqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQoqAJ0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwvQFQGAFwGyFxwKGggAEhRwdWItNDA0OTQ2MDk3MzE4ODI4MBgA&sigh=RUTPo0g0gps&uach_m=[UACH]&cid=CAQSGwDUE5ymLC-n8lxkkOgsNgtaaLSnHa5N7yY95BgB&template_id=419

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Feb 2023 12:15:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/ Frame 45AE 22 KB
9 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 11:22:21 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 1C85 8 KB
895 B 33ms
32ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 11:03:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Feb 2023 12:15:43 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 1C85 2 KB
765 B 22ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 11:22:21 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/ Frame 1C85 22 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 11:22:21 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 1C85 3 KB
1 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 09:35:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9630
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 09:35:13 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 1C85 18 KB
7 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 14:59:02 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1C85 157 KB
48 KB 123ms
123ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 12:15:43 GMT

GET
H3 200 8aec859a266e19fb42fee7f82edeac28.js Show response
www.gstatic.com/mysidia/ Frame 1C85 33 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6613
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14079
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 00:31:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 02 May 2023 10:25:30 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 87A6 16 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 16:41:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70427
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5660
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 01 Feb 2023 16:41:56 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 87A6 34 KB
13 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 19:53:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58955
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 01 Feb 2023 19:53:08 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D5A5 143 B
166 B 22ms
22ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 773
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:02:50 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 45AE 3 KB
1 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 09:35:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9630
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 09:35:13 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 45AE 18 KB
7 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 14:59:02 GMT

GET
H3 200 1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js Show response
pagead2.googlesyndication.com/bg/ Frame 87A6 36 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d54a3e19d60cf239b39137bd230f5a829c7d5c43a109ec28ff2f19acbeda1e1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 08:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13320
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14301
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 08:33:43 GMT

GET
H3 200 pointer.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/ Frame 87A6 3 KB
3 KB 25ms
23ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/pointer.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e4813004f9dd490d0c2a5e29573d379a14b2ece47e9df1372b9be4fc09976c3b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 27 Jan 2023 19:47:55 GMT
x-content-type-options: nosniff
age: 404868
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2647
x-xss-protection: 0
last-modified: Wed, 24 Feb 2021 20:28:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 27 Jan 2024 19:47:55 GMT

GET
H3 200 528-728X90-H_update-min.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/ Frame 87A6 10 KB
10 KB 28ms
25ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/528-728X90-H_update-min.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44878c9ae7dbadb3303d311fa164ca538e08a77576a214138620352a52c2c3f6

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Thu, 26 Jan 2023 14:45:43 GMT
x-content-type-options: nosniff
age: 509400
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9939
x-xss-protection: 0
last-modified: Wed, 24 Feb 2021 20:28:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 26 Jan 2024 14:45:43 GMT

GET
H3 200 528-728X90-H_text_03-min.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/ Frame 87A6 3 KB
3 KB 34ms
31ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/528-728X90-H_text_03-min.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2884ad89c377fc431ee90fe35a3794e8b6096492a8a0ccc0a8a72f96e17250a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Thu, 26 Jan 2023 16:21:53 GMT
x-content-type-options: nosniff
age: 503630
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2960
x-xss-protection: 0
last-modified: Wed, 24 Feb 2021 20:28:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 26 Jan 2024 16:21:53 GMT

GET
H3 200 528-728X90-H_text_02-min.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/ Frame 87A6 3 KB
3 KB 33ms
30ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/528-728X90-H_text_02-min.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

805cb3737cc5844df955c7412673cf95e54e2a292d8776d23feec56d975e7178

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sat, 28 Jan 2023 16:48:31 GMT
x-content-type-options: nosniff
age: 329232
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2994
x-xss-protection: 0
last-modified: Wed, 24 Feb 2021 20:28:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 28 Jan 2024 16:48:31 GMT

GET
H3 200 528-728X90-H_highlight-min.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/ Frame 87A6 400 B
433 B 36ms
33ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/528-728X90-H_highlight-min.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

244e2aa717b3224f20f156b326b34b67907ef83ed53067f034e4a68b25025ef4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sat, 28 Jan 2023 23:40:07 GMT
x-content-type-options: nosniff
age: 304536
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 400
x-xss-protection: 0
last-modified: Wed, 24 Feb 2021 20:28:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 28 Jan 2024 23:40:07 GMT

GET
H3 200 528-728X90-H_overlay-min.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/ Frame 87A6 5 KB
5 KB 35ms
31ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/528-728X90-H_overlay-min.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6764f4fa8ed566b5cab50068dc9538fcbafa0578e464bcf62c38e8ed5b9fa1a1

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sat, 28 Jan 2023 18:50:39 GMT
x-content-type-options: nosniff
age: 321904
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4854
x-xss-protection: 0
last-modified: Wed, 24 Feb 2021 20:28:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 28 Jan 2024 18:50:39 GMT

GET
H3 200 528-728X90-H_text_01-min.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/ Frame 87A6 4 KB
4 KB 34ms
30ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/528-728X90-H_text_01-min.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d927aa2e969b7d919de81968a2f48c9b51459a0a76946c036e4bc135732cf1a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 27 Jan 2023 11:50:42 GMT
x-content-type-options: nosniff
age: 433501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4211
x-xss-protection: 0
last-modified: Wed, 24 Feb 2021 20:28:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 27 Jan 2024 11:50:42 GMT

GET
H3 200 528-728X90-H_background-min.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/ Frame 87A6 4 KB
4 KB 34ms
31ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/528-728X90-H_background-min.jpg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cd722e5e57556cbb82d938bee5fbea6a0dafe83d40bfa9b55ebb1fff91e3879

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Tue, 31 Jan 2023 19:35:51 GMT
x-content-type-options: nosniff
age: 59992
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4004
x-xss-protection: 0
last-modified: Wed, 24 Feb 2021 20:28:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 31 Jan 2024 19:35:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 45AE 157 KB
48 KB 98ms
98ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 12:15:43 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D5A5
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

65ms
65ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:43 GMT
expires: Wed, 01 Feb 2023 12:15:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:43 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
adv.office-partner.de/ Frame 08AF 930 B
931 B 244ms
32ms Document
text/html 2a0b:4d07:401::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=f8778bb8b9&subid=&uid=ecdac8309aec7110&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D9gpOPMDkWLwFeSfvBQNJdA%26exch_seat%3D20035004448%26mt_aid%3D8691134666064488422%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_cid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCX8CC7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTQAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPxuMRs017fwvtAxIiAOwOTn3aGoczlayZ5x3lgJYvSK_iwsB7XUk8koWABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1zRNeAHnLfbwPickJzr0H-B9l-lg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4049460973188280%26output%3Dhtml%26h%3D280%26slotname%3D3927259650%26adk%3D1708141794%26adf%3D2682461192%26pi%3Dt.ma~as.3927259650%26w%3D360%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1675253741%26rafmt%3D1%26format%3D360x280%26url%3Dhttp%253A%252F%252Flegionfonts.com%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26dt%3D1675253741535%26bpp%3D1%26bdt%3D270%26idt%3D362%26shv%3Dr20230125%26mjsv%3Dm202301190101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1140x280%252C750x461%252C750x461%26correlator%3D8028008848254%26frm%3D20%26pv%3D1%26ga_vid%3D1562666858.1675253742%26ga_sid%3D1675253742%26ga_hid%3D2072381198%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26adx%3D1010%26ady%3D1636%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C31071811%26oid%3D2%26pvsid%3D697255621503209%26tmod%3D817463369%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26xpc%3DrCJDzYB28H%26p%3Dhttp%253A%2F%2Flegionfonts.com%26dtd%3D364&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Flegionfonts.com&random=5899533681099&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:401::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 01 Feb 2023 12:15:43 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 08 Feb 2023 12:15:43 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: atvi

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 03BB
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=63773300087986300951407012222014&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=63773300087986300951407012222014&actionid=981741&produktid=&dt_url=

