www.dfonts.org Open in urlscan Pro
35.190.31.54 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.dfonts.org/
Effective URL:
https://www.dfonts.org/
Submission: On December 07 via api (December 7th 2023, 5:15:37 am UTC) from US — Scanned from DE

Summary HTTP 260 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 77 IPs in 9 countries across 71 domains to perform 260 HTTP transactions. The main IP is 35.190.31.54, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is www.dfonts.org.
TLS certificate: Issued by R3 on November 22nd 2023. Valid for: 3 months.

This is the only time www.dfonts.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 36	35.190.31.54 35.190.31.54	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	64.227.38.224 64.227.38.224	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:4ad8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 9	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	108.138.1.25 108.138.1.25	16509 (AMAZON-02) (AMAZON-02)
3	130.211.23.194 130.211.23.194	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700:20:... 2606:4700:20::681a:346	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	142.250.184.198 142.250.184.198	15169 (GOOGLE) (GOOGLE)
1	99.86.4.39 99.86.4.39	16509 (AMAZON-02) (AMAZON-02)
1	161.35.94.134 161.35.94.134	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2606:4700:20:... 2606:4700:20::681a:8a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	34.249.137.246 34.249.137.246	16509 (AMAZON-02) (AMAZON-02)
1	52.50.121.249 52.50.121.249	16509 (AMAZON-02) (AMAZON-02)
3	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
5 10	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:2638:3::7 2a02:2638:3::7	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
3	2602:803:c003... 2602:803:c003:200::21	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2606:4700:440... 2606:4700:4400::6812:22b2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	185.86.138.16 185.86.138.16	201081 (SMARTADSE...) (SMARTADSERVER)
2	13.32.119.77 13.32.119.77	16509 (AMAZON-02) (AMAZON-02)
1	184.30.211.26 184.30.211.26	16625 (AKAMAI-AS) (AKAMAI-AS)
1	65.9.66.104 65.9.66.104	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6816:34ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.212.46.188 52.212.46.188	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:10:... 2606:4700:10::ac43:17ea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:445	13335 (CLOUDFLAR...) (CLOUDFLARENET)
23	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
7 10	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
3 12	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	213.202.235.10 213.202.235.10	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 2	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	162.19.138.83 162.19.138.83	16276 (OVH) (OVH)
1	141.95.33.120 141.95.33.120	16276 (OVH) (OVH)
1	143.204.215.88 143.204.215.88	16509 (AMAZON-02) (AMAZON-02)
2	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
1	217.79.188.46 217.79.188.46	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	217.79.188.21 217.79.188.21	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	217.79.188.59 217.79.188.59	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 3	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	2.19.217.60 2.19.217.60	16625 (AKAMAI-AS) (AKAMAI-AS)
1	184.30.16.183 184.30.16.183	16625 (AKAMAI-AS) (AKAMAI-AS)
3	184.30.16.195 184.30.16.195	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.32.27.45 13.32.27.45	16509 (AMAZON-02) (AMAZON-02)
2	34.240.94.206 34.240.94.206	16509 (AMAZON-02) (AMAZON-02)
1 2	5.135.209.100 5.135.209.100	16276 (OVH) (OVH)
2 2	104.64.126.246 104.64.126.246	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:205... 2600:9000:2057:4c00:1f:4c18:bd40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	77.245.57.72 77.245.57.72	36057 (WEBAIR-IN...) (WEBAIR-INTERNET-MTL)
1	3.214.250.236 3.214.250.236	14618 (AMAZON-AES) (AMAZON-AES)
2 2	216.52.2.86 216.52.2.86	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1	216.52.2.30 216.52.2.30	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
4 4	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
2 2	193.0.160.131 193.0.160.131	54312 (ROCKETFUEL) (ROCKETFUEL)
1	69.166.1.34 69.166.1.34	27630 (AS-XFERNET) (AS-XFERNET)
1 1	145.40.97.66 145.40.97.66	54825 (PACKET) (PACKET)
2	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
1 1	54.88.245.32 54.88.245.32	14618 (AMAZON-AES) (AMAZON-AES)
1	3.68.0.8 3.68.0.8	16509 (AMAZON-02) (AMAZON-02)
1 1	2.18.160.23 2.18.160.23	16625 (AKAMAI-AS) (AKAMAI-AS)
1	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
2 2	3.231.9.89 3.231.9.89	14618 (AMAZON-AES) (AMAZON-AES)
2 2	13.32.27.28 13.32.27.28	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1 2	52.46.130.91 52.46.130.91	16509 (AMAZON-02) (AMAZON-02)
1	2a05:d018:cc3... 2a05:d018:cc3:fe05:e92:7b45:a851:1db9	16509 (AMAZON-02) (AMAZON-02)
4 4	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2 2	52.57.164.72 52.57.164.72	16509 (AMAZON-02) (AMAZON-02)
1 1	35.208.249.213 35.208.249.213	19527 (GOOGLE-2) (GOOGLE-2)
3	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
9	34.247.233.198 34.247.233.198	16509 (AMAZON-02) (AMAZON-02)
2 3	52.28.146.18 52.28.146.18	16509 (AMAZON-02) (AMAZON-02)
4 4	37.157.6.237 37.157.6.237	198622 (ADFORM) (ADFORM)
1 1	54.198.207.123 54.198.207.123	14618 (AMAZON-AES) (AMAZON-AES)
1	2a05:d018:d29... 2a05:d018:d29:3601:c84a:f3f:c1a8:24dc	16509 (AMAZON-02) (AMAZON-02)
1 1	54.165.74.222 54.165.74.222	14618 (AMAZON-AES) (AMAZON-AES)
1	169.197.150.8 169.197.150.8	398989 (DEEPINTENT) (DEEPINTENT)
2 2	70.42.32.63 70.42.32.63	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
2 2	208.93.169.131 208.93.169.131	46244 (WEBMD-IDC...) (WEBMD-IDC1-AS)
1 1	124.146.153.164 124.146.153.164	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
1 1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	185.86.138.145 185.86.138.145	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	2620:116:800d... 2620:116:800d:21:7eb1:3826:be7e:d981	16509 (AMAZON-02) (AMAZON-02)
2 2	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
260	77

36 35.190.31.54 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 54.31.190.35.bc.googleusercontent.com

www.dfonts.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.227.38.224 (Slough, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: srv-eu-ldn-17.buysellads.com

cdn4.buysellads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:4ad8 (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.1.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-1-25.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 130.211.23.194 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:346 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.184.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-39.fra6.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 161.35.94.134 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: srv-eu-nl-17.buysellads.com

srv.buysellads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:8a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 34.249.137.246 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-137-246.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.121.249 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-121-249.eu-west-1.compute.amazonaws.com

hb-api.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.252 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 37.252.172.123 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::7 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

buysellads-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2602:803:c003:200::21 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22b2 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.86.138.16 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.119.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-119-77.fra60.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.211.26 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-211-26.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-104.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:34ad (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.hadronid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.46.188 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-46-188.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:17ea (United States)

ASN13335 (CLOUDFLARENET, US)

id.hadron.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:445 (United States)

ASN13335 (CLOUDFLARENET, US)

a.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.217.16.194 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f194.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.64.151.101 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.202.235.10 (Düsseldorf, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.83 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31532338.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.33.120 (Germany)

ASN16276 (OVH, FR)
PTR: ns3203256.ip-141-95-33.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-88.fra53.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.79.188.46 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: ad4.adfarm1.adition.com

ad4.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.79.188.21 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: ad2.adfarm1.adition.com

ad2.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.79.188.59 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: imagesrv.adition.com

imagesrv.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.19.217.60 (Prague, Czech Republic)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-217-60.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.16.183 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-16-183.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.30.16.195 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-16-195.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.45 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-45.fra56.r.cloudfront.net

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.240.94.206 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-94-206.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.135.209.100 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip100.ip-5-135-209.eu

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.64.126.246 (Prague, Czech Republic) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-64-126-246.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:4c00:1f:4c18:bd40:93a1 (United States)

ASN16509 (AMAZON-02, US)

cs-rtb.minutemedia-prebid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.245.57.72 (United States)

ASN36057 (WEBAIR-INTERNET-MTL, US)

sync.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.214.250.236 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-214-250-236.compute-1.amazonaws.com

cs-server-s2s.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.86 (United States) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.30 (United States)

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.228.174.117 (United Kingdom) 4 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.131 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.166.1.34 (United States)

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.40.97.66 (Amsterdam, Netherlands) 1 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.88.245.32 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-88-245-32.compute-1.amazonaws.com

ssp.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.68.0.8 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-68-0-8.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.160.23 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-160-23.deploy.static.akamaitechnologies.com

hbx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.19 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.231.9.89 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-231-9-89.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.27.28 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-28.fra56.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.130.91 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:cc3:fe05:e92:7b45:a851:1db9 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.184.8.90 (Amsterdam, Netherlands) 4 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.164.72 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-164-72.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.208.249.213 (Council Bluffs, United States) 1 redirects

ASN19527 (GOOGLE-2, US)
PTR: 213.249.208.35.bc.googleusercontent.com

trace.mediago.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.247.233.198 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com

usersync.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.28.146.18 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-146-18.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.237 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.198.207.123 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-198-207-123.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:c84a:f3f:c1a8:24dc (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.165.74.222 (United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-165-74-222.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.197.150.8 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.63 (United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.93.169.131 (United States) 2 redirects