0
628 B

127ms
36ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=63773300087986300951407012222014&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=f8778bb8b9&subid=&uid=ecdac8309aec7110&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D9gpOPMDkWLwFeSfvBQNJdA%26exch_seat%3D20035004448%26mt_aid%3D8691134666064488422%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_cid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCX8CC7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTQAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPxuMRs017fwvtAxIiAOwOTn3aGoczlayZ5x3lgJYvSK_iwsB7XUk8koWABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1zRNeAHnLfbwPickJzr0H-B9l-lg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4049460973188280%26output%3Dhtml%26h%3D280%26slotname%3D3927259650%26adk%3D1708141794%26adf%3D2682461192%26pi%3Dt.ma~as.3927259650%26w%3D360%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1675253741%26rafmt%3D1%26format%3D360x280%26url%3Dhttp%253A%252F%252Flegionfonts.com%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26dt%3D1675253741535%26bpp%3D1%26bdt%3D270%26idt%3D362%26shv%3Dr20230125%26mjsv%3Dm202301190101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1140x280%252C750x461%252C750x461%26correlator%3D8028008848254%26frm%3D20%26pv%3D1%26ga_vid%3D1562666858.1675253742%26ga_sid%3D1675253742%26ga_hid%3D2072381198%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26adx%3D1010%26ady%3D1636%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C31071811%26oid%3D2%26pvsid%3D697255621503209%26tmod%3D817463369%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26xpc%3DrCJDzYB28H%26p%3Dhttp%253A%2F%2Flegionfonts.com%26dtd%3D364&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Flegionfonts.com&random=5899533681099&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 12:15:42 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 01 Feb 2023 01:15:43 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Wed, 01 Feb 2023 12:15:43 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=63773300087986300951407012222014&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: D972D785:9BF8_91EFC182:01BB_63DA57EF_15514E7F:11271

GET
H2 200 link.html Show response
track.webgains.com/ Frame 73A9 2 KB
2 KB 223ms
105ms Script
text/html 18.168.165.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=63773300087986300951407012222014&nw=1
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.165.36 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-165-36.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 717334d3d69f2fe7e6776e356df1ef9d7d3d81920f2bea6f5b2ff891be702a28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:43 GMT
last-modified: Wed, 01 Feb 2023 12:15:43 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 01 Feb 2023 12:16:43 GMT

GET
H2

200

activityi;dc_pre=CMmImsKm9PwCFYVIHgIdyvEILw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4816599952758.065 Show response
5994599.fls.doubleclick.net/ Frame 8E1D
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4816599952758.065?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMmImsKm9PwCFYVIHgIdyvEILw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4816599952758.065?

391 B
284 B

67ms
66ms

Document
text/html

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CMmImsKm9PwCFYVIHgIdyvEILw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4816599952758.065?

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

838ff04508ae59aa4f281534118fa2b7699673f5eb6b4ecc3b7e4464a12e3676

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:43 GMT
expires: Wed, 01 Feb 2023 12:15:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:43 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMmImsKm9PwCFYVIHgIdyvEILw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4816599952758.065?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900014.redintelligence.net/ Frame 0E0F 7 KB
2 KB 80ms
27ms Document
text/html 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/request_content.php?s=63773300087986300951407012222014&a=305f86b5
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=f8778bb8b9&subid=&uid=ecdac8309aec7110&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D9gpOPMDkWLwFeSfvBQNJdA%26exch_seat%3D20035004448%26mt_aid%3D8691134666064488422%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_cid%3Dda2d63da-57ee-4a01-8447-34f9894525e3%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCX8CC7VfaY6CSO-udvPIPlZ2dgArPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi00MDQ5NDYwOTczMTg4MjgwyAEJqAMBqgTQAU_QgH38JLv4RJNKEHLkHq2woWRKggrVNVLlp2k0xwKkczbXgYXab502JGjNJ5Qf6zZT0nQyEWrdhv-XMSvDRLKlBxGeyb2Tqel8IuH-h1fHKrqhV5GEsYghv0PHeanKyttmyC_ZaCkMgUeW_JA7jg3JUTzDov7HYXni6z8DhFRC716GK531qzeN8_iw91CVx_yJFyjq706oODCS_5VZEFpyhOFw9cQPxuMRs017fwvtAxIiAOwOTn3aGoczlayZ5x3lgJYvSK_iwsB7XUk8koWABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1zRNeAHnLfbwPickJzr0H-B9l-lg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4049460973188280%26output%3Dhtml%26h%3D280%26slotname%3D3927259650%26adk%3D1708141794%26adf%3D2682461192%26pi%3Dt.ma~as.3927259650%26w%3D360%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1675253741%26rafmt%3D1%26format%3D360x280%26url%3Dhttp%253A%252F%252Flegionfonts.com%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26dt%3D1675253741535%26bpp%3D1%26bdt%3D270%26idt%3D362%26shv%3Dr20230125%26mjsv%3Dm202301190101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1140x280%252C750x461%252C750x461%26correlator%3D8028008848254%26frm%3D20%26pv%3D1%26ga_vid%3D1562666858.1675253742%26ga_sid%3D1675253742%26ga_hid%3D2072381198%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26adx%3D1010%26ady%3D1636%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C31071811%26oid%3D2%26pvsid%3D697255621503209%26tmod%3D817463369%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26xpc%3DrCJDzYB28H%26p%3Dhttp%253A%2F%2Flegionfonts.com%26dtd%3D364&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Flegionfonts.com&random=5899533681099&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: 38f042bdf7782b067c786820235b6929842e4197e9d0415a5eacc43f115fb0cc

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2088
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Feb 2023 12:15:43 GMT
Expires: Wed, 01 Feb 2023 12:15:43 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 73A9
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=63773300087986300951407012222014
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=63773300087986300951407012222014
https://ad-server.eu/wm/pb/native.png

68 B
312 B

263ms
46ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=3927259650&adk=1708141794&adf=2682461192&pi=t.ma~as.3927259650&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=270&idt=362&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1636&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=rCJDzYB28H&p=http%3A//legionfonts.com&dtd=364
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:18:37 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 01 Feb 2023 12:15:43 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: D972D785:9C1A_91EFC182:01BB_63DA57EF_1551711F:11270
X-IPLB-Instance: 40028
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 73A9 43 B
704 B 174ms
77ms Image
image/gif 104.96.132.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=63773300087986300951407012222014&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.96.132.42 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-96-132-42.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Feb 2023 12:15:43 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame 73A9 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 24d25ab31558470e56bc92bde9f40e903cad2957d3995b4661011b1d09308b1c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 45AE 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9cfd4d487b62ee6562620a4dc809441a29f6e4f04353d20642c56b55bd120e12

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
adv.office-partner.de/ Frame 57EF 930 B
930 B 193ms
34ms Document
text/html 2a0b:4d07:401::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=e59e88e4ab&subid=&uid=cf417264fd4e5362&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Dm9YrXefTrXBwBheWjEW-RQ%26exch_seat%3D20035004448%26mt_aid%3D1773605637350963454%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D8e9863da-57ee-4a01-8e91-34c3cde913ed%26mt_cid%3D8e9863da-57ee-4a01-8e91-34c3cde913ed%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCtJ0z7VfaY6a9O_e1vPIP886BYM-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTQwNDk0NjA5NzMxODgyODDIAQmoAwGqBNABT9CO6P9ZgMv-Nu1jkmDw3-1bqJWFI_1QmcJboau-6ImC0WCXkQBEG02KnOiR1UjPmCFvKe877IsufHWerH6BOveAfJ4OKsBH3dA-thnsVLbf8cGq-CF8zbO5rzyruIfwyoB-s3lraJ8g-6dX7THqwEh4Jk01Fn_SeiZW1KSA-rsD3o_yczGk4spnqO8QI5fpE-94JE50zKLNOocyUQsEj1lKkdoT0iEnFkGGEt5I1uAVwvF4u5Wos0wtj3uls8Di2Cw1mjyRXwLOboq1LTUCD4AGyZH3mtnQr63UAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2XZiOSyA5fSf5nn7s5NTCv7kGMlg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4049460973188280%26output%3Dhtml%26h%3D280%26slotname%3D8759776057%26adk%3D2295884158%26adf%3D3620188380%26pi%3Dt.ma~as.8759776057%26w%3D360%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1675253741%26rafmt%3D1%26format%3D360x280%26url%3Dhttp%253A%252F%252Flegionfonts.com%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26dt%3D1675253741535%26bpp%3D1%26bdt%3D269%26idt%3D366%26shv%3Dr20230125%26mjsv%3Dm202301190101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1140x280%252C750x461%252C750x461%252C360x280%26correlator%3D8028008848254%26frm%3D20%26pv%3D1%26ga_vid%3D1562666858.1675253742%26ga_sid%3D1675253742%26ga_hid%3D2072381198%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26adx%3D1010%26ady%3D1956%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C31071811%26oid%3D2%26pvsid%3D697255621503209%26tmod%3D817463369%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D5%26uci%3Da!5%26btvi%3D4%26fsb%3D1%26xpc%3D3enEpMI86B%26p%3Dhttp%253A%2F%2Flegionfonts.com%26dtd%3D368&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Flegionfonts.com&random=4856608149040&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:401::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 01 Feb 2023 12:15:43 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 08 Feb 2023 12:15:43 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: atvi

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 3DD4
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=92883300089544500951407012222002&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=92883300089544500951407012222002&actionid=981741&produktid=&dt_url=

0
201 B

68ms
37ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=92883300089544500951407012222002&actionid=981741&produktid=&dt_url=

Requested by

Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=e59e88e4ab&subid=&uid=cf417264fd4e5362&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Dm9YrXefTrXBwBheWjEW-RQ%26exch_seat%3D20035004448%26mt_aid%3D1773605637350963454%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D8e9863da-57ee-4a01-8e91-34c3cde913ed%26mt_cid%3D8e9863da-57ee-4a01-8e91-34c3cde913ed%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCtJ0z7VfaY6a9O_e1vPIP886BYM-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTQwNDk0NjA5NzMxODgyODDIAQmoAwGqBNABT9CO6P9ZgMv-Nu1jkmDw3-1bqJWFI_1QmcJboau-6ImC0WCXkQBEG02KnOiR1UjPmCFvKe877IsufHWerH6BOveAfJ4OKsBH3dA-thnsVLbf8cGq-CF8zbO5rzyruIfwyoB-s3lraJ8g-6dX7THqwEh4Jk01Fn_SeiZW1KSA-rsD3o_yczGk4spnqO8QI5fpE-94JE50zKLNOocyUQsEj1lKkdoT0iEnFkGGEt5I1uAVwvF4u5Wos0wtj3uls8Di2Cw1mjyRXwLOboq1LTUCD4AGyZH3mtnQr63UAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2XZiOSyA5fSf5nn7s5NTCv7kGMlg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4049460973188280%26output%3Dhtml%26h%3D280%26slotname%3D8759776057%26adk%3D2295884158%26adf%3D3620188380%26pi%3Dt.ma~as.8759776057%26w%3D360%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1675253741%26rafmt%3D1%26format%3D360x280%26url%3Dhttp%253A%252F%252Flegionfonts.com%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26dt%3D1675253741535%26bpp%3D1%26bdt%3D269%26idt%3D366%26shv%3Dr20230125%26mjsv%3Dm202301190101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1140x280%252C750x461%252C750x461%252C360x280%26correlator%3D8028008848254%26frm%3D20%26pv%3D1%26ga_vid%3D1562666858.1675253742%26ga_sid%3D1675253742%26ga_hid%3D2072381198%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26adx%3D1010%26ady%3D1956%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C31071811%26oid%3D2%26pvsid%3D697255621503209%26tmod%3D817463369%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D5%26uci%3Da!5%26btvi%3D4%26fsb%3D1%26xpc%3D3enEpMI86B%26p%3Dhttp%253A%2F%2Flegionfonts.com%26dtd%3D368&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Flegionfonts.com&random=4856608149040&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 12:15:42 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 01 Feb 2023 01:15:43 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Wed, 01 Feb 2023 12:15:43 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=92883300089544500951407012222002&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: D972D785:9C08_91EFC182:01BB_63DA57EF_15517112:11270

GET
H2 200 link.html Show response
track.webgains.com/ Frame F9DC 2 KB
2 KB 155ms
90ms Script
text/html 18.168.165.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=92883300089544500951407012222002&nw=1
Requested by: Host: legionfonts.com
URL: http://legionfonts.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.165.36 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-165-36.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: eca4629e7802b3bc51a185d6db38d8a771bfd32b0f2755fff48cb9a1b0880c3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:43 GMT
last-modified: Wed, 01 Feb 2023 12:15:43 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 01 Feb 2023 12:16:43 GMT

GET
H2

200

activityi;dc_pre=CNaLmsKm9PwCFTNWwgodlBYO0Q;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3001110567332.6523 Show response
5994599.fls.doubleclick.net/ Frame 2F29
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3001110567332.6523?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CNaLmsKm9PwCFTNWwgodlBYO0Q;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3001110567332.6523?

392 B
327 B

67ms
65ms

Document
text/html

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CNaLmsKm9PwCFTNWwgodlBYO0Q;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3001110567332.6523?

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

42ae7211c7306983827cb41ba951aea7b059b1f3baa405a380c0b09c61b8ad8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 218
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:43 GMT
expires: Wed, 01 Feb 2023 12:15:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:43 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNaLmsKm9PwCFTNWwgodlBYO0Q;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3001110567332.6523?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90002.redintelligence.net/ Frame 6C1F 7 KB
2 KB 80ms
28ms Document
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request_content.php?s=92883300089544500951407012222002&a=a3a6ddda
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=e59e88e4ab&subid=&uid=cf417264fd4e5362&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Dm9YrXefTrXBwBheWjEW-RQ%26exch_seat%3D20035004448%26mt_aid%3D1773605637350963454%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D8e9863da-57ee-4a01-8e91-34c3cde913ed%26mt_cid%3D8e9863da-57ee-4a01-8e91-34c3cde913ed%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCtJ0z7VfaY6a9O_e1vPIP886BYM-HjptcwIbZgsYCwI23ARABIABglfrwgYwHggEXY2EtcHViLTQwNDk0NjA5NzMxODgyODDIAQmoAwGqBNABT9CO6P9ZgMv-Nu1jkmDw3-1bqJWFI_1QmcJboau-6ImC0WCXkQBEG02KnOiR1UjPmCFvKe877IsufHWerH6BOveAfJ4OKsBH3dA-thnsVLbf8cGq-CF8zbO5rzyruIfwyoB-s3lraJ8g-6dX7THqwEh4Jk01Fn_SeiZW1KSA-rsD3o_yczGk4spnqO8QI5fpE-94JE50zKLNOocyUQsEj1lKkdoT0iEnFkGGEt5I1uAVwvF4u5Wos0wtj3uls8Di2Cw1mjyRXwLOboq1LTUCD4AGyZH3mtnQr63UAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2XZiOSyA5fSf5nn7s5NTCv7kGMlg%2526client%253Dca-pub-4049460973188280%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4049460973188280%26output%3Dhtml%26h%3D280%26slotname%3D8759776057%26adk%3D2295884158%26adf%3D3620188380%26pi%3Dt.ma~as.8759776057%26w%3D360%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1675253741%26rafmt%3D1%26format%3D360x280%26url%3Dhttp%253A%252F%252Flegionfonts.com%252F%26fwr%3D0%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26dt%3D1675253741535%26bpp%3D1%26bdt%3D269%26idt%3D366%26shv%3Dr20230125%26mjsv%3Dm202301190101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1140x280%252C750x461%252C750x461%252C360x280%26correlator%3D8028008848254%26frm%3D20%26pv%3D1%26ga_vid%3D1562666858.1675253742%26ga_sid%3D1675253742%26ga_hid%3D2072381198%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26adx%3D1010%26ady%3D1956%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C31071811%26oid%3D2%26pvsid%3D697255621503209%26tmod%3D817463369%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D5%26uci%3Da!5%26btvi%3D4%26fsb%3D1%26xpc%3D3enEpMI86B%26p%3Dhttp%253A%2F%2Flegionfonts.com%26dtd%3D368&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Flegionfonts.com&random=4856608149040&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 6d62fbfe5a895bb0d453441815bf668a448d4492cde9d761af2a6213a32dfbe8

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2079
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Feb 2023 12:15:43 GMT
Expires: Wed, 01 Feb 2023 12:15:43 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame F9DC
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=92883300089544500951407012222002
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=92883300089544500951407012222002
https://ad-server.eu/wm/pb/native.png

68 B
312 B

263ms
46ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=2295884158&adf=3620188380&pi=t.ma~as.8759776057&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=269&idt=366&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461%2C360x280&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1956&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3enEpMI86B&p=http%3A//legionfonts.com&dtd=368
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:18:37 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 01 Feb 2023 12:15:43 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: D972D785:9BF8_91EFC182:01BB_63DA57EF_15514E97:11271
X-IPLB-Instance: 40028
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame F9DC 43 B
704 B 141ms
75ms Image
image/gif 104.96.132.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=92883300089544500951407012222002&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.96.132.42 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-96-132-42.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Feb 2023 12:15:43 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame F9DC 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62f9dddc1da5fea709c9f017536f84a0158d7f957a956fe9bf98e606163a9c40