ASN46244 (WEBMD-IDC1-AS, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.153.164 (Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.86.138.145 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:7eb1:3826:be7e:d981 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.66.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 148	480 KB
36	dfonts.org 1 redirects www.dfonts.org	752 KB
29	doubleclick.net 8 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 ad.doubleclick.net — Cisco Umbrella Rank: 139 cm.g.doubleclick.net — Cisco Umbrella Rank: 219	320 KB
23	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	662 KB
14	rubiconproject.com 2 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 537 eus.rubiconproject.com — Cisco Umbrella Rank: 588 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 946 token.rubiconproject.com — Cisco Umbrella Rank: 461	45 KB
12	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 480	8 KB
12	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 2371 public.servenobid.com — Cisco Umbrella Rank: 5655	8 KB
11	gumgum.com g2.gumgum.com — Cisco Umbrella Rank: 1524 usersync.gumgum.com — Cisco Umbrella Rank: 1858 rtb.gumgum.com — Cisco Umbrella Rank: 1472	4 KB
11	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 229 acdn.adnxs.com — Cisco Umbrella Rank: 610 secure.adnxs.com — Cisco Umbrella Rank: 478	24 KB
10	smartadserver.com 1 redirects prg.smartadserver.com — Cisco Umbrella Rank: 1657 ssbsync.smartadserver.com — Cisco Umbrella Rank: 742 rtb-csync.smartadserver.com — Cisco Umbrella Rank: 622	4 KB
8	amazon-adsystem.com 1 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 306 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 614 aax.amazon-adsystem.com — Cisco Umbrella Rank: 410 s.amazon-adsystem.com — Cisco Umbrella Rank: 285	75 KB
5	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 504 ads.pubmatic.com — Cisco Umbrella Rank: 544 image6.pubmatic.com — Cisco Umbrella Rank: 793	18 KB
5	criteo.com 2 redirects bidder.criteo.com — Cisco Umbrella Rank: 776 gum.criteo.com — Cisco Umbrella Rank: 424 mug.criteo.com — Cisco Umbrella Rank: 2811 dis.criteo.com — Cisco Umbrella Rank: 550	8 KB
4	adform.net 4 redirects c1.adform.net — Cisco Umbrella Rank: 560	2 KB
4	creativecdn.com 4 redirects creativecdn.com — Cisco Umbrella Rank: 564	2 KB
4	openx.net 2 redirects buysellads-d.openx.net — Cisco Umbrella Rank: 39373 u.openx.net — Cisco Umbrella Rank: 672 us-u.openx.net — Cisco Umbrella Rank: 491	1011 B
4	btloader.com btloader.com — Cisco Umbrella Rank: 931 api.btloader.com — Cisco Umbrella Rank: 1000	21 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2189	21 KB
3	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 336	1 KB
3	yahoo.com ups.analytics.yahoo.com — Cisco Umbrella Rank: 307 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474	566 B
3	1rx.io 3 redirects sync.1rx.io — Cisco Umbrella Rank: 546	2 KB
3	lijit.com 2 redirects ce.lijit.com — Cisco Umbrella Rank: 835 ap.lijit.com — Cisco Umbrella Rank: 650	2 KB
3	adition.com 1 redirects ad4.adfarm1.adition.com — Cisco Umbrella Rank: 65170 ad2.adfarm1.adition.com — Cisco Umbrella Rank: 54473 imagesrv.adition.com — Cisco Umbrella Rank: 17335	627 B
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	191 KB
3	ad.gt id.hadron.ad.gt — Cisco Umbrella Rank: 1673 a.ad.gt — Cisco Umbrella Rank: 1869	4 KB
3	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 714	411 B
3	4dex.io script.4dex.io — Cisco Umbrella Rank: 1628 mp.4dex.io — Cisco Umbrella Rank: 2346	25 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 685	693 B
2	contextweb.com 2 redirects bh.contextweb.com — Cisco Umbrella Rank: 501	1 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 586	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 818	1 KB
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 331	297 B
2	rezync.com 2 redirects live.rezync.com — Cisco Umbrella Rank: 1785	1 KB
2	liadm.com 2 redirects i.liadm.com — Cisco Umbrella Rank: 517	1 KB
2	rfihub.com 2 redirects p.rfihub.com — Cisco Umbrella Rank: 825	2 KB
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 631	60 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138
2	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 893 id5-sync.com — Cisco Umbrella Rank: 425	34 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 979 bcp.crwdcntrl.net — Cisco Umbrella Rank: 850	12 KB
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1018	1 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	89 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	147 KB
1	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 749	508 B
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1450	692 B
1	deepintent.com match.deepintent.com — Cisco Umbrella Rank: 925	44 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 836	465 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 702	1 KB
1	mediago.io 1 redirects trace.mediago.io — Cisco Umbrella Rank: 902	375 B
1	adroll.com d.adroll.com — Cisco Umbrella Rank: 1380	181 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 408	98 B
1	media.net 1 redirects hbx.media.net — Cisco Umbrella Rank: 1215	287 B
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 495	35 B
1	disqus.com 1 redirects ssp.disqus.com — Cisco Umbrella Rank: 1557	274 B
1	a-mo.net 1 redirects prebid.a-mo.net — Cisco Umbrella Rank: 751	234 B
1	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 951	399 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1258	465 B
1	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 773	434 B
1	yellowblue.io cs-server-s2s.yellowblue.io — Cisco Umbrella Rank: 2453	370 B
1	adkernel.com sync.adkernel.com — Cisco Umbrella Rank: 1750	134 B
1	minutemedia-prebid.com cs-rtb.minutemedia-prebid.com — Cisco Umbrella Rank: 6250	526 B
1	truste.com choices.truste.com — Cisco Umbrella Rank: 890	27 KB
1	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 940	274 B
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 11353	60 B
1	hadronid.net cdn.hadronid.net — Cisco Umbrella Rank: 1790	10 KB
1	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1042	17 KB
1	omnitagjs.com hb-api.omnitagjs.com — Cisco Umbrella Rank: 3655	879 B
1	buysellads.com srv.buysellads.com — Cisco Umbrella Rank: 21550	707 B
1	gstatic.com fonts.gstatic.com	8 KB
1	buysellads.net cdn4.buysellads.net — Cisco Umbrella Rank: 28340	156 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	838 B
260	71

	Domain	Requested by
36	www.dfonts.org	1 redirects www.dfonts.org
23	s0.2mdn.net	www.dfonts.org s0.2mdn.net 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
22	pagead2.googlesyndication.com	www.dfonts.org pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com www.googletagservices.com
17	tpc.googlesyndication.com	www.dfonts.org tpc.googlesyndication.com pagead2.googlesyndication.com s0.2mdn.net 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
11	ads.servenobid.com	cdn4.buysellads.net public.servenobid.com ssum-sec.casalemedia.com g2.gumgum.com ssbsync.smartadserver.com
10	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net ssum-sec.casalemedia.com
10	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net g2.gumgum.com
9	usersync.gumgum.com	g2.gumgum.com
9	ib.adnxs.com	4 redirects cdn4.buysellads.net googleads.g.doubleclick.net acdn.adnxs.com
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.dfonts.org 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
6	eus.rubiconproject.com	cdn4.buysellads.net public.servenobid.com eus.rubiconproject.com g2.gumgum.com
6	securepubads.g.doubleclick.net	1 redirects cdn4.buysellads.net securepubads.g.doubleclick.net
5	ad.doubleclick.net	www.dfonts.org
4	rtb-csync.smartadserver.com	ssbsync.smartadserver.com
4	c1.adform.net	4 redirects
4	creativecdn.com	4 redirects
4	prg.smartadserver.com	cdn4.buysellads.net
3	x.bidswitch.net	2 redirects g2.gumgum.com
3	token.rubiconproject.com	eus.rubiconproject.com
3	sync.1rx.io	3 redirects
3	ads.pubmatic.com	cdn4.buysellads.net public.servenobid.com g2.gumgum.com
3	www.googletagservices.com	www.dfonts.org 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
3	8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	fastlane.rubiconproject.com	cdn4.buysellads.net
3	onetag-sys.com	cdn4.buysellads.net public.servenobid.com
3	api.btloader.com	btloader.com
3	c.amazon-adsystem.com	cdn4.buysellads.net c.amazon-adsystem.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.dfonts.org
2	sync-tm.everesttech.net	2 redirects
2	bh.contextweb.com	2 redirects
2	b1sync.zemanta.com	2 redirects
2	us-u.openx.net	2 redirects
2	pm.w55c.net	2 redirects
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	match.adsrvr.org	ssum-sec.casalemedia.com g2.gumgum.com
2	live.rezync.com	2 redirects
2	i.liadm.com	2 redirects
2	ups.analytics.yahoo.com	public.servenobid.com
2	p.rfihub.com	2 redirects
2	ce.lijit.com	2 redirects
2	secure-assets.rubiconproject.com	2 redirects
2	ssum-sec.casalemedia.com	public.servenobid.com ssum-sec.casalemedia.com
2	ssbsync.smartadserver.com	1 redirects public.servenobid.com
2	gum.criteo.com	1 redirects static.criteo.net
2	static.criteo.net	cdn4.buysellads.net static.criteo.net
2	www.googleadservices.com	8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
2	www.google.com	1 redirects tpc.googlesyndication.com
2	id.hadron.ad.gt	cdn.hadronid.net
2	aax.amazon-adsystem.com	c.amazon-adsystem.com
2	script.4dex.io	cdn4.buysellads.net script.4dex.io
2	ad-delivery.net	www.dfonts.org
2	connect.facebook.net	www.dfonts.org connect.facebook.net
2	www.googletagmanager.com	www.dfonts.org www.googletagmanager.com
1	cms.quantserve.com	1 redirects
1	dis.criteo.com	1 redirects
1	tg.socdm.com	1 redirects
1	rtb.gumgum.com	g2.gumgum.com
1	match.deepintent.com	g2.gumgum.com
1	sync.ipredictive.com	1 redirects
1	pr-bh.ybp.yahoo.com	g2.gumgum.com
1	sync.srv.stackadapt.com	1 redirects
1	secure.adnxs.com	1 redirects
1	trace.mediago.io	1 redirects
1	d.adroll.com	ssum-sec.casalemedia.com
1	idsync.rlcdn.com	ssum-sec.casalemedia.com
1	image6.pubmatic.com	ads.pubmatic.com
1	hbx.media.net	1 redirects
1	match.sharethrough.com	public.servenobid.com
1	ssp.disqus.com	1 redirects
1	prebid.a-mo.net	1 redirects
1	sync.go.sonobi.com	public.servenobid.com
1	sync.targeting.unrulymedia.com	1 redirects
1	ad.turn.com	1 redirects
1	ap.lijit.com	public.servenobid.com
1	cs-server-s2s.yellowblue.io	public.servenobid.com
1	sync.adkernel.com	public.servenobid.com
1	cs-rtb.minutemedia-prebid.com	public.servenobid.com
1	g2.gumgum.com	public.servenobid.com
1	public.servenobid.com	cdn4.buysellads.net
1	acdn.adnxs.com	cdn4.buysellads.net
1	u.openx.net	cdn4.buysellads.net
1	mug.criteo.com
1	imagesrv.adition.com	8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
1	ad2.adfarm1.adition.com	1 redirects
1	ad4.adfarm1.adition.com	8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
1	choices.truste.com	8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
1	id5-sync.com	cdn.id5-sync.com
1	lb.eu-1-id5-sync.com	cdn.id5-sync.com
1	m.exactag.com	googleads.g.doubleclick.net
1	a.ad.gt	cdn.hadronid.net
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	cdn.id5-sync.com	www.dfonts.org
1	cdn.hadronid.net	www.dfonts.org
1	tags.crwdcntrl.net	www.dfonts.org
1	secure.cdn.fastclick.net	www.dfonts.org
1	mp.4dex.io	cdn4.buysellads.net
1	buysellads-d.openx.net	cdn4.buysellads.net
1	hbopenbid.pubmatic.com	cdn4.buysellads.net
1	bidder.criteo.com	cdn4.buysellads.net
1	hb-api.omnitagjs.com	cdn4.buysellads.net
1	srv.buysellads.com	cdn4.buysellads.net
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	btloader.com	cdn4.buysellads.net
1	region1.google-analytics.com	www.googletagmanager.com
1	fonts.gstatic.com	fonts.googleapis.com
1	cdn4.buysellads.net	www.dfonts.org
1	fonts.googleapis.com	www.dfonts.org
260	107

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com

Subject Issuer	Validity	Valid
*.dfonts.org R3	`2023-11-22` - `2024-02-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
cdn4.buysellads.net Sectigo RSA Domain Validation Secure Server CA	`2023-11-14` - `2024-11-14`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-15` - `2023-12-14`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
btloader.com GTS CA 1P5	`2023-10-19` - `2024-01-17`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
api.btloader.com GTS CA 1D4	`2023-10-10` - `2024-01-08`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-19` - `2024-02-19`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2023-02-20` - `2024-03-20`	a year	crt.sh
*.buysellads.com Sectigo RSA Domain Validation Secure Server CA	`2023-05-25` - `2024-06-24`	a year	crt.sh
script.4dex.io Cloudflare Inc ECC CA-3	`2023-10-23` - `2024-10-22`	a year	crt.sh
ads.servenobid.com Amazon RSA 2048 M01	`2023-04-29` - `2024-05-27`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2023-06-23` - `2024-07-22`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-28` - `2024-01-28`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
secure.cdn.fastclick.net DigiCert TLS RSA SHA256 2020 CA1	`2023-10-03` - `2024-10-03`	a year	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
hadronid.net GTS CA 1P5	`2023-12-03` - `2024-03-02`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-03` - `2024-05-03`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.eu-1-id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
*.id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
*.truste.com Amazon RSA 2048 M02	`2023-11-18` - `2024-12-15`	a year	crt.sh
*.adfarm1.adition.com AlphaSSL CA - SHA256 - G4	`2023-05-08` - `2024-06-08`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-09` - `2024-01-06`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2023-08-24` - `2024-08-24`	a year	crt.sh
*.servenobid.com Amazon RSA 2048 M02	`2023-02-21` - `2024-02-05`	a year	crt.sh
ie-ad-exch-prd-one-eks.prd.eks.ie.adexchange.gumgum.com Amazon RSA 2048 M01	`2023-07-17` - `2024-08-14`	a year	crt.sh
casalemedia.com Cloudflare Inc ECC CA-3	`2023-05-21` - `2024-05-20`	a year	crt.sh
*.minutemedia-prebid.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
*.adkernel.com AlphaSSL CA - SHA256 - G4	`2023-01-03` - `2024-02-04`	a year	crt.sh
*.yellowblue.io Amazon ECDSA 256 M02	`2023-04-18` - `2024-05-16`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2023-05-06` - `2024-05-04`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2022-12-06` - `2024-01-07`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-03` - `2024-01-24`	6 months	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2023-10-09` - `2024-11-07`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-29` - `2024-02-21`	6 months	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2022-11-30` - `2024-01-01`	a year	crt.sh
*.ad-server.k8s.ie.ggops.com Amazon RSA 2048 M02	`2023-02-08` - `2024-02-15`	a year	crt.sh