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 205C 20 KB
20 KB 146ms
35ms Image
image/jpeg 2a00:1450:400d:80c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcTlzVn6YZ9K29ttRqZVODCn8YlSEhq1FWdcPygg9BzVlFbVeMyUy9rd1gdnuMI&usqp=CAI

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd544bff463b7851d652b35adc0eb2b894bcd097b0977b0985b56f961b5f69da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 12:19:51 GMT
x-content-type-options: nosniff
age: 172552
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20337
x-xss-protection: 0
last-modified: Sat, 14 Jan 2023 17:07:34 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 30 Jan 2024 12:19:51 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 205C 18 KB
19 KB 151ms
36ms Image
image/jpeg 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTdr1nMpVqoSnMKnljJmhc0_lN8hdqXClQAwSXWm0s_eohouMPkl25s7IrqkLQ&usqp=CAI

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87d14082b3b62d09c10d8e9f5fb924749ea75a3fafb18f960224de4e479d377e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 23:43:00 GMT
x-content-type-options: nosniff
age: 563563
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18893
x-xss-protection: 0
last-modified: Tue, 14 Dec 2021 11:05:21 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 25 Jan 2024 23:43:00 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 205C 4 KB
5 KB 152ms
37ms Image
image/png 2a00:1450:400d:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQiToqqAir250p3R1RziKceZvb_ZgGlzYYsUXSz5QKC0LGi4oW6&usqp=CAI

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07ea9ff2314298989a32ad696ce6c1a839a1e3f149ab0811b94d234c5f6127dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 15:42:50 GMT
x-content-type-options: nosniff
age: 505973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4150
x-xss-protection: 0
last-modified: Mon, 27 Aug 2018 03:29:06 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 26 Jan 2024 15:42:50 GMT

GET
DATA 200
OK truncated
/ Frame 205C 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6efd39892302350dcefafe1b1a0fd686a694c3e05546c33f995307ebebc7d498

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 0E0F 4 KB
651 B 31ms
31ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=63773300087986300951407012222014&a=305f86b5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 11:00:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Feb 2023 12:15:43 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 0E0F 16 KB
16 KB 86ms
31ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=63773300087986300951407012222014&a=305f86b5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d7877ddaf442b34fe0260f77d9198184ab2e9cb3c340dbf6a01d0a6c3c739d0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:43 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16551
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 0E0F 16 KB
16 KB 82ms
28ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=63773300087986300951407012222014&a=305f86b5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 860a3602a0c3f2d16fc1059db8f28a9d521bcc510ac9ddfdfd6842857470b7ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:43 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16268
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 0E0F 11 KB
11 KB 87ms
29ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=63773300087986300951407012222014&a=305f86b5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e78372d7515a4f8e5a77b672d5fbf1beecdde99b69700bcf5894716cd909c57c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:43 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10955
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js Show response
pagead2.googlesyndication.com/bg/ Frame 6347 36 KB
14 KB 36ms
35ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d54a3e19d60cf239b39137bd230f5a829c7d5c43a109ec28ff2f19acbeda1e1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 08:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13320
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14301
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 08:33:43 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 205C 0
18 B 63ms
62ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CoLAC7VfaY7viPPflxtYP94eH0AiBrIXebojvoN2JEZOXvKWONxABILj7shdglfrwgYwHoAHukdPNA8gBCakC8YTvs0RBsj6oAwHIA8sEqgTdAU_QBatCmaWTqWt1nRdo4jI9I7eHnaUD2ci51FFZ_CaYrf-aro-xFrEd1q19AxlT1R6SHyAfFrOfn1WmcIynYjIGJ2qXOolS-5eS0YMACwcTn3hEhpb48MPJxiAA8zdcCqmN3bqCkK9Z1QtvXgIzHGkJEktVKStJNRJD5KHAOPyHXF_wi3rMK426z7yOFkkiGQrnAT16qTX7SDT1uim4hIqZ2WFFq_x6jbG7wtKHMEeSGiXt2PC6kCwPuIzEkOvL5RCSD96N8uVPhnLvodhxTM58VXBjIu_MHr8Zq-g5wATexoq1kQSSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH1tuGzQOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwQQwvIH0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwvQFQGAFwGyFxwKGggAEhRwdWItNDA0OTQ2MDk3MzE4ODI4MBgA&sigh=05W8oNkrHjE&uach_m=[UACH]&cid=CAQSGwDUE5ymLC-n8lxkkOgsNgtaaLSnHa5N7yY95BgB&template_id=494&vis=1

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Feb 2023 12:15:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 6C1F 4 KB
651 B 32ms
32ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=92883300089544500951407012222002&a=a3a6ddda

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 11:08:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Feb 2023 12:15:43 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6C1F 16 KB
16 KB 88ms
29ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=92883300089544500951407012222002&a=a3a6ddda
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d7877ddaf442b34fe0260f77d9198184ab2e9cb3c340dbf6a01d0a6c3c739d0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:43 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16551
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6C1F 16 KB
16 KB 82ms
28ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=92883300089544500951407012222002&a=a3a6ddda
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 860a3602a0c3f2d16fc1059db8f28a9d521bcc510ac9ddfdfd6842857470b7ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:43 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16268
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6C1F 11 KB
11 KB 85ms
28ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=92883300089544500951407012222002&a=a3a6ddda
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e78372d7515a4f8e5a77b672d5fbf1beecdde99b69700bcf5894716cd909c57c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:43 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10955
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 dc_pre=CNaLmsKm9PwCFTNWwgodlBYO0Q;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3001110567332.6523
adservice.google.com/ddm/fls/z/ Frame 2F29 42 B
63 B 70ms
70ms Image
image/gif 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNaLmsKm9PwCFTNWwgodlBYO0Q;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3001110567332.6523

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNaLmsKm9PwCFTNWwgodlBYO0Q;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3001110567332.6523?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 12:15:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_pre=CMmImsKm9PwCFYVIHgIdyvEILw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4816599952758.065
adservice.google.com/ddm/fls/z/ Frame 8E1D 42 B
63 B 70ms
70ms Image
image/gif 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMmImsKm9PwCFYVIHgIdyvEILw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4816599952758.065

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMmImsKm9PwCFYVIHgIdyvEILw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4816599952758.065?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 12:15:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js Show response
pagead2.googlesyndication.com/bg/ Frame F934 36 KB
14 KB 36ms
35ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d54a3e19d60cf239b39137bd230f5a829c7d5c43a109ec28ff2f19acbeda1e1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 08:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13320
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14301
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 08:33:43 GMT

GET
H/1.1 200
OK viewability Show response
hal900014.redintelligence.net/ Frame 0E0F 0
150 B 84ms
29ms Script
text/html 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/viewability?s=63773300087986300951407012222014&a=a7799411&vb=m
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=63773300087986300951407012222014&a=305f86b5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/request_content.php?s=63773300087986300951407012222014&a=305f86b5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:43 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 1CCE 18 KB
19 KB 37ms
36ms Image
image/jpeg 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTdr1nMpVqoSnMKnljJmhc0_lN8hdqXClQAwSXWm0s_eohouMPkl25s7IrqkLQ&usqp=CAI

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87d14082b3b62d09c10d8e9f5fb924749ea75a3fafb18f960224de4e479d377e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 23:43:00 GMT
x-content-type-options: nosniff
age: 563563
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18893
x-xss-protection: 0
last-modified: Tue, 14 Dec 2021 11:05:21 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 25 Jan 2024 23:43:00 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 1CCE 20 KB
20 KB 35ms
34ms Image
image/jpeg 2a00:1450:400d:80c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcTlzVn6YZ9K29ttRqZVODCn8YlSEhq1FWdcPygg9BzVlFbVeMyUy9rd1gdnuMI&usqp=CAI

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd544bff463b7851d652b35adc0eb2b894bcd097b0977b0985b56f961b5f69da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 12:19:51 GMT
x-content-type-options: nosniff
age: 172552
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20337
x-xss-protection: 0
last-modified: Sat, 14 Jan 2023 17:07:34 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 30 Jan 2024 12:19:51 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 1CCE 4 KB
4 KB 37ms
36ms Image
image/png 2a00:1450:400d:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQiToqqAir250p3R1RziKceZvb_ZgGlzYYsUXSz5QKC0LGi4oW6&usqp=CAI