This page contains 41 frames:

Primary Page: https://www.dfonts.org/
Frame ID: E91D87D39772C16D7A5F4C78077F8A89
Requests: 99 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20190131/zrt_lookup_fy2021.html
Frame ID: 803FAEE4E8F8B749704EB875147856C2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1451196893400375&output=html&adk=1812271804&adf=3025194257&lmt=1701926131&plaf=2%3A2%2C7%3A2&plat=3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.dfonts.org%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701926131577&bpp=4&bdt=301&idt=267&shv=r20231205&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8429816452401&frm=20&pv=2&ga_vid=2052933350.1701926132&ga_sid=1701926132&ga_hid=1912409831&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079826%2C44806141%2C44807763%2C44808149%2C44808284%2C95320230&oid=2&pvsid=1702920697313495&tmod=1510047365&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=286
Frame ID: EC07DF10055B7E961C80BC69BC855881
Requests: 1 HTTP requests in this frame

Frame: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 6BADA849644C364AAF01A9DE5DAFB6F4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: B9A5640D5DE6034DB86026047A31347F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYiIzo4gEwAQ&v=APEucNW5gzHG0znpOazt-FrFb10LpALWrgYrfEbYUWW6N5xebuk0lulYdKM3doq2lN6C_RPZqsgpZskIv1FKz0vIY6CHL-Clj1x9qgj9fhr75E0avk7IbaLi5EvXwU281_fAczGbvDgXiyj1-1ZaYR2Bd1qfXuPh_8G2KD1Fa0W6XWMoz0VXIl8
Frame ID: DD5CA2CF67CAEDB8A5AC639EEEE7A787
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Frame ID: D1FE9246256AF5518A0064AE3E416D31
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 51A002B02CCF23E67377B7522C15D587
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250
Frame ID: 53116B982242B09DD5A84FA258478352
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A8742C161E1117FA4A5BF87CB9A55B3E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 76EDB88E3B43253E05D9EF8B37E36182
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Frame ID: 27C15C3C4133EBAFD9A3D299583BA13C
Requests: 1 HTTP requests in this frame

Frame: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2A534032AB8415A7F55916CDC47BC449
Requests: 15 HTTP requests in this frame

Frame: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7D777AB11FAF296D012B30097753E67B
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhjoqcLbATAB&v=APEucNXMyX-rFMkX1ANO6RzYOhWlRUS6u-3wTHzRSR8m_GzNQ37XBnnh43zWKKRcfoM9S8wag0ynBNHEmHe6b-lE3AU6O6xj5-qMco2ndJWDsmKcreVbqdHTyh0yjY-XMQgyLzy5cFkr6JMr-nHTFbM0PRbnYAQTockkW6e6BRXtbUzRghIpCH4
Frame ID: AA311533BA433417FC8F18C1AAA470CD
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250
Frame ID: 22BA8D07AA186CE4B151B5DA9D913D32
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 3BAB4DCB3578C379232D39D035356DB0
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: A6131E47E5F49C9ECC809DE2B2DDA4A7
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.dfonts.org
Frame ID: 80E028D241A794F1DEB68F5785AE3CE7
Requests: 2 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1701926132137
Frame ID: 440F40AAD4343A2972580B414FFA3B01
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: BF43B147B9544268A2B984F3C7A98693
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 9D7C083407A1164EC19F72B786C33AC1
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E1364CB860FB428FA2FEAD7477DEEE9A
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Frame ID: CAA27567C9BBA25DB0F82D7C35A20573
Requests: 2 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 35DD208ECD084871EB6E05AB99C2B50F
Requests: 13 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: E366D6B6F7412B3DA3282CFFC957DCF9
Requests: 12 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 3B51C511D6AF24461F11BF56BB75079A
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 9B6F90FDC0AF42EB3DFEEF245EDE1FCA
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: 617A35793A69BDAB0F1918F0384119FA
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
Frame ID: E6B0263591D9D7A71891EB7DFE62AE6D
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Frame ID: 649A15B4B6B26DA402327FB12D264D58
Requests: 1 HTTP requests in this frame

Frame: https://cs-rtb.minutemedia-prebid.com/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D348%26uid%3D%7BpartnerId%7D
Frame ID: 8C6AC9565CCBB61088126C6801DF5AC7
Requests: 1 HTTP requests in this frame

Frame: https://sync.adkernel.com/user-sync?zone=181225&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D152%26uid%3D%7BUID%7D&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Frame ID: 7210947BFFEA373F44ECEB51FFF82629
Requests: 1 HTTP requests in this frame

Frame: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D352%26uid%3D%7BpartnerId%7D
Frame ID: FDE8196870F6AA5CF08DEFCBFCA47ACE
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=adf&i=173419606983424896&gdpr=0&gdpr_consent=
Frame ID: 3AE8C1BA01F3529893F500392363EC74
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wNjY3NzA0ZC0zY2JmLTQxOWItYjRiYy03NjZhNGFlNGMyMjc=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: 18C6A1E0813DCAB740A65D3C5C632AD5
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 945E54875E6FE5970DC87ACF6C3243A8
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Frame ID: 168AE6F69DFC19E06A7D5DD992C79A7D
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=ZXFU.MCo8XkAACEiPgIAAAAA
Frame ID: F92408C0A1B5C792A57EA0D9B770FF78
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=m9kjEg8OXlK0GEQcFmXLGmLD7X68i-Eh8mXdV4DA0pM&pi=gumgum&tc=1
Frame ID: CA401637234D890A7E85000F4FACF173
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: BEFA7798A240C1AF1B93682ED2371D8C
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dfonts - Free Fonts Download

Page URL History Show full URLs

http://www.dfonts.org/ HTTP 301
https://www.dfonts.org/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

260
Requests

86 %
HTTPS

30 %
IPv6

71
Domains

107
Subdomains

77
IPs

9
Countries

3231 kB
Transfer

8736 kB
Size

80
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Dfonts-110122028216072

Search URL Search Domain Scan URL

URL: https://twitter.com/Dfonts_org

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.dfonts.org/ HTTP 301
https://www.dfonts.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1

Request Chain 106

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXFU9IWEN-nu.p2i-Wpp8AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1&google_hm=2

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEG1AP01Oc5SfiE7GaRIZxtE&google_cver=1

Request Chain 108

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzczNzgwNjI5MjM2MTM4NzcyNA%3D%3D

Request Chain 163

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1

Request Chain 164

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXFU9IWEN-nu.p2i-Wpp8AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1&google_hm=2

Request Chain 165

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEG1AP01Oc5SfiE7GaRIZxtE&google_cver=1

Request Chain 166

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzczNzgwNjI5MjM2MTM4NzcyNA%3D%3D

Request Chain 171

https://securepubads.g.doubleclick.net/pagead/adview?ai=C-_cm9FRxZb_-E63U1PIPvtWckA2e_qHCdI6P94f6EaOf3KWNAhABIMT8ip0BYJXimYKsB8gBBqkChS4zU_YPsj6oAwGqBP4BT9BQyMPTrzR_eVWCyD5XEovH0Rb9rx9Tvca5TrDrDxHyVR445sk1mKiKxW_OrGbz7ozjmqMxXm09t8b3RAmCpodGtgyOaPX0Zb7PI-0TuSMwk9xQc1ZiMO1xixw-TqKa3VEO5Yt51_O7QPr6Mbg74_qOZlgXfw1sTnw_F0xup26El_PmFDkvTKotO2LHv238K3J_SNA5VAZjn8ATUT_DSPgVLaFt0_iju5zEpklMgIcifa8yaul8ejVO6Osoqu6juD3yakQukSyjEcqEEbrWoy_Y0oUUOlXXsT_F3o8jMqXLddzWuAhRCxIAE0in9zF8lHQnb6disUJpFkaHUjXABN3UsprFBOAEA4gF5Y_Iw02SBQkIIhgBSKmUmQKSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBjeAB5yxjrcEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwoQ76oiGPmu9_8B0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOlj4-rL0yPyCA5oJdmh0dHBzOi8vYWQ0LmFkZmFybTEuYWRpdGlvbi5jb20vcmVkaT9zaWQ9NTE1MjcwNSZraWQ9NjIzOTAwNiZiaWQ9MTg5MjUwMTEmZ2Rwcj0ke0dEUFJ9JmdkcHJfY29uc2VudD0ke0dEUFJfQ09OU0VOVF8zOX2ACgPICwGiDBwqGgoY5LSxAu61sQK1uLECrLqxAuS0sQLutbEC4g0TCL21s_TI_IIDFS0qVQgdvioH0rAT3YLZFcgT5Zf94wPQEwDYEwrYFAHQFQGAFwGyFx8KHQgAEhRwdWItNjc5MTAzNzU2MDc0OTYxORj__ZUB6BcF&sigh=rQgKn01ie_Q&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNUOktf05x-mf2WpXFxrd8uOcGE1s3xKWf5ea1D5Nksgvv9HkFBfsLgkimB52xO_DX9pBuPQQcrI3eUdUDu1lTWHvZomUxt23D9WMYAQ&template_id=509&vt=10&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217430387443045205920%22,%22debug_reporting%22:true,%22destination%22:%22https://adition.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%220%22],%224%22:[%2212-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217688856995774495441%22}&andc=true

Request Chain 174

https://ad2.adfarm1.adition.com/banner?sid=5151015&gdpr=&gdpr_consent=&kid=6224115&bid=18905696&wpt=C&ts=[timestamp]&cbvp=2 HTTP 302
https://imagesrv.adition.com/1x1.gif

Request Chain 176

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 193

https://gum.criteo.com/sid/json?origin=publishertag&domain=dfonts.org&sn=ChromeSyncframe&so=0&topUrl=www.dfonts.org&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=Vy0_u3xVZ0hHUExPeSthODE3THhlbkVjc1VSWlhscXhQdkY0QTFIMWN2cGNmSjBJVEV2eVdkcFdWWCttTlBqM3RDSkRYVzFVSlRaMnZib01GdHZXSG1BMXVJTHFDYlZJeC9DcDIrQlp5RWxUbzRDN1JFQmxqaVA3N2w3b1M4aHI3TEtsbnlCNW04TmthbEJvY2N6YXpzRzB0aG5kTG5MbHdOdGpZQ0F4dlVHWk15N3NjekRwREJaZ1o5SHlzZmxtdTdCeXo4Z0grRFpFbjdsTEpCT1JUNUsrSmFmSnRQVmVUemRMckdydnJNRDExNTA3aFk2ci9IMXg4cUZaNGFyNG1IdHVYemEzV1hyYmgzeEpVOURxU0MwTFFXOGRJbXhhZm1pbGJwZGdXTGY0ZzkyST18&cppv=2

Request Chain 204

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=duration_media&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east

Request Chain 209

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=7737806292361387724

Request Chain 210

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1 HTTP 302
https://ads.servenobid.com/sync?pid=310&uid=Hx47sRZH5FSIMIaTQWStiTeb

Request Chain 212

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1701926135454 HTTP 302
https://ad.turn.com/r/cs?pid=45&rndcb=7264791533 HTTP 302
https://sync.1rx.io/usersync/turn/2565260229049947321?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-31c69869-111c-42d0-86f5-039a0f1bd3be-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-31c69869-111c-42d0-86f5-039a0f1bd3be-003 HTTP 302
https://ads.servenobid.com/sync?pid=321&uid=RX-31c69869-111c-42d0-86f5-039a0f1bd3be-003

Request Chain 213

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=5142336726765185660

Request Chain 215

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1YN-&gdpr=0

Request Chain 217

https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID HTTP 302
https://ads.servenobid.com/sync?pid=346&uid=ua-245edab7-c8e2-365b-a1ac-9f381675ba97

Request Chain 220

https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D353%26uid%3D%3Cvsid%3E HTTP 302
https://ads.servenobid.com/sync?pid=353&uid=0000EEA

Request Chain 223

https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZXFU9IWEN-nu.p2i-Wpp8AAA%263296&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZXFU9IWEN-nu.p2i-Wpp8AAA%263296&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=892f50abcc1244dbb432f25701deb609 HTTP 303
https://live.rezync.com/sync?c=0aa2530f29e4f4a05b5d5d9bb35d60c2&p=93c1662463a616a7155169889dd99651&pid=892f50ab-cc12-44db-b432-f25701deb609 HTTP 302
https://p.rfihub.com/cm?pub=39342&in=1&userid=53368c7a-0de4-4554-92dd-53425967bb28%3A1701926136.217712&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D53368c7a-0de4-4554-92dd-53425967bb28%253A1701926136.217712%26_%3D1701926136.2204893&cb=1701926136.2205212 HTTP 302
https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5142336726765185660&referrer={encSite}&forward=https%3A%2F%2Fidsync.rlcdn.com%2F501709.gif%3Fpartner_uid%3D53368c7a-0de4-4554-92dd-53425967bb28%253A1701926136.217712%26_%3D1701926136.2204893 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=53368c7a-0de4-4554-92dd-53425967bb28%3A1701926136.217712&_=1701926136.2204893

Request Chain 225

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZXFU9IWEN_nu-p2i_Wpp8AAADOAAAAIB&gpp=&gpp_sid= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZXFU9IWEN_nu-p2i_Wpp8AAADOAAAAIB&gpp=&gpp_sid=&dcc=t

Request Chain 226

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZXFU9IWEN_nu-p2i_Wpp8AAADOAAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEEmK2Ccp6y6c62SKOiZkyuI&google_cver=1

Request Chain 228

https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZXFU9IWEN-nu.p2i-Wpp8AAA%263296 HTTP 302
https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZXFU9IWEN-nu.p2i-Wpp8AAA%263296&tc=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=qUSaH0BAVwprWp0tMFRaBfK6DLxsGsD1spPr16nWSxc&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZXFU9IWEN-nu.p2i-Wpp8AAA%263296&tc=1

Request Chain 229

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=zS92Uchm1Rb6Jx5

Request Chain 230

https://trace.mediago.io/ju/cs/indexexchange HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=9d9fcb00445891302ujurk00lpuqvmzy

Request Chain 234

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://usersync.gumgum.com/usersync?b=apn&i=7737806292361387724

Request Chain 235

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_0667704d-3cbf-419b-b4bc-766a4ae4c227&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_0667704d-3cbf-419b-b4bc-766a4ae4c227&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2 HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=gumgum2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=70&user_id=9047829430685708652&ssp=gumgum2

Request Chain 236

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=opx&i=58b51560-9e06-4b06-b86e-3175037577a2

Request Chain 237

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=sta&i=0-cd591e90-626d-5fa4-77f2-fa711c7c25ae$ip$84.19.175.184

Request Chain 239

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=vnt&i=cca7ba37-b57c-4d35-bced-22faf712a0a0

Request Chain 241

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_0667704d-3cbf-419b-b4bc-766a4ae4c227&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
https://b1sync.zemanta.com/usersync/gumgum/?cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__&gdpr=0&gdpr_consent=&puid=e_0667704d-3cbf-419b-b4bc-766a4ae4c227&s=2&us_privacy=1--- HTTP 302
https://usersync.gumgum.com/usersync?b=zem&i=OuyQlLGacZeNWisePUkW&gdpr=0&us_privacy=1---

Request Chain 242

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://usersync.gumgum.com/usersync?b=pln&i=a28b4fuIW9Vw&ev=1&pid=558355

Request Chain 243

https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=sad&i=8929380387806690083

Request Chain 245

https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=1301&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=adf&i=173419606983424896&gdpr=0&gdpr_consent=

Request Chain 249

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://usersync.gumgum.com/usersync?b=sus&i=ZXFU.MCo8XkAACEiPgIAAAAA

Request Chain 250

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://usersync.gumgum.com/usersync?b=rth&i=m9kjEg8OXlK0GEQcFmXLGmLD7X68i-Eh8mXdV4DA0pM&pi=gumgum&tc=1

Request Chain 251

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 253

https://dis.criteo.com/dis/usersync.aspx?r=30&p=273&cp=smartortb&cu=1&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D79%26partneruserid%3D%40%40CRITEO_USERID%40%40&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=2e33c140-b403-4338-9357-592f25ed83b2&gdpr=0&gdpr_consent=

Request Chain 254

https://cms.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=Iy0FOyAsVD04IQJsdC8faCMrVjM4fAEzcCkgTf3T

Request Chain 255

https://sync-tm.everesttech.net/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=ZXFU9wAFFzVP2QBU HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=94&partneruserid=ZXFU9wAFFzVP2QBU&gdpr=0&gdpr_consent=&_test=ZXFU9wAFFzVP2QBU

Request Chain 256

https://bh.contextweb.com/bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D92%26partneruserid%3D%25%25VGUID%25%25&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=JqXgeDUvs1jN&ev=1&pid=560288&gdpr_consent=&gdpr=0

260 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.dfonts.org/
Redirect Chain

http://www.dfonts.org/
https://www.dfonts.org/

69 KB
15 KB

93ms
24ms

Document
text/html

35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 87a4360aaa319cb594fcff4fdb72b02ec294a9335541d6dc42a879e0a83ef8d8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 07 Dec 2023 05:15:31 GMT
host-header: 8441280b0c35cbc1147f8ba998a563a7
link: <https://www.dfonts.org/wp-json/>; rel="https://api.w.org/"
server: nginx
vary: Accept-Encoding
x-cdn-c: all
x-httpd: 1
x-proxy-cache: HIT
x-sg-cdn: 1

Redirect headers

Connection: keep-alive
Content-Length: 24
Content-Type: text/plain
Date: Thu, 07 Dec 2023 05:15:31 GMT
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
Location: https://www.dfonts.org/
Server: nginx
X-CDN-C: all
X-Proxy-Cache: MISS
X-Proxy-Cache-Info: 0301 NC:000000 UP:
X-SG-CDN: 1

GET
H2 200 style.min.css
www.dfonts.org/wp-includes/css/dist/block-library/ 107 KB
19 KB 33ms
31ms Stylesheet
text/css 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-includes/css/dist/block-library/style.min.css?ver=6.4.1
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Thu, 09 Nov 2023 01:21:39 GMT
server: nginx
etag: W/"654c3423-1add3"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 styles.css
www.dfonts.org/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 35ms
33ms Stylesheet
text/css 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8.4
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Thu, 30 Nov 2023 22:41:29 GMT
server: nginx
etag: W/"65690f99-b4e"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 front.css
www.dfonts.org/wp-content/plugins/simple-social-buttons/assets/css/ 96 KB
14 KB 41ms
39ms Stylesheet
text/css 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/plugins/simple-social-buttons/assets/css/front.css?ver=5.1.1
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 767c2f6c69bd4ad04353b55d51d851b3e12bdf31133d7e7d9b90caa828753c15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Fri, 03 Nov 2023 23:29:53 GMT
server: nginx
etag: W/"65458271-180a2"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 css
fonts.googleapis.com/ 1 KB
838 B 82ms
30ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A%2C400%7CPoppins%3A%2C400%7CPoppins%3A%2C400%2C%2C400&subset=latin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Cvietnamese&ver=1.6

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2e120707b7a0de913a32da3e779b975bd342672ca68c9aa373029f38c90cfb56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 05:15:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Dec 2023 05:15:31 GMT

GET
H2 200 bootstrap.css
www.dfonts.org/wp-content/themes/disto/css/ 221 KB
43 KB 49ms
48ms Stylesheet
text/css 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/themes/disto/css/bootstrap.css?ver=1.6
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6c38dc17dbebb7e00014f3ea1025d5bb245baff733b50069eff5403b5dfaeeb8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Mon, 07 Dec 2020 23:36:24 GMT
server: nginx
etag: W/"5fcebc78-373fb"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 style.css
www.dfonts.org/wp-content/themes/disto/ 734 KB
129 KB 67ms
66ms Stylesheet
text/css 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/themes/disto/style.css?ver=1.6
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e9b5304539f129dec18fe03cce94b91635effef970a506cc86a132f8467be2f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Wed, 10 Aug 2022 19:13:35 GMT
server: nginx
etag: W/"62f4035f-b792c"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 responsive.css
www.dfonts.org/wp-content/themes/disto/css/ 94 KB
19 KB 89ms
88ms Stylesheet
text/css 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/themes/disto/css/responsive.css?ver=1.6
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8a2d4ea5b09c3b92ec593adfcf1f461f62a692910f782c0fb341a3ff5b0046c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Fri, 11 Dec 2020 22:53:09 GMT
server: nginx
etag: W/"5fd3f855-176e8"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 frontend-blocks.js Show response
www.dfonts.org/wp-content/plugins/simple-social-buttons/assets/js/ 0
253 B 91ms
90ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/plugins/simple-social-buttons/assets/js/frontend-blocks.js?ver=5.1.1
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Sat, 02 Nov 2024 23:55:54 GMT
last-modified: Fri, 03 Nov 2023 23:29:53 GMT
server: nginx
etag: "65458271-0"
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 0
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 jquery.min.js Show response
www.dfonts.org/wp-includes/js/jquery/ 86 KB
35 KB 92ms
91ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Thu, 09 Nov 2023 01:21:39 GMT
server: nginx
etag: W/"654c3423-15601"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 jquery-migrate.min.js Show response
www.dfonts.org/wp-includes/js/jquery/ 13 KB
5 KB 95ms
94ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Fri, 11 Aug 2023 08:05:09 GMT
server: nginx
etag: W/"64d5ebb5-3509"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 front.js Show response
www.dfonts.org/wp-content/plugins/simple-social-buttons/assets/js/ 7 KB
3 KB 96ms
95ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/plugins/simple-social-buttons/assets/js/front.js?ver=5.1.1
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9f0c785ba1945c5c419f212228f41d0ce8dbc5f0c67ab3340ebb984f4a97751a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Fri, 03 Nov 2023 23:29:53 GMT
server: nginx
etag: W/"65458271-1d60"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 187 KB
68 KB 94ms
38ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-91655558-5

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0790d3a5d577732707e3ad67c5dd7cf11ddb415ebe325e5f0713925bd22c9fe5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69010
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 07 Dec 2023 05:15:31 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
51 KB 123ms
73ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1451196893400375

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d08e4d1316d0e068b251be740c96ab3158e1df4749899ded57def07bc2728c83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dfonts.org/
Origin: https://www.dfonts.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51973
x-xss-protection: 0
server: cafe
etag: 17812011556639128473
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 07 Dec 2023 05:15:31 GMT

GET
H2 200 logo-1.png
www.dfonts.org/wp-content/uploads/2018/12/ 3 KB
3 KB 98ms
98ms Image
image/webp 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfonts.org/wp-content/uploads/2018/12/logo-1.png
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3b19be37f7406b9c3e0256afd4fbbcc57252777a1d8289bf4311ba5b5c59ca03