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07ea9ff2314298989a32ad696ce6c1a839a1e3f149ab0811b94d234c5f6127dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 15:42:50 GMT
x-content-type-options: nosniff
age: 505973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4150
x-xss-protection: 0
last-modified: Mon, 27 Aug 2018 03:29:06 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 26 Jan 2024 15:42:50 GMT

GET
DATA 200
OK truncated
/ Frame 1CCE 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 875e587be1fa979840b150c264f34e7d53780a758cea975601d21258268c5307

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal90002.redintelligence.net/ Frame 6C1F 0
150 B 79ms
27ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/viewability?s=92883300089544500951407012222002&a=69155eae&vb=m
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=92883300089544500951407012222002&a=a3a6ddda
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/request_content.php?s=92883300089544500951407012222002&a=a3a6ddda
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 12:15:43 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js Show response
pagead2.googlesyndication.com/bg/ Frame 9BAA 36 KB
14 KB 36ms
35ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d54a3e19d60cf239b39137bd230f5a829c7d5c43a109ec28ff2f19acbeda1e1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 08:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13320
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14301
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 08:33:43 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 08AF 103 KB
40 KB 153ms
57ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

87a3ebaba5c9437a0c7819ac7eeb3fa8f401c9c0a9b0c67a73227dfe2b065a53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40686
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 01 Feb 2023 12:15:43 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 57EF 103 KB
40 KB 158ms
102ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fef2ae2f411211aeed1c8f431f758c2d0b0f646860748b7724ff742c5ad83112

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40687
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 01 Feb 2023 12:15:43 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1CCE 0
18 B 66ms
65ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=ChFwU7VfaY7ziPPflxtYP94eH0AiBrIXebojvoN2JEZOXvKWONxABILj7shdglfrwgYwHoAHukdPNA8gBCakC8YTvs0RBsj6oAwHIA8sEqgTdAU_QAJuusam_r6CHTEvTEkAbf5DcxeJZBHWgbqnBGEt3Sp7HAXVSPVuT-KHcyLOxeVK5v22LHqBlpev0xHNBxak62nhQCEn4LbWyrJ4BWQTbYUbDYPrAa6EjV0r7JwP73_kvJGDpVcsGEqWyA8dcysOutXMdUtJfN9aGB8A7byAS9ooODcn2YRTjuG5nOY6MVz25g2iJwf_qOcgewVoIwJ2FSb3dzWl_SAHaGzXaRrlzmOK01x5rAO5G2ZqHZsutgrAB9qWfq3GkpT-5tAQfs52xlYDTZSxPwTEXLo3JwATexoq1kQSSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH1tuGzQOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwQQtJwJ0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwvQFQGAFwGyFxwKGggAEhRwdWItNDA0OTQ2MDk3MzE4ODI4MBgA&sigh=Ixl4uA2qoqw&uach_m=[UACH]&cid=CAQSGwDUE5ymLC-n8lxkkOgsNgtaaLSnHa5N7yY95BgB&template_id=494&vis=1

Requested by

Host: legionfonts.com
URL: http://legionfonts.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Feb 2023 12:15:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame F9DC 85 KB
31 KB 135ms
32ms Script
application/javascript 52.222.139.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=92883300089544500951407012222002&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-62.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f031d0330fa0902ad02a7158a8b4aa01cefacc0f4743ab7b78f4ed517723d130

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 00:59:04 GMT
content-encoding: gzip
via: 1.1 b2bc712713f500af8be071fa65fa924c.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 10:53:01 GMT
server: AmazonS3
x-amz-cf-pop: AMS50-C1
age: 40599
etag: W/"0d5045593d14c9612a5d5576928a5209"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: jNCV36R2l8HgHBHc05HJN128rDp0EXArAg08xk3mh7qbbqvRsaOP0w==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame F9DC 3 KB
3 KB 128ms
33ms Image
image/png 18.66.15.61
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1675254043&Signature=WJmql2d2XQqEBM0ZjILNYGaByvtvr9970PTggHrsVu82x13z-jCIjlHvFeAuCmiYg0INcz4BdsaLNZDC9WswtT0TgQTlYD20GyKav-qeEikeHjvtZ7TA91VbYgvAQiUSYV1v6JphZ6pM2Afuv8ZqOSmTvrFqOZdEBGru-S4hq~PKB7wRqwOuGiA-6GRhKLqJg34NMhoRblSJpce8zlE8Qfp5dWwdoh~Z5RMGalcHUzZO5gWaVQKy7jnw44HSDvnISwmaOw8XePABru-0lcqy7nBYHH5URO1p2gGTyZWaFnEIyeCElV1y2leKMcXn5I4J8Qzim25EerGykQeVVBivPA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=8759776057&adk=2295884158&adf=3620188380&pi=t.ma~as.8759776057&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=269&idt=366&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461%2C360x280&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1956&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3enEpMI86B&p=http%3A//legionfonts.com&dtd=368
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.15.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-15-61.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 01 Feb 2023 04:01:38 GMT
via: 1.1 92835d2f5794bba6bff3a83645bbf4c4.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-P1
age: 29692
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: RIvxXLqoF-wwBLhoRXPEcTPUJhFtflE4d8IsTn6in-_flHRQHqe-Kg==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 73A9 85 KB
31 KB 158ms
56ms Script
application/javascript 52.222.139.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=63773300087986300951407012222014&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-62.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f031d0330fa0902ad02a7158a8b4aa01cefacc0f4743ab7b78f4ed517723d130

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 00:59:04 GMT
content-encoding: gzip
via: 1.1 b2bc712713f500af8be071fa65fa924c.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 10:53:01 GMT
server: AmazonS3
x-amz-cf-pop: AMS50-C1
age: 40599
etag: W/"0d5045593d14c9612a5d5576928a5209"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: NVabdqcTgQ79n_6Fo1oE7z-g2QIFX1vtoLxIc7deghSQsJGMLLjcNQ==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 73A9 3 KB
3 KB 128ms
34ms Image
image/png 18.66.15.61
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1675254043&Signature=gmlca3keC0acNAxxHRBb5S8R8HwTcXYY2EL2nnZ2cNBBlv4UluK9N0MMpjgYJBpqZXUEnh36AQRYn1xq0vsKYTH-3pAZYlNr5mv91XVhTzS3Xvw8ksJoqWZtfVtRTOMgm~mMNmGwuVeLHsyHpJQT5xiHKmQOuYVgQzCXaL-ClRuWste3-COgzqQkdTvBmZMOJ8S6nic8pjrlBZ7G1sZLzaiXdGT5WhTah9x5XhlAXc0ybgq0fJ1zzgIuv0gfZTGAZfYG9XtZBJVME5aJ3TCxBZxWocmbJQIJUg72Nh7IhrFvusCUz5BYGCKoCNLSRs9bCbsAsXIxPZJ-R0B7tUfskg__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4049460973188280&output=html&h=280&slotname=3927259650&adk=1708141794&adf=2682461192&pi=t.ma~as.3927259650&w=360&fwrn=4&fwrnh=100&lmt=1675253741&rafmt=1&format=360x280&url=http%3A%2F%2Flegionfonts.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1675253741535&bpp=1&bdt=270&idt=362&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=1140x280%2C750x461%2C750x461&correlator=8028008848254&frm=20&pv=1&ga_vid=1562666858.1675253742&ga_sid=1675253742&ga_hid=2072381198&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1010&ady=1636&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071811&oid=2&pvsid=697255621503209&tmod=817463369&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=rCJDzYB28H&p=http%3A//legionfonts.com&dtd=364
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.15.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-15-61.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 01 Feb 2023 04:54:21 GMT
via: 1.1 92835d2f5794bba6bff3a83645bbf4c4.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-P1
age: 26556
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: CWXnoKYbDktDiA89ycrk8ciaof7Ywbb-HSvkeozc_NSpieuepkXd1A==