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Fri, 01 Nov 2024 00:30:00 GMT
last-modified: Tue, 09 Mar 2021 22:16:19 GMT
server: nginx
etag: "6047f3b3-b98"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 2968
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 Paultine-Groovy-Font.webp
www.dfonts.org/wp-content/uploads/2023/12/ 29 KB
29 KB 96ms
95ms Image
image/webp 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfonts.org/wp-content/uploads/2023/12/Paultine-Groovy-Font.webp
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: c4b28091ff95cc788e57d3be9cbf0505f5e4989dc2003a722b5fc8268203f02a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Wed, 04 Dec 2024 14:14:34 GMT
last-modified: Tue, 05 Dec 2023 13:36:36 GMT
server: nginx
etag: "656f2764-74a6"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 29862
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 Kasttelin-Polimeka-Font.webp
www.dfonts.org/wp-content/uploads/2023/12/ 18 KB
19 KB 99ms
99ms Image
image/webp 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfonts.org/wp-content/uploads/2023/12/Kasttelin-Polimeka-Font.webp
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8e529657f179a77b9c630fe09fd235b174be1e048ca186cc91cad33ed907120c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Wed, 04 Dec 2024 19:00:52 GMT
last-modified: Tue, 05 Dec 2023 13:36:23 GMT
server: nginx
etag: "656f2757-49f2"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 18930
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 Blackina-Grimotty-Font.webp
www.dfonts.org/wp-content/uploads/2023/12/ 32 KB
33 KB 25ms
25ms Image
image/webp 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfonts.org/wp-content/uploads/2023/12/Blackina-Grimotty-Font.webp
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 891d1e8b1ca03e007c7565fb0791761184911527a8e1035d457ba0aff0f5eca1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Wed, 04 Dec 2024 14:21:52 GMT
last-modified: Tue, 05 Dec 2023 13:35:45 GMT
server: nginx
etag: "656f2731-81b6"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 33206
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 index.js Show response
www.dfonts.org/wp-content/plugins/contact-form-7/includes/swv/js/ 11 KB
4 KB 26ms
26ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.8.4
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Thu, 30 Nov 2023 22:41:29 GMT
server: nginx
etag: W/"65690f99-2b6d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 index.js Show response
www.dfonts.org/wp-content/plugins/contact-form-7/includes/js/ 13 KB
5 KB 24ms
22ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8.4
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Thu, 30 Nov 2023 22:41:29 GMT
server: nginx
etag: W/"65690f99-337e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 fluidvids.js Show response
www.dfonts.org/wp-content/themes/disto/js/ 1 KB
948 B 25ms
23ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/themes/disto/js/fluidvids.js?ver=1.6
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: d9ce958515e4c42199afa5f6f985d7038047c2ca5821147d68fe3604b138e5aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Mon, 07 Dec 2020 23:36:24 GMT
server: nginx
etag: W/"5fcebc78-484"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 infinitescroll.js Show response
www.dfonts.org/wp-content/themes/disto/js/ 10 KB
4 KB 26ms
24ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/themes/disto/js/infinitescroll.js?ver=1.6
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: aaadde89b0db2f97f270379b4762e025c85a1a4d8a4c9ae2421ab48198cc3ae6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Mon, 07 Dec 2020 23:36:24 GMT
server: nginx
etag: W/"5fcebc78-2971"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 justified.js Show response
www.dfonts.org/wp-content/themes/disto/js/ 37 KB
14 KB 28ms
26ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/themes/disto/js/justified.js?ver=1.6
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 25fdc7a17a7b3884e86c6f6b72b60288025980e5bcfff6b736f077902c1697ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Mon, 07 Dec 2020 23:36:24 GMT
server: nginx
etag: W/"5fcebc78-94e2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 slick.js Show response
www.dfonts.org/wp-content/themes/disto/js/ 42 KB
13 KB 29ms
27ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/themes/disto/js/slick.js?ver=1.6
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2c55dea800c7c131d9f3e3ac8a411abf3ca2b4fa836a7376aba3e99c43a621ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Mon, 07 Dec 2020 23:36:24 GMT
server: nginx
etag: W/"5fcebc78-a77b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 theia-sticky-sidebar.js Show response
www.dfonts.org/wp-content/themes/disto/js/ 5 KB
2 KB 32ms
31ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/themes/disto/js/theia-sticky-sidebar.js?ver=1.5
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: ad386e83074906780dfa1feec2070ff6e11f15c07953ac3d8431300ae0ba175b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Mon, 07 Dec 2020 23:36:24 GMT
server: nginx
etag: W/"5fcebc78-1509"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 aos.js Show response
www.dfonts.org/wp-content/themes/disto/js/ 14 KB
5 KB 33ms
32ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/themes/disto/js/aos.js?ver=1.6
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4460f1596174d06cca957fdaca2c71e1a377cf1d6f07ee4c75ffb3bf3fc97a03

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Mon, 07 Dec 2020 23:36:24 GMT
server: nginx
etag: W/"5fcebc78-37a3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 custom.js Show response
www.dfonts.org/wp-content/themes/disto/js/ 18 KB
4 KB 34ms
33ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/themes/disto/js/custom.js?ver=1.6
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: cba14c6234bc12996d6c69aa8132df7219380e904708f0539025b37533dbd2d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:21:09 GMT
last-modified: Sat, 19 Dec 2020 17:49:32 GMT
server: nginx
etag: W/"5fde3d2c-461f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
BLOB 200
OK 7802d2d1-5634-4b20-b996-f836603202db
https://www.dfonts.org/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.dfonts.org/7802d2d1-5634-4b20-b996-f836603202db
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 200 dfonts.js Show response
cdn4.buysellads.net/pub/ 563 KB
156 KB 232ms
39ms Script
application/javascript 64.227.38.224
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 64.227.38.224 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: srv-eu-ldn-17.buysellads.com
Software: //srv.buysellads.com /
Resource Hash: bb37de03f271464fc1c239df22034bc840954dfefe4d0f5577f5929f4a1949e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:31 GMT
cache-control: public, max-age=3600, stale-while-revalidate
content-encoding: gzip
server: //srv.buysellads.com
etag: 593342c3d27dc8d4dc5f6e18dfada3357b0f5b1f
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
3 KB 66ms
22ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6b05c95654b01ec9f166bd9804f4c71abcae1a42a90f4914922f214160351b81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 07 Dec 2023 05:15:31 GMT
content-md5: gXwmNt5ISon7gO0iskT2dQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1689
reporting-endpoints
x-fb-debug: JuT6z1hng2m89YeDg7h/Bu0Hg/ki74DNOpqzM9XuZy0P6ZBkPGFvC0pilPRWpwuxjcrCZqrxT61lhK/iTChQ2g==
x-fb-content-md5: 16971e04533d797ab53a3fdc858d2bf2
cross-origin-opener-policy: same-origin-allow-popups
etag: "cbef9e4945d604c581e1a747166d1ed1"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Thu, 07 Dec 2023 05:33:16 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 76ms
23ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A%2C400%7CPoppins%3A%2C400%7CPoppins%3A%2C400%2C%2C400&subset=latin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Cvietnamese&ver=1.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.dfonts.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 21:13:02 GMT
x-content-type-options: nosniff
age: 460949
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 21:13:02 GMT

GET
H2 200 fontawesome-webfont.woff2
www.dfonts.org/wp-content/themes/disto/css/fonts/ 65 KB
65 KB 27ms
27ms Font
font/woff2 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-content/themes/disto/css/fonts/fontawesome-webfont.woff2?v=4.5.0
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/wp-content/themes/disto/css/bootstrap.css?ver=1.6
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Request headers

Referer: https://www.dfonts.org/wp-content/themes/disto/css/bootstrap.css?ver=1.6
Origin: https://www.dfonts.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Fri, 01 Nov 2024 00:30:02 GMT
last-modified: Mon, 07 Dec 2020 23:36:24 GMT
server: nginx
etag: "5fcebc78-10440"
content-type: font/woff2
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 66624
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 Anomalie-Backtty-Font.webp
www.dfonts.org/wp-content/uploads/2023/12/ 31 KB
31 KB 31ms
29ms Image
image/webp 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfonts.org/wp-content/uploads/2023/12/Anomalie-Backtty-Font.webp
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 696be02dc60f1f621a22ae9a949076e48dd2ea52392329455714d1c11d75e2ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Wed, 04 Dec 2024 17:52:33 GMT
last-modified: Tue, 05 Dec 2023 13:35:22 GMT
server: nginx
etag: "656f271a-7a3c"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 31292
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 Heyho-Miguelo-Font.webp
www.dfonts.org/wp-content/uploads/2023/12/ 38 KB
38 KB 33ms
32ms Image
image/webp 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfonts.org/wp-content/uploads/2023/12/Heyho-Miguelo-Font.webp
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: a3d0f070d0358fa4b008809b6af48b74936113455ee5f68ee4df8135c2933090

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Wed, 04 Dec 2024 14:14:34 GMT
last-modified: Tue, 05 Dec 2023 13:36:14 GMT
server: nginx
etag: "656f274e-968a"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 38538
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 Sodabery-Font.webp
www.dfonts.org/wp-content/uploads/2023/12/ 36 KB
37 KB 36ms
34ms Image
image/webp 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfonts.org/wp-content/uploads/2023/12/Sodabery-Font.webp
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 81f1ccd0ee62a87a0b5c69783701c4c931701c48b977ee695857962a66ec3834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Wed, 04 Dec 2024 14:03:41 GMT
last-modified: Tue, 05 Dec 2023 13:37:08 GMT
server: nginx
etag: "656f2784-9102"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 37122
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 Buffy-Font.webp
www.dfonts.org/wp-content/uploads/2023/12/ 11 KB
11 KB 38ms
37ms Image
image/webp 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfonts.org/wp-content/uploads/2023/12/Buffy-Font.webp
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e97d38beead97b0809f85589a704ab3549867340d369d396a0bc88f627f74554

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Wed, 04 Dec 2024 14:03:42 GMT
last-modified: Tue, 05 Dec 2023 13:35:50 GMT
server: nginx
etag: "656f2736-2a7c"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 10876
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 Dream-Home-Font.webp
www.dfonts.org/wp-content/uploads/2023/12/ 22 KB
23 KB 41ms
39ms Image
image/webp 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfonts.org/wp-content/uploads/2023/12/Dream-Home-Font.webp
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: b4bd5d9c925221dd7459384eda1f80dacef05d633d934f3086c9a9b5eb2021d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Wed, 04 Dec 2024 13:49:22 GMT
last-modified: Tue, 05 Dec 2023 13:35:57 GMT
server: nginx
etag: "656f273d-59ea"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 23018
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 Exowhie-Font.webp
www.dfonts.org/wp-content/uploads/2023/12/ 22 KB
22 KB 43ms
42ms Image
image/webp 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfonts.org/wp-content/uploads/2023/12/Exowhie-Font.webp
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 94144a7c3eec4bd1837ace267ee3f4027409e43c123627e2769575387584e3ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Wed, 04 Dec 2024 13:47:07 GMT
last-modified: Tue, 05 Dec 2023 13:36:02 GMT
server: nginx
etag: "656f2742-569e"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 22174
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 Mesintik-Font.webp
www.dfonts.org/wp-content/uploads/2023/12/ 39 KB
39 KB 45ms
44ms Image
image/webp 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfonts.org/wp-content/uploads/2023/12/Mesintik-Font.webp
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 23836c52582c1ddeba713c22ebb82a74da9774e9ad5b2a70ef89c01c919b6383

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Wed, 04 Dec 2024 13:47:07 GMT
last-modified: Tue, 05 Dec 2023 13:36:30 GMT
server: nginx
etag: "656f275e-9c0a"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 39946
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 Slaughter-Croshing-Font.webp
www.dfonts.org/wp-content/uploads/2023/12/ 31 KB
31 KB 47ms
46ms Image
image/webp 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfonts.org/wp-content/uploads/2023/12/Slaughter-Croshing-Font.webp
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: eab222df4af1514fcfc742a0eb9e01f5603d5e08f011e7edfc8a4b6711b98b8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Wed, 04 Dec 2024 13:38:54 GMT
last-modified: Tue, 05 Dec 2023 13:37:01 GMT
server: nginx
etag: "656f277d-7a9e"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 31390
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 East-Kind-Font.webp
www.dfonts.org/wp-content/uploads/2023/12/ 31 KB
31 KB 50ms
49ms Image
image/webp 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfonts.org/wp-content/uploads/2023/12/East-Kind-Font.webp
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: a6221fce403db3b29a437d4b7be9ab8864ff6291db49cf2020cdf5b8e8d2c03a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
expires: Wed, 04 Dec 2024 13:40:26 GMT
last-modified: Tue, 05 Dec 2023 13:36:00 GMT
server: nginx
etag: "656f2740-7bf4"
content-type: image/webp
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 31732
x-cdn-c: all
x-sg-cdn: 1

GET
H2 200 wp-emoji-release.min.js Show response
www.dfonts.org/wp-includes/js/ 18 KB
6 KB 30ms
30ms Script
application/javascript 35.190.31.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfonts.org/wp-includes/js/wp-emoji-release.min.js?ver=6.4.1
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.190.31.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.31.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
expires: Tue, 03 Dec 2024 09:27:48 GMT
last-modified: Thu, 30 Mar 2023 20:33:01 GMT
server: nginx
etag: W/"6425f1fd-4904"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-cdn-c: all
x-sg-cdn: 1

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 302 KB
86 KB 48ms
24ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=2cb99ad437e1fc3cc0a16276a987159c

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9cbfbd3add1a547cf0ad66d9b79abac7bae67bb3e535da53c8e1fed16fd579f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.dfonts.org/
Origin: https://www.dfonts.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 07 Dec 2023 05:15:31 GMT
content-md5: fZtN/t5EF3F74e8ZXgZrKw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88320
reporting-endpoints
x-fb-debug: 2WRL7lPokXi5DpQwDzNNODvasSq37Ch2hc+/Xq51FJ73lZmBxKLA8CBiHmMGO/KlLdKE7nqe7QtzmZLxgGWseA==
x-fb-content-md5: 41dc43ea49f5f6eb498638407e6b0748
cross-origin-opener-policy: same-origin-allow-popups
etag: "55db3b6952d79895a33c37f92186a041"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-fb-optimizer: 0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Fri, 06 Dec 2024 04:28:45 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 225 KB
80 KB 38ms
38ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MR52E2DEC2&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91655558-5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a0cccf77c0be9203a74f22b2246442b26686c609215c33cbf548c6467970968a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81297
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 07 Dec 2023 05:15:31 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 72ms
21ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91655558-5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 07 Dec 2023 03:41:49 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5622
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 07 Dec 2023 05:41:49 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/ 398 KB
134 KB 144ms
100ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1451196893400375&plah=www.dfonts.org

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1451196893400375

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e0e7d1f269d674d7e0f04d805a5527cf4e0017a60abd430f0c8b32228dbd483

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137572
x-xss-protection: 0
server: cafe
etag: 6156136078416051933
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 07 Dec 2023 05:15:31 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231205/r20190131/ Frame 803F 9 KB
4 KB 71ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231205/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1451196893400375

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 44210
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Dec 2023 16:58:41 GMT
etag: 5585625838579639069
expires: Wed, 20 Dec 2023 16:58:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 83ms
30ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-MR52E2DEC2&gtm=45je3bt0v9168351824&_p=1701926131409&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=2052933350.1701926132&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1701926131&sct=1&seg=0&dl=https%3A%2F%2Fwww.dfonts.org%2F&dt=Dfonts%20-%20Free%20Fonts%20Download&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=835
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MR52E2DEC2&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:31 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.dfonts.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
144 B 28ms
28ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1912409831&t=pageview&_s=1&dl=https%3A%2F%2Fwww.dfonts.org%2F&ul=en-us&de=UTF-8&dt=Dfonts%20-%20Free%20Fonts%20Download&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1563179432&gjid=1191842007&cid=2052933350.1701926132&tid=UA-91655558-5&_gid=1880796810.1701926132&_r=1&gtm=457e3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=400741584

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.dfonts.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 21ms
21ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1912409831&t=pageview&_s=2&dl=https%3A%2F%2Fwww.dfonts.org%2F&ul=en-us&de=UTF-8&dt=Dfonts%20-%20Free%20Fonts%20Download&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=&gjid=&cid=2052933350.1701926132&tid=UA-91655558-5&_gid=1880796810.1701926132&gtm=457e3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=1228183579

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Dec 2023 06:31:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 81843
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tag Show response
btloader.com/ 61 KB
20 KB 99ms
36ms Script
application/javascript 2606:4700:10::6816:4ad8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5102648370397184&upapi=true
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82bf029005528c74c01bf9c0a6ced2000ca12feaec4f0d32b6e49ca44da2f77a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: gzip
via: 1.1 google
cf-cache-status: HIT
last-modified: Thu, 07 Dec 2023 04:27:18 GMT
server: cloudflare
age: 2845
etag: "48f94ee6f6211f29192bc5ffaab9fb3f"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
accept-ranges: bytes
cf-ray: 831a4a93ed025c62-FRA
content-length: 20549

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 91 KB
30 KB 181ms
92ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9295e23df9dda8bab5064223da0a9f153b07fd0ee6c6fc1ccb1ba0edb023a677

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29927
x-xss-protection: 0
server: cafe
etag: 720 / 19698 / m202311290101 / config-hash: 16835354973066905572
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 07 Dec 2023 05:15:31 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 270 KB
66 KB 106ms
35ms Script
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9969c20b05385e44eef49078bb0fbffd8dd6081b90adf392fbcad9a894fa549a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 04:50:19 GMT
content-encoding: gzip
via: 1.1 00746b020527dcdbeca0dab6f6de299a.cloudfront.net (CloudFront), 1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
last-modified: Tue, 05 Dec 2023 22:47:11 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P6
age: 1513
x-amz-server-side-encryption: AES256
etag: W/"aaba284d2b2910b9a4f56befae1e2e69"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: uvg2HfqLbd-wqRofcXt3H31-Qy3hz9wrttp3Z3Px8xQLoS-nzT1vzg==

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EC07 154 KB
50 KB 597ms
595ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1451196893400375&output=html&adk=1812271804&adf=3025194257&lmt=1701926131&plaf=2%3A2%2C7%3A2&plat=3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.dfonts.org%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701926131577&bpp=4&bdt=301&idt=267&shv=r20231205&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8429816452401&frm=20&pv=2&ga_vid=2052933350.1701926132&ga_sid=1701926132&ga_hid=1912409831&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079826%2C44806141%2C44807763%2C44808149%2C44808284%2C95320230&oid=2&pvsid=1702920697313495&tmod=1510047365&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=286

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1451196893400375&plah=www.dfonts.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27ee242b921f59d78e31c26fccf87878dace33101a167f8fa281b486e57c2097

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 50861
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 05:15:32 GMT
expires: Thu, 07 Dec 2023 05:15:32 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 state Show response
api.btloader.com/mw/ 0
101 B 193ms
134ms Fetch 130.211.23.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/mw/state?bt_env=prod
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5102648370397184&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 07 Dec 2023 05:15:32 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 px.gif
ad-delivery.net/ 43 B
916 B 74ms
26ms Image
image/gif 2606:4700:20::681a:346
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2152600
x-guploader-uploadid: ABPtcPr0oJshypTNXH_1vKknrOY27VhidbU4MohdetUEd300SevNpN4fOnkrwThw50g2BwcfeJ6dJAiREw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BQUVcd3Obkzb6Msp8JZdZIkw1BztOKT494LmPgHKVPuncSGlPNY9CPWMXofjtjI21o3woIdCQCvjTTbKOX%2FIQPXaMjuUFvxr1T9qrkYXiuZPYiJAPBf2sxMNXEbJNPiCZo9PmtsffevAudbPdw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 831a4a94a9019016-FRA
expires: Sun, 12 Nov 2023 07:51:42 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
571 B 88ms
22ms Image
image/x-icon 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 22:01:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26040
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 22:01:31 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
343 B 74ms
27ms Image
image/gif 2606:4700:20::681a:346
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.7359057714586597
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2152600
x-guploader-uploadid: ABPtcPr0oJshypTNXH_1vKknrOY27VhidbU4MohdetUEd300SevNpN4fOnkrwThw50g2BwcfeJ6dJAiREw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n77dXiA%2FhN7UUOJPBxdPOUivRX%2FIhWjLAC5UdjnenxO3eANZST%2Ffz7wldZzR1YAFyxNwTNIv0d%2BXFyCfW20KjbU0pH3MfI7LpSiZB4rPCINKBrqhlv0R8iT5Un7MHLHcXevAJD334LKjyd%2BWkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 831a4a94a9039016-FRA
expires: Sun, 12 Nov 2023 07:51:42 GMT

GET
H2 200 747b8b51-ec47-4dee-9823-b2b73124b71f Show response
config.aps.amazon-adsystem.com/configs/ 537 B
803 B 90ms
21ms Script
application/javascript 99.86.4.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/747b8b51-ec47-4dee-9823-b2b73124b71f
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-39.fra6.r.cloudfront.net
Software: CloudFront /
Resource Hash: bc2d054ef4de79c1f0c982cc6439c6ef7385853321e8d7bb5091a0baf7fd6891

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:08:18 GMT
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA6-C1
age: 434
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 537
x-amz-cf-id: rIL2zX6VJJMBFDNgl0wp0yz2SiTXjNjqhdpYoT7_FHwLFl3Fn-CILA==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 2 KB
2 KB 118ms
118ms XHR
application/json 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.dfonts.org&pubid=747b8b51-ec47-4dee-9823-b2b73124b71f
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 8e84fd9436924a2ecdb5162c25581384a82fca487b3b99f0d4d598a03a939c75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:31 GMT
via: 1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.dfonts.org
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 2198
x-amz-cf-id: FkyQXvbKs3xk9FCmzA9oaVrZeDu9_EFm5ukTaEpvvZtnJj_DVfT2CQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 68ms
23ms XHR
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
date: Wed, 06 Dec 2023 05:52:37 GMT
x-amz-cf-pop: FRA56-P6
age: 84175
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: shxTNcBHkgVZK_TzBn37nO5Jg9geIMxEIYHcPlmVDyYDOvKkgYHWtA==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311290101/ 432 KB
135 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311290101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa40858bc00aa25239b434a313f9b30b4b604715b21395c0f278a3055cd31deb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 17:06:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43733
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138184
x-xss-protection: 0
server: cafe
etag: 495798054771589180
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 05 Dec 2024 17:06:38 GMT

GET
H2 200 CWYI4K3U.json Show response
srv.buysellads.com/ads/ 1 KB
707 B 88ms
29ms Fetch
application/json 161.35.94.134
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://srv.buysellads.com/ads/CWYI4K3U.json?forcebanner=520144&ignoretargeting=yes
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 161.35.94.134 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: srv-eu-nl-17.buysellads.com
Software: //srv.buysellads.com /
Resource Hash: 4b880eb424c63923c43ac898cce2712d9f952f7894bb5b3ea61f37589c72677c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
content-encoding: gzip
server: //srv.buysellads.com
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: *
content-length: 570

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ 483 B
1016 B 92ms
30ms Script
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 05:15:32 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Mon, 27 Nov 2023 07:14:08 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 856844
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U8orshMWgqcRP4SPf1kWu0y5aGQflFY4xZMEk1GiS%2BTdaGtu3jRV0MDEeX4joY3eGzqn4Cq2qw8r368ws3a3Md%2Bg4eDCsVS8vSQf7wyWdWTfu9nQzqxuHJotxVGStBu0320uu10fJfK7kgKw"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 831a4a95cbc13a6e-FRA