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 0E0F 13 KB
13 KB 27ms
26ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900014.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 20:53:36 GMT
x-content-type-options: nosniff
age: 314527
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Jan 2024 20:53:36 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 0E0F 13 KB
13 KB 24ms
23ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900014.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 07:47:19 GMT
x-content-type-options: nosniff
age: 361704
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Jan 2024 07:47:19 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 6C1F 13 KB
13 KB 22ms
21ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90002.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 20:53:36 GMT
x-content-type-options: nosniff
age: 314527
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Jan 2024 20:53:36 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 6C1F 13 KB
13 KB 29ms
29ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90002.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 07:47:19 GMT
x-content-type-options: nosniff
age: 361704
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Jan 2024 07:47:19 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 153ms
82ms XHR
application/json 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230125&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

179bdda4008e8bf51a78594a8f9e49d0b6e28498268fd86df2a6e537e35e252b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11275
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3F3F 42 B
64 B 70ms
70ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuvSdEdRN9g9FKpXEFCHIhBQpuP5AOfffGi6eBFLSMJ2KVj3zjlMslwoBYO97meWgEibDj4opN8pizO9LwWX9wQf7N8yFhfmvHPf9lJgmTiiXIPPFc-LTRax8B7OrR05Ku2ae2vdg&sai=AMfl-YShhjBu9vT6ZxuYuFV-4_AISMpMbTEkcf3GDcEyswkFaCYJkOkbDNeuEgRhzhhcxfspK_G0T0QTHbPe&sig=Cg0ArKJSzGWjvCRpXmAUEAE&cid=CAQSGwDUE5ymzfi0lIVzJFQXDzaZjhNcriPgo_7QIBgB&id=lidar2&mcvt=1000&p=0,0,280,1140&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230130&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=639621840&rs=2&la=1&cr=0&vs=4&r=v&rst=1675253741881&rpt=943&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 12:15:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 12:15:43 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8780 13 KB
5 KB 24ms
23ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://legionfonts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3204
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 11:22:19 GMT
expires: Thu, 01 Feb 2024 11:22:19 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 436C 783 B
534 B 31ms
31ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

afb783bda33be0d155bbb2fb5ce642874ce17e9d9eb9abc03aba888796a44d43

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4Zodp3lNB43kparAGPFhSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://legionfonts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-4Zodp3lNB43kparAGPFhSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 12:15:43 GMT
expires: Wed, 01 Feb 2023 12:15:43 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 436C 0
0 68ms
68ms Image
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230125&jk=697255621503209&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 200 1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js Show response
pagead2.googlesyndication.com/bg/ Frame 8780 36 KB
14 KB 37ms
37ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1Uo-GdYM8jmzkTe9Iw9agpx9XEOhCewo_y8ZrL7aHhw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d54a3e19d60cf239b39137bd230f5a829c7d5c43a109ec28ff2f19acbeda1e1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 08:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13321
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14301
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 08:33:43 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8780 0
12 B 23ms
22ms Image
text/plain 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?MRjAcw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 12:15:44 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 205C 42 B
64 B 69ms
69ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuw8Jso9RBUdRq3ANrwUNEE5Q7TEMl7LiFqMOVR5bRdV6en4_-hbCE6Muqe1WJ8V1RL21Hy4rMqoDSjY_egJpOmxEm8YbWrcEjDEwvUpNIQ986mrAlgm7cs9v8LyRDuoTkK6_CvDQ&sai=AMfl-YQgb3IiOsDG13ixMgUmNg_f44ALM9kI0jnr8NioNU-HM1-rLzHMTMOfDoBhHucQV-jqRzx4wCJyPuYr&sig=Cg0ArKJSzOo0h6H06biXEAE&cid=CAQSGwDUE5ymLC-n8lxkkOgsNgtaaLSnHa5N7yY95BgB&id=lidar2&mcvt=1082&p=0,0,500,180&mtos=1082,1082,1082,1082,1082&tos=1082,0,0,0,0&v=20230130&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271803&rs=2&la=0&cr=0&vs=4&r=v&rst=1675253742975&rpt=302&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 12:15:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 45AE 42 B
64 B 70ms
70ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstjbE6fetIvqypIBP4m99IFNugfHXg4T4gDlmyJ8pB3XDIFR7bW1qWauvhbJKMj_GK7xAlc1CLtTIaL5R20GxTZag6rngUxBj7qr8lAiRbYVfEJKQvcbm-RYuFW7-LVUy-VqY9iSw&sai=AMfl-YRMArl6AvRqfg0-3Wxr-JTU7EObhKq6sbNqZAXKMfi9BM1slxNcSs1ZfrLyLP6xVaXOE-ngczHJu_po&sig=Cg0ArKJSzM8_IFBMWZy7EAE&cid=CAQSGwDUE5ymLC-n8lxkkOgsNgtaaLSnHa5N7yY95BgB&id=lidar2&mcvt=1027&p=0,1,124.25,1006&mtos=0,824,1027,1092,1092&tos=0,824,203,65,0&v=20230130&bin=7&avms=nio&bs=0,0&mc=0.76&if=1&vu=1&app=0&itpl=2&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1675253742979&rpt=373&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 12:15:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 73A9 16 B
232 B 91ms
91ms Fetch
application/json 3.9.112.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.9.112.14 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-112-14.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 01 Feb 2023 12:15:44 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 158ms
36ms Preflight 3.9.112.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.112.14 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-112-14.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 01 Feb 2023 12:15:44 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame F9DC 16 B
232 B 87ms
87ms Fetch
application/json 3.9.112.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.9.112.14 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-112-14.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 01 Feb 2023 12:15:44 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 146ms
35ms Preflight 3.9.112.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.112.14 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-112-14.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 01 Feb 2023 12:15:44 GMT
server: nginx

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1CCE 42 B
64 B 69ms
69ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssu2LDQO8RGCrvUVF9PgEeYCO9uie8PHzarxRQYU2I4MhjqTkYmCPXhZiw6HGvU30upILTEBsmZ8Ecw8d82XJCeKH1DqFH1y1zCoUzzkLOGZg-NiSQBDFLxakpA9GjMunbxWpdmWQ&sai=AMfl-YTS2CHHcl4SmZxic5prhPeh3RIfYYVi9I7jpX0GINhfcz7H4cWh4BWnWJ2HmSgbm9H912uP8siJE_sH&sig=Cg0ArKJSzP63rp3yKRm8EAE&cid=CAQSGwDUE5ymLC-n8lxkkOgsNgtaaLSnHa5N7yY95BgB&id=lidar2&mcvt=1000&p=0,0,500,180&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230130&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271804&rs=2&la=0&cr=0&vs=4&r=v&rst=1675253742977&rpt=475&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 12:15:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 108ms
108ms Image
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230125&jk=697255621503209&bg=!Y2ClYCTNAAbFy4Ck5cs7ACkAdvg8Wr74vsqtXEH11IkqNnmQusMRty1sPCDu1inkFgRbR4yN6GXF1QIAAABYUgAAAAJoAQeZAqj8kbx-L-PTL5BxFh1Z1cQYbCHdCcikxjybgmYgRAr837xnHpL18s6i6chshQgAPABe5F3mJQ5CIDl8suZ9it1MyLvOURRnJSHLj2uqa9pihHQoAO4ZWZ4X-3SAhz84ds7YFhHBRW2oicpcJ2J8ZdhdMdz6dwzwoe3wrgsr-YUhQcg4K59v8S65lvxVVyg9fhIXd5u3nq1WSjNz7rTk8qO24Wi1tq9Enyb7iSH3o74o2193OXFBOClX7_DbICe2ypE-5NJMdRM5k1EcUloxB7E9RDRTAGfODhRknSODVCecTk30pRhtZqaxgKpNRnxE6-2_UVd1_wFIz0m7JwbwnoHNPvsYd6LBSyUuf9LS-VsL-SX-vyethk67bRTF4UAdwmNtpo4P29f_PHcxr13ZSNXiBYUi4gH1X5I7coTBMhWGfjeNk3uP6Sm6VzumXrtk5aJngEcquFt8lPziB7C124epID24sG2kXviJ2rx-7RtXDmSO7CSm_WJ4Q9Q2rWm0hCmEpLZQlvynGV3507tIlGaHpFJFzBh8pG6SboGpJaeyX2FGKnuT6oLCEoV61Xbxmb74lLKCIJUvnmnv0AA8-SDof2GO1BMzL7me95PYarG2csz1GcUWlPDr7AGRFd0iiKpsiAsYiCSYjGrGqIPAoAHOaWgnF--yC0ZpfAB-9DkIQQJzH50PpN_eZg_2RDuB1YNQVPNQkoDMAYRULaiRW6Vm-YYsxEMJpRIk5B5H-CmvU6mA6cc9xZnPwR-bKFyznrzd03iH-hfVJwzXHd7VtNv69WXw8IsmMgG66MJk6FdN3gu9tzW8XyVzQq3SC7B08jdX7YvzFsqoxs-NZMb3w7exsdyZ95gY_8_tIypkLDFVG4rDm81bdZ6q-l1yfL1IQZxIjLTjHd4TCw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://legionfonts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.legionfonts.com/	1970-01-20 18:56:53	Name: _ga Value: GA1.2.1562666858.1675253742
.legionfonts.com/	1970-01-20 09:22:20	Name: _gid Value: GA1.2.554991047.1675253742
.legionfonts.com/	1970-01-20 09:20:53	Name: _gat Value: 1
.legionfonts.com/	1970-01-20 18:06:29	Name: _ym_uid Value: 1675253742700874964
.legionfonts.com/	1970-01-20 18:06:29	Name: _ym_d Value: 1675253742
.mc.yandex.com/	1970-01-20 09:20:54	Name: sync_cookie_csrf Value: 2412088332fake
.legionfonts.com/	1970-01-20 09:22:05	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-20 09:20:54	Name: sync_cookie_csrf Value: 4289892766fake
.legionfonts.com/	1970-01-20 18:42:29	Name: __gads Value: ID=5d291a1afd6087c5-223ab2017edb0062:T=1675253742:RT=1675253742:S=ALNI_MYNBO7q3RK65v46DJRifef76En6MA
.legionfonts.com/	1970-01-20 18:42:29	Name: __gpi Value: UID=00000bad5d460479:T=1675253742:RT=1675253742:S=ALNI_MZNYPktV935UKAr9S684RMLqZykWw
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 766293951675253742
.yandex.com/	1970-01-20 18:56:53	Name: i Value: YM4dz96c6QwoKBUsC9IboFkbnYG1nI32J7/qC5sspZGFvW+EtpjBSI4uYBf+YWEjOTM7/E33R0v0Enp2uGxcUresvNE=
.yandex.com/	1970-01-20 18:06:29	Name: yandexuid Value: 9680268871675253742
.yandex.com/	1970-01-20 18:06:29	Name: yuidss Value: 9680268871675253742
.yandex.com/	1970-01-20 18:06:29	Name: ymex Value: 1706789742.yc.1675253742#1706789742.yrts.1675253742#1706789742.yrtsi.1675253742
.doubleclick.net/	1970-01-20 18:42:29	Name: IDE Value: AHWqTUmC5ASWLj0NLnJXGbve-uhXRjFGt-2sdaVmMoJag5uAetvRJ7YN2Y7idGhu8pU
.doubleclick.net/	1970-01-20 09:20:54	Name: test_cookie Value: CheckForPermission
.legionfonts.com/	1970-01-20 09:20:55	Name: _ym_visorc Value: w
.doubleclick.net/	1970-01-20 09:20:57	Name: DSID Value: NO_DATA
.mathtag.com/	1970-01-20 18:06:29	Name: uuid Value: 8e9863da-57ee-4a01-8e91-34c3cde913ed
.redintelligence.net/	1970-01-20 11:30:29	Name: 8lcfmzhxc8d6_uid Value: 4eea4f94e09fd1b0
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 357526:3266505
.awin1.com/	1970-01-20 09:22:20	Name: awpv11601 Value: 113440\|1675253743\|264ba050-a22a-11ed-a333-22367016dc88
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: vru2hspg4llcdvkims1g1qwx
pb.media01.eu/	1970-01-20 18:56:53	Name: DTU Value: 8D2404C5D2520C8DEE3442EAE81F6FE3
.office-partner.de/	1970-01-20 18:56:53	Name: source Value: {"webgains_webgains":{"timestamp":1675253743725,"clickCookie":false}}