POST
H2 200 adreq Show response
ads.servenobid.com/ 92 B
425 B 153ms
50ms XHR
application/json 34.249.137.246
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=6739
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.137.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-137-246.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 530ad95a8887f94dd3890b38205d8edb5de8be21a72c171d05c40198da7d3161

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://www.dfonts.org
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 2 KB
879 B 170ms
56ms XHR
application/json 52.50.121.249
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.dfonts.org%2F&PageUrl=https%3A%2F%2Fwww.dfonts.org%2F&PageReferrer=https%3A%2F%2Fwww.dfonts.org%2F&CanonicalUrl=https%3A%2F%2Fwww.dfonts.org%2F

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.50.121.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-121-249.eu-west-1.compute.amazonaws.com

Software

Resource Hash

3a08ccb47c3e686e5e9ffc20db26e299425a975242225d505288ab69383e2700

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: kong/2.8.4
x-kong-proxy-latency: 0
x-kong-upstream-latency: 11
content-length: 456
pragma: no-cache
access-control-max-age: 3600
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.dfonts.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding
access-control-allow-headers: Accept-Encoding, Content-Type
expires: 0

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
411 B 71ms
22ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://www.dfonts.org
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 19 B
581 B 119ms
42ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
an-x-request-uuid: 3a39d584-4205-4087-8535-74b851a04aa9
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.dfonts.org
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 84.19.175.184; 84.19.175.184; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 19
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
193 B 191ms
96ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=7.54.0&cb=54843297482&lsavail=1

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dfonts.org
date: Thu, 07 Dec 2023 05:15:32 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
113 B 183ms
102ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dfonts.org
date: Thu, 07 Dec 2023 05:15:32 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 arj Show response
buysellads-d.openx.net/w/1.0/ 73 B
369 B 86ms
34ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://buysellads-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.dfonts.org%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=af861743-265e-48ab-ba8c-95528668d26e%2Caf861743-265e-48ab-ba8c-95528668d26e%2C1a9126ae-35ea-4194-80cc-aef25cbd0663%2Cd05163ad-4839-4b75-b320-422299e88911%2Cd05163ad-4839-4b75-b320-422299e88911%2Cd4aebab6-8ba1-42f8-aa84-9c2d2137a82d%2Cd4aebab6-8ba1-42f8-aa84-9c2d2137a82d%2Cd4aebab6-8ba1-42f8-aa84-9c2d2137a82d&nocache=1701926132069&schain=1.0%2C1!buysellads.com%2C16492%2C1%2C%2C%2C!google.com%2Cpub-9961814823930967%2C1%2C%2C%2C&aus=970x90%7C728x90%7C300x250%7C970x90%7C728x90%7C300x600%7C300x250%7C160x600&divids=bsa-zone_1696353404845-1_123456%2Cbsa-zone_1696353404845-1_123456%2Cgpt_unit_%252F22960212090%252C23001386053%252FDfonts_S2S_Interstitial_ROS_0%2Cbsa-zone_1696437007672-5_123456%2Cbsa-zone_1696437007672-5_123456%2Cbsa-zone_1696437332180-4_123456%2Cbsa-zone_1696437332180-4_123456%2Cbsa-zone_1696437332180-4_123456&aucs=%252F22960212090%252C23001386053%252FDfonts_S2S_FixedFooter_ROS%2523bsa-zone_1696353404845-1_123456%2C%252F22960212090%252C23001386053%252FDfonts_S2S_FixedFooter_ROS%2523bsa-zone_1696353404845-1_123456%2C%252F22960212090%252C23001386053%252FDfonts_S2S_Interstitial_ROS%2523bsa-zone_1696436949673-7_123456%2C%252F22960212090%252C23001386053%252FDfonts_S2S_TopLeaderboard_ROS%2523bsa-zone_1696437007672-5_123456%2C%252F22960212090%252C23001386053%252FDfonts_S2S_TopLeaderboard_ROS%2523bsa-zone_1696437007672-5_123456%2C%252F22960212090%252C23001386053%252FDfonts_S2S_Sidebar_ROS%2523bsa-zone_1696437332180-4_123456%2C%252F22960212090%252C23001386053%252FDfonts_S2S_Sidebar_ROS%2523bsa-zone_1696437332180-4_123456%2C%252F22960212090%252C23001386053%252FDfonts_S2S_Sidebar_ROS%2523bsa-zone_1696437332180-4_123456&auid=541023048%2C541001000%2C541001001%2C541023048%2C541001000%2C541001002%2C541001001%2C541001003
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: b15255d1612218e5bc547c6ce77b3390296ed9b451abbb82931d3e0526e4f337

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: application/json
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.dfonts.org
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 424 B
762 B 188ms
90ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=512716&zone_id=3076748&size_id=2&alt_size_ids=1%2C55&rp_schain=1.0,1!buysellads.com,16492,1,,,!google.com,pub-9961814823930967,1,,,&rf=https%3A%2F%2Fwww.dfonts.org%2F&tg_i.domain=dfonts.org&tg_i.page=https%3A%2F%2Fwww.dfonts.org%2F&tg_i.pbadslot=%2F22960212090%2C23001386053%2FDfonts_S2S_FixedFooter_ROS%23bsa-zone_1696353404845-1_123456&tk_flint=pbjs_lite_v7.54.0&x_source.tid=af861743-265e-48ab-ba8c-95528668d26e&l_pb_bid_id=498bb51676e17ea&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=af861743-265e-48ab-ba8c-95528668d26e&rp_maxbids=1&p_gpid=%2F22960212090%2C23001386053%2FDfonts_S2S_FixedFooter_ROS%23bsa-zone_1696353404845-1_123456&slots=1&rand=0.9320504656856672
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 0329648c2245364002928c0e30110f0a4669e099dfdb18cb3ba8711e89d0d616

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.dfonts.org
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 424
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 425 B
763 B 194ms
96ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=512716&zone_id=3076748&size_id=2&alt_size_ids=55&rp_schain=1.0,1!buysellads.com,16492,1,,,!google.com,pub-9961814823930967,1,,,&rf=https%3A%2F%2Fwww.dfonts.org%2F&tg_i.domain=dfonts.org&tg_i.page=https%3A%2F%2Fwww.dfonts.org%2F&tg_i.pbadslot=%2F22960212090%2C23001386053%2FDfonts_S2S_TopLeaderboard_ROS%23bsa-zone_1696437007672-5_123456&tk_flint=pbjs_lite_v7.54.0&x_source.tid=d05163ad-4839-4b75-b320-422299e88911&l_pb_bid_id=50bd985a8220c28&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=d05163ad-4839-4b75-b320-422299e88911&rp_maxbids=1&p_gpid=%2F22960212090%2C23001386053%2FDfonts_S2S_TopLeaderboard_ROS%23bsa-zone_1696437007672-5_123456&slots=1&rand=0.510612711447628
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 3af9ba784e1e962d6fdb8ec57b6c9ac4158048ed2e75adb93d3ebb03cc7cc578

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.dfonts.org
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 425
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 423 B
936 B 184ms
86ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=512716&zone_id=3076748&size_id=15&alt_size_ids=9%2C8%2C10%2C16&rp_schain=1.0,1!buysellads.com,16492,1,,,!google.com,pub-9961814823930967,1,,,&rf=https%3A%2F%2Fwww.dfonts.org%2F&tg_i.domain=dfonts.org&tg_i.page=https%3A%2F%2Fwww.dfonts.org%2F&tg_i.pbadslot=%2F22960212090%2C23001386053%2FDfonts_S2S_Sidebar_ROS%23bsa-zone_1696437332180-4_123456&tk_flint=pbjs_lite_v7.54.0&x_source.tid=d4aebab6-8ba1-42f8-aa84-9c2d2137a82d&l_pb_bid_id=51d03f71cc244c&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=d4aebab6-8ba1-42f8-aa84-9c2d2137a82d&rp_maxbids=1&p_gpid=%2F22960212090%2C23001386053%2FDfonts_S2S_Sidebar_ROS%23bsa-zone_1696437332180-4_123456&slots=1&rand=0.8717513918062949
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: e015f0e9637e5e41ed5f5c2f113ee8d6d55b68ad8242565d84915ab1bbf692ad

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.dfonts.org
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 423
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ 60 B
653 B 102ms
46ms XHR
application/json 2606:4700:4400::6812:22b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

x-version: 3.0.0-gcp-ams
date: Thu, 07 Dec 2023 05:15:32 GMT
x-err: Shapings: no adunits with size and seat and mapping
via: 1.1 google
cf-cache-status: DYNAMIC
content-encoding: gzip
x-warn: Process Floors. 3 inventory rules not found for mediatype: banner and adUnitCode: bsa-zone_1696353404845-1_123456, Process Floors. 8 inventory rules not found for mediatype: banner and adUnitCode: bsa-zone_1696437007672-5_123456, Process Floors. 1 inventory rules not found for mediatype: banner and adUnitCode: bsa-zone_1696437332180-4_123456
pragma: no-cache
server: cloudflare
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.dfonts.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 831a4a95dfe93a3e-FRA
expires: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 0
336 B 162ms
44ms XHR
application/json 185.86.138.16
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:31 GMT
vary: Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.dfonts.org
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-length: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 0
336 B 172ms
48ms XHR
application/json 185.86.138.16
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:31 GMT
vary: Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.dfonts.org
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-length: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 0
336 B 184ms
52ms XHR
application/json 185.86.138.16
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:31 GMT
vary: Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.dfonts.org
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-length: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 0
336 B 187ms
53ms XHR
application/json 185.86.138.16
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:31 GMT
vary: Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.dfonts.org
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-length: 0

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
464 B 130ms
59ms XHR
text/javascript 13.32.119.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.dfonts.org%2F&pid=lyD619OAJ4AJa&cb=0&ws=1600x1200&v=23.1129.2055&t=2500&slots=%5B%7B%22sd%22%3A%22bsa-zone_1696353404845-1_123456%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F22960212090%2C23001386053%2FDfonts_S2S_FixedFooter_ROS%22%7D%2C%7B%22sd%22%3A%22gpt_unit_%2F22960212090%2C23001386053%2FDfonts_S2S_Interstitial_ROS_0%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22960212090%2C23001386053%2FDfonts_S2S_Interstitial_ROS%22%7D%2C%7B%22sd%22%3A%22bsa-zone_1696437007672-5_123456%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F22960212090%2C23001386053%2FDfonts_S2S_TopLeaderboard_ROS%22%7D%2C%7B%22sd%22%3A%22bsa-zone_1696437332180-4_123456%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%2C%22300x600%22%2C%22120x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F22960212090%2C23001386053%2FDfonts_S2S_Sidebar_ROS%22%7D%5D&schain=1.0%2C1!buysellads.com%2C16492%2C1%2C%2C%2C!google.com%2Cpub-9961814823930967%2C1%2C%2C%2C&pubid=747b8b51-ec47-4dee-9823-b2b73124b71f&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.119.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-119-77.fra60.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 1877c1d3c1c0435e896415d580d52c52.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P1
x-amz-rid: 8AR87JYZKATN5K4Q1BMD
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.dfonts.org
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: UXtgwnMrd4qW0QMTzrv7y-dEfeJuVTu1xE9v7zO0KDI6PAIGNzaQsw==

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 54 KB
17 KB 108ms
31ms Script
application/javascript 184.30.211.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.211.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-211-26.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
content-encoding: gzip
last-modified: Mon, 23 Jan 2023 19:40:17 GMT
server: Apache
etag: "d734-5f2f3919e751f-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17407
expires: Thu, 07 Dec 2023 05:30:32 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16576/ 39 KB
12 KB 81ms
25ms Script
text/javascript 65.9.66.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-104.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7713183ba1a38b1ea2be2d5f7d3d49dab7b8d468cf78a603e6517ffbd1f33d59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 01:52:33 GMT
content-encoding: gzip
via: 1.1 3dd91613764eafe7ad199013ce202442.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:42 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 12180
x-amz-server-side-encryption: AES256
etag: W/"6e8b1f94eaf615b7d0953ad4e8d8bb85"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: kChFeBRMeCwMa3voIMbEnRw60lCISzAJ6QxIYQAugzOqdHGepsZv1g==