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://legionfonts.com/js/modernizr.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1(Line 21) Message: The Content Security Policy 'child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1344785995088365511/528-728x90-h/index.html' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271803&client=ca-pub-4049460973188280&fa=3&ifi=8&uci=a!8&btvi=5&xpc=RgfFZYZAZB&p=http%3A//legionfonts.com Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1#RS-2-&adk=1812271804&client=ca-pub-4049460973188280&fa=4&ifi=9&uci=a!9&btvi=6&xpc=76Bn30uYy5&p=http%3A//legionfonts.com Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
ad-server.eu
adservice.google.com
adservice.google.de
adv.office-partner.de
ajax.googleapis.com
analytics.webgains.io
api.webgains.io
buttons-config.sharethis.com
cdn.track.production.webgains.team
count-server.sharethis.com
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900014.redintelligence.net
hal90002.redintelligence.net
l.sharethis.com
legionfonts.com
maxcdn.bootstrapcdn.com
mc.yandex.com
mc.yandex.ru
medialead.de
p4-ha6ua5mzwf7xe-g35hqfdymarasv6b-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pb.media01.eu
pixel.mathtag.com
platform-api.sharethis.com
platform-cdn.sharethis.com
pv.medialead.de
tags.mathtag.com
tpc.googlesyndication.com
track.webgains.com
www.awin1.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.96.132.42
13.32.27.61
13.32.27.75
138.201.63.150
142.250.185.70
142.250.201.195
145.239.193.130
176.9.26.250
18.168.165.36
18.66.15.61
185.29.132.242
188.42.162.76
2600:9000:206f:e400:c:abe:f440:93a1
2600:9000:211a:a600:1d:85c3:6640:93a1
2606:4700::6812:bcf
2a00:1450:4001:808::2003
2a00:1450:4001:809::200a
2a00:1450:4001:810::200a
2a00:1450:4001:813::2001
2a00:1450:4001:827::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:82b::200e
2a00:1450:400d:802::2002
2a00:1450:400d:803::2002
2a00:1450:400d:803::2008
2a00:1450:400d:80a::2002
2a00:1450:400d:80a::200e
2a00:1450:400d:80c::2002
2a00:1450:400d:80c::200e
2a00:1450:400d:80d::2002
2a00:1450:400d:80d::200e
2a02:6b8::1:119
2a0b:4d07:401::1
3.125.136.212
3.9.112.14
46.4.10.47
52.222.139.62
54.76.176.197
65.9.66.108
88.198.250.30
92.123.37.164
94.23.99.218
026c2cd9d5f266ad0361ea023a215d23d06d997084148ddc6967013ce364f23c
0530c7374154918cb4334c6d42d7fbfaee057b7d4c7c20eca137f42bb5960da8
05ba82d70aa106b4b3a8cd113c2911d2baee03d8a2256091360f1c9013f073a9
07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a
07ea9ff2314298989a32ad696ce6c1a839a1e3f149ab0811b94d234c5f6127dd
0a81ff0653ae4abd7694c7600d47f5508b73a77167106d44015fd59665d45175
14127780573f882562c896db948eb0a8b6ba1e4abc3d1055e7294134bc562eb4
179bdda4008e8bf51a78594a8f9e49d0b6e28498268fd86df2a6e537e35e252b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1bae747c7fd090f56608956a97c870391e1c43f89d24d5766129b75628985c1e
1c54011d828ac230f54e1ea9c9a2e5c151d1ea3ade910debea2b2f44793bf757
1c9136e86ccc22618d1c6f2932ce155eac7315251ed2e63b41b8b2b62ce9adf2
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
244e2aa717b3224f20f156b326b34b67907ef83ed53067f034e4a68b25025ef4
24d25ab31558470e56bc92bde9f40e903cad2957d3995b4661011b1d09308b1c
2557e4d35e58e5d14826828343ca8fee6efa3f86f9e4733029f8586d3686e374
2bc20f814dcce1cee809cc335c6e2a665e8321fb085dfac7fc1e5174ec0e9349
2cd722e5e57556cbb82d938bee5fbea6a0dafe83d40bfa9b55ebb1fff91e3879
2d01174a4cfc0a369bbe5c6c2424601603bac9b030f81ee56f35163114a71e06
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
304d9052cbb93a071a2e78bd2b1d3eeb83011fc0cad5285aaf7b24ef1048cb9f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31f63637d9078c622334df3ca6ad6b59c8ecad463787f9b460f8be4f633e5223
325b46fb8bd98a3850eefa76dba4d87f274388f50c4dd3f070a8a651ef793e6d
3812b65bb97be9acccdbf62d57363ac3577560f3002a634aef2eae2e02819839
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38f042bdf7782b067c786820235b6929842e4197e9d0415a5eacc43f115fb0cc
39a85228c66c4f0b56bbcbca8b9a8b70ee31db38c20a37b2f78792f724ef3bd4
3a6569f1f5579aefeb3abc512c7916ce3a98e94ff56990c4b5af05632178aeb3
3cbca36cd70f56352ebed66d9c92395ab94967601dac16ec76848320d4dfc7a2
3d927aa2e969b7d919de81968a2f48c9b51459a0a76946c036e4bc135732cf1a
40ceb670daf6af4dd3bbac15882e7da081e2948058c5e76ab0ae694474a1d1d3
42ae7211c7306983827cb41ba951aea7b059b1f3baa405a380c0b09c61b8ad8c
44878c9ae7dbadb3303d311fa164ca538e08a77576a214138620352a52c2c3f6
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
4637e3c8f7651c09633af448b3061446b2f1504e95439dc958b543dfb7599259
491975192626853d975dc47487606cc93ec27640b2dd367c531c7c6f389b3a39
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4c762350bf5dcf159a3adfddb1c33d90a8d85daaf7c5de9ea82b5fd201dd2d5b
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
51f074163f450f1e5e6e69fb006f202f61816171b815da4348b4d1be2063c1eb
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e
58c088301e8dec84489473d40a914dbfeab3c9f4bea279552ed2a0a266f47678
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38
5cb89a7eebcebe6ab57f91dd1d2c5d83014d12330e5d237a46c350cc1a95eb3f
5e10dd7f468c97913a2d9f1d1259a1e748a582497f311038a30ad24822e4e0d9
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62f9dddc1da5fea709c9f017536f84a0158d7f957a956fe9bf98e606163a9c40
665278381f9245c87d75d02b23e4059102a7961631e70f23f182e3e023bb8535
6764f4fa8ed566b5cab50068dc9538fcbafa0578e464bcf62c38e8ed5b9fa1a1
6766a094b640c7320ea7ea8a7a16ee91a9059ddb001c1c35e1d0b99a6dff0f6d
682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2
688000fe9ae19b4982910eed1e63f9a23a9f051b49a3a32660b9d5e66f573aa2
6cd949324510b10b42681406cb44c0068dfdae102e29a0bbc4b55087882647b1
6d62fbfe5a895bb0d453441815bf668a448d4492cde9d761af2a6213a32dfbe8
6efd39892302350dcefafe1b1a0fd686a694c3e05546c33f995307ebebc7d498
717334d3d69f2fe7e6776e356df1ef9d7d3d81920f2bea6f5b2ff891be702a28
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f
7d4adb5e9401f2d3c71467d1c2ab1a153e5b65fdc1d9f90ba7504fd700d7fac6
805cb3737cc5844df955c7412673cf95e54e2a292d8776d23feec56d975e7178
838ff04508ae59aa4f281534118fa2b7699673f5eb6b4ecc3b7e4464a12e3676
85562940aae6b0f25dc7be19fbaa935f76193bef96a62dc2a5f3a8968735160f
860a3602a0c3f2d16fc1059db8f28a9d521bcc510ac9ddfdfd6842857470b7ff
875e587be1fa979840b150c264f34e7d53780a758cea975601d21258268c5307
87a3ebaba5c9437a0c7819ac7eeb3fa8f401c9c0a9b0c67a73227dfe2b065a53
87d14082b3b62d09c10d8e9f5fb924749ea75a3fafb18f960224de4e479d377e
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
89cb6468edc1061183cac2216a72cf9a15139a2ff5c962887a11f0e0347be295
90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
96047da552e7b5fb39cf3889b24fdf23fafe9b65d545ac192bf9101f5183c5ab
962b5a0b1058fb793fa137b948d5751e208b016bd67b27f886ba1b888e3ef9c9
9687ee5934e8a8b125cd0e3f7e21b9eea12c5eba602dfb12941aeafaad44fbe3
982fa97eccae21e893548687e91b35de93861805706a57fa1eab73455f9ed72f
98d6427651f10db6f71e5f7ee348dbf2718fc7079e9db54bc40846e41643dc6c
99c3df45b308051c97b1f28f8cae361fa333d4efefe0d0a35d91610baf3233b0
9a83c65bdd0ff9488af9d25720686457ea7295c9c44f9f1d285a0c9ec89bab99
9b102dc5e03cfe55b244c73c73d81ea980ff5c3947d005e7ee7d9da6116cd289
9cfd4d487b62ee6562620a4dc809441a29f6e4f04353d20642c56b55bd120e12
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a809913a90f05f7a3cca68229ab4d0e3e59eb9be0230c53ac91692232ee5ef2a
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
adabc524c9258e7dffb58fa91dceb4e4f70206b0fd9a599d97e304ca9b39c8fc
aea8d6d7292a79ae391517c8ec2c0f3b55c34b20c1eb330a24edaaadc4cca3d9
afb783bda33be0d155bbb2fb5ce642874ce17e9d9eb9abc03aba888796a44d43
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b511b5104524c0b25f553fbaa7c6d92564f0770a222d9ad642bffa36aa3920d6
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
be651856477d7a57e86323a1d611b264ca6932af89849e9ceed6635af7401648
bea5fac5d6e83fea731646d26ab9c1c28713b53c2d54e39e6c541df73e103c82
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c2884ad89c377fc431ee90fe35a3794e8b6096492a8a0ccc0a8a72f96e17250a
c50883db64c29539a40e6b1164789cd2ab1c269a0e29c05fc0046e1807d85788
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cb9e995177b57d7c077041796176f1c1a95c3105d6a1437c3d8d970d0d8f81fa
d3e18e3c529c5111d5e0237d5f459ada3bc0e3cf5300fe637ce5390ddd2461a3
d4a77679decd6243b7cafd2bc6f737843c770fe524d565be32248e59b51f8b17
d54a3e19d60cf239b39137bd230f5a829c7d5c43a109ec28ff2f19acbeda1e1c
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d7877ddaf442b34fe0260f77d9198184ab2e9cb3c340dbf6a01d0a6c3c739d0f
dd544bff463b7851d652b35adc0eb2b894bcd097b0977b0985b56f961b5f69da
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b
e300204b04aed776df431b8748952bc2db79472861e7c070ffbb4cd6085cdb17
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4813004f9dd490d0c2a5e29573d379a14b2ece47e9df1372b9be4fc09976c3b
e78372d7515a4f8e5a77b672d5fbf1beecdde99b69700bcf5894716cd909c57c
e80656bef24caf99fc3319a6bab31f3de64b7acf4766018d5e00e6b2935ac390
e8c73c5026dc95b713d71daccd03ab363b20d5bf4c42452a05da95fa21e6701b
ebe18d414b7475c5ca1dfc73d88a76dba28c5bd4883b085d9fef2d4ac2b8ed68
ec50451f1c97a0ca5df8c05d3e39740502b37e85123b7bcbbaa02f1a25ca044a
eca4629e7802b3bc51a185d6db38d8a771bfd32b0f2755fff48cb9a1b0880c3f
ee65ee7e55c397506c66caa9bbc0e9ba0c72c750070d6cbdfd362f1e29f1e85e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f031d0330fa0902ad02a7158a8b4aa01cefacc0f4743ab7b78f4ed517723d130
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
fde74653b84899ebcde600b2c9c810ca1b8c94028bfaa9172c6faf74be645afc
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48
fef2ae2f411211aeed1c8f431f758c2d0b0f646860748b7724ff742c5ad83112
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995
ffdfbb33ca9ff9ce340303397828f0545bdee4784e46474f02f3d8d239da24eb

legionfonts.com Open in urlscan Pro 188.42.162.76 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

226 Requests

84 %HTTPS

51 %IPv6

25 Domains

43 Subdomains

41 IPs

9 Countries

2460 kBTransfer

6022 kBSize

26 Cookies

3 Outgoing links

Redirected requests

226 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

legionfonts.com Open in urlscan Pro
188.42.162.76 Public Scan

Screenshot
Live screenshot

Full Image

226
Requests

84 %
HTTPS

51 %
IPv6

25
Domains

43
Subdomains

41
IPs

9
Countries

2460 kB
Transfer

6022 kB
Size

26
Cookies

226 HTTP transactions
10 data transactions