GET
H2 200 hadron.js Show response
cdn.hadronid.net/ 55 KB
10 KB 91ms
34ms Script
application/javascript 2606:4700:10::6816:34ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.dfonts.org%2F&ref=&_it=amazon&partner_id=617
Requested by: Host: www.dfonts.org
URL: https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:34ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2365cc11ef3d43f265b848c7164e5487c7a49d6af06c2938ac9272c8d91fc1a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
content-encoding: gzip
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 29 Nov 2023 15:31:45 GMT
server: cloudflare
x-amz-request-id: 01C975WVAA3JDKHJ
age: 6131
etag: W/"13043c1bbaf21ccc6e8ed474a744d3f2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
cf-ray: 831a4a95e8f36927-FRA
x-amz-id-2: hxb2Br8vf2uBBniSeqakgjztWKIPtATtD6bN1gV+n3Vg6mNMl2rDRQL+gF8pDyHWIII6UuGjSsI=

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 151 KB
33 KB 88ms
33ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7571db16348512fc55b35102ce3699733cf0882f4b4fb3e652fa8db700c07fb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 28 Nov 2023 11:19:25 GMT
server: cloudflare
x-amz-request-id: EZ1PSDERW218FAFW
age: 3447
etag: W/"53159e4ae3ffbda2ff6c0204350035be"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 831a4a95ef6f4d9c-FRA
x-amz-id-2: oVMb9IMEvqTWZ9GB/BWAm8aRsH+Zcvpp191pIn1JsRaQpy0cXvIAvv0GANwtze044P3BZQDZL2E=

GET
H2 200 country Show response
api.btloader.com/ 16 B
132 B 133ms
132ms Fetch
application/json 130.211.23.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/country
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5102648370397184&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16

GET
H2 204 pv Show response
api.btloader.com/ 0
66 B 134ms
133ms XHR
text/plain 130.211.23.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=ROqrmd4P&w=5166070066839552&o=5102648370397184&cv=2.1.26&widget=false&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fwww.dfonts.org%2F&sid=l1zipFQVh&pm=false&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5102648370397184&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 07 Dec 2023 05:15:32 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ 75 KB
24 KB 80ms
31ms Fetch
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26305a08644b4f51b55812cf0ecf879c22da303a365b3d2769baa1b54c028c4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 05:15:32 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 597118
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Nov 2023 07:14:07 GMT
Server: cloudflare
ETag: W/"6faf3acfde3bb82adada71be4fc1deb0"
Vary: Origin, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZqSd6ejDLaQcbEkVhfHABJsnCxaqTNxOTDMl8abNKQNXv%2BP%2B1I17gyWWmVW4Ua1K1R%2FUHYwOqIDI6zy%2F%2B5B5qTgcvGuTO8oJ1rOQD34nGwrdDVJi%2FGfyK4GcwMfopktCnARjzZ7eo8Erl%2FUj"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: public, max-age=1800
CF-RAY: 831a4a964ff518dc-FRA

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
334 B 146ms
44ms XHR
application/json 52.212.46.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.46.188 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-46-188.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: ec0679a7cc0f9507525446465947769ff397c47edc17542fe15340b4119142b8

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.dfonts.org
cache-control: no-cache
x-server: 10.45.11.43
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 200 hadron.json Show response
id.hadron.ad.gt/v1/ 95 B
287 B 121ms
121ms XHR
application/json 2606:4700:10::ac43:17ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=617&sync=0&domain=www.dfonts.org&url=https://www.dfonts.org/
Requested by: Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.dfonts.org%2F&ref=&_it=amazon&partner_id=617
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00444cf69273dfb4bc5dd06c52e846eeb8744482e77d8d6839d046905b43fa30

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: private,max-age=30
access-control-allow-credentials: true
debug: NON-OPTIONS
access-control-allow-headers: authorization
cf-ray: 831a4a975e2b190f-FRA

OPTIONS
H2 200 hadron.json
id.hadron.ad.gt/v1/ Frame 0
0 187ms
121ms Preflight
application/json 2606:4700:10::ac43:17ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=617&sync=0&domain=www.dfonts.org&url=https://www.dfonts.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.dfonts.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin: *
allow: POST, OPTIONS, GET
cache-control: max-age=31536000 public, no-transform
cf-cache-status: DYNAMIC
cf-ray: 831a4a969dac190f-FRA
content-length: 0
content-type: application/json
date: Thu, 07 Dec 2023 05:15:32 GMT
debug: OPTIONS block
expires: Fri, 06 Dec 2024 05:15:32 GMT
server: cloudflare

GET
H2 200 %7B%22_tl%22%3A%22aps-tag%22%2C%22_type%22%3A%22apsLibraryError%22%2C%22src%22%3A%22kraken%22%2C%22pubid%22%3A%22747b8b51-ec47-4dee-9823-b2b73124b71f%22%2C%22ts%22%3A1701926132214%2C%22url%22%3A%22... Show response
aax.amazon-adsystem.com/x/px/p/PH/ 43 B
418 B 96ms
53ms Fetch
image/gif 13.32.119.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/x/px/p/PH/%7B%22_tl%22%3A%22aps-tag%22%2C%22_type%22%3A%22apsLibraryError%22%2C%22src%22%3A%22kraken%22%2C%22pubid%22%3A%22747b8b51-ec47-4dee-9823-b2b73124b71f%22%2C%22ts%22%3A1701926132214%2C%22url%22%3A%22https%253A%252F%252Fwww.dfonts.org%252F%22%2C%22r%22%3A%22%22%2C%22e%22%3A%7B%22et%22%3A%22Error%22%2C%22el%22%3A%22RegulatedDataContainer-regulatedMethod%22%2C%22msg%22%3A%22Not%20allowed%20to%20store%20or%20access%20information%20on%20device%3A%20Invalid%20tcString%3A%20undefined%22%7D%2C%22lv%22%3A%2223.1129.2055%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.119.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-119-77.fra60.r.cloudfront.net

Software

Server /

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P1
x-amz-rid: C8DM4K838F9QQCN7MPWF
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: no-cache
content-length: 43
x-amz-cf-id: 0wyTG-PRYZFECSVkjgEmZ82dK13QCdWjLhw6VJFXhuPnj9NnRa3x4w==

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 235 KB
80 KB 1337ms
1337ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1702920697313495&correlator=3765200039032415&output=ldjh&gdfp_req=1&vrg=202311290101&ptt=17&impl=fifs&iu_parts=22960212090%3A23001386053%2CDfonts_S2S_FixedFooter_ROS%2CDfonts_S2S_Interstitial_ROS%2CDfonts_S2S_TopLeaderboard_ROS%2CDfonts_S2S_Sidebar_ROS&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x90%7C980x90%7C990x90%7C468x60%2C1x1%2C320x50%7C728x90%7C970x90%7C690x90%7C675x90%7C670x90%7C650x90%7C630x90%7C600x90%7C580x90%7C570x90%2C300x250%7C336x280%7C300x600%7C240x600%7C120x600%7C160x600&fluid=0%2C0%2Cheight%2C0&ifi=2&didk=2908785154~1196602526~3766757491~449350795&sfv=1-0-40&ists=4&fas=0%2C8%2C0%2C0&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701926132274&lmt=1701926132&adxs=-12245933%2C-9%2C436%2C-12245933&adys=-12245933%2C-9%2C0%2C-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C-1%7C0%7C-1&ucis=1%7C2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.dfonts.org%2F&vis=1&psz=1600x-1%7C0x-1%7C1600x2260%7C354x0&msz=0x-1%7C0x-1%7C1600x90%7C0x0&fws=644%2C2%2C4%2C132&ohw=1600%2C0%2C1600%2C1600&ga_vid=2052933350.1701926132&ga_sid=1701926132&ga_hid=1912409831&ga_fc=true&cbidsp=CoYDCAESEwoFbm9iaWQQnAEgAlIFbm9iaWQSGwoJYWR5b3VsaWtlEK4BIAJSCWFkeW91bGlrZRIbCglhZHlvdWxpa2UQrgEgAlIJYWR5b3VsaWtlEhQKBm9uZXRhZxBKIAJSBm9uZXRhZxIYCghhcHBuZXh1cxB9IAJSCGFwcG5leHVzEhUKBmNyaXRlbxDBASACUgZjcml0ZW8SGQoIcHVibWF0aWMQugEgAlIIcHVibWF0aWMSGQoIcHVibWF0aWMQugEgAlIIcHVibWF0aWMSEgoFb3BlbngQXiACUgVvcGVueBISCgVvcGVueBBeIAJSBW9wZW54EhcKB3J1Ymljb24QxQEgAlIHcnViaWNvbhIUCgZhZGFnaW8QaSACUgZhZGFnaW8SIwoNc21hcnRhZHNlcnZlchC8ASACUg1zbWFydGFkc2VydmVyGAIiJGFmODYxNzQzLTI2NWUtNDhhYi1iYThjLTk1NTI4NjY4ZDI2ZSoECAMgADIHdjcuNTQuMEDEE0oA~CtwBCAESGwoJYWR5b3VsaWtlEK4BIAJSCWFkeW91bGlrZRIUCgZvbmV0YWcQSiACUgZvbmV0YWcSFQoGY3JpdGVvEMEBIAJSBmNyaXRlbxIZCghwdWJtYXRpYxC6ASACUghwdWJtYXRpYxISCgVvcGVueBBeIAJSBW9wZW54EiMKDXNtYXJ0YWRzZXJ2ZXIQvAEgAlINc21hcnRhZHNlcnZlchgCIiQxYTkxMjZhZS0zNWVhLTQxOTQtODBjYy1hZWYyNWNiZDA2NjMqBAgDIAAyB3Y3LjU0LjBAxBNKAA..~CoYDCAESEwoFbm9iaWQQnAEgAlIFbm9iaWQSGwoJYWR5b3VsaWtlEK4BIAJSCWFkeW91bGlrZRIbCglhZHlvdWxpa2UQrgEgAlIJYWR5b3VsaWtlEhQKBm9uZXRhZxBKIAJSBm9uZXRhZxIYCghhcHBuZXh1cxB9IAJSCGFwcG5leHVzEhUKBmNyaXRlbxDBASACUgZjcml0ZW8SGQoIcHVibWF0aWMQugEgAlIIcHVibWF0aWMSGQoIcHVibWF0aWMQugEgAlIIcHVibWF0aWMSEgoFb3BlbngQXiACUgVvcGVueBISCgVvcGVueBBeIAJSBW9wZW54EhcKB3J1Ymljb24QxQEgAlIHcnViaWNvbhIUCgZhZGFnaW8QaSACUgZhZGFnaW8SIwoNc21hcnRhZHNlcnZlchC8ASACUg1zbWFydGFkc2VydmVyGAIiJGQwNTE2M2FkLTQ4MzktNGI3NS1iMzIwLTQyMjI5OWU4ODkxMSoECAMgADIHdjcuNTQuMEDEE0oA~CooECAESEwoFbm9iaWQQnAEgAlIFbm9iaWQSGwoJYWR5b3VsaWtlEK4BIAJSCWFkeW91bGlrZRIbCglhZHlvdWxpa2UQrgEgAlIJYWR5b3VsaWtlEhsKCWFkeW91bGlrZRCuASACUglhZHlvdWxpa2USGwoJYWR5b3VsaWtlEK4BIAJSCWFkeW91bGlrZRIUCgZvbmV0YWcQSiACUgZvbmV0YWcSGAoIYXBwbmV4dXMQfSACUghhcHBuZXh1cxIVCgZjcml0ZW8QwQEgAlIGY3JpdGVvEhkKCHB1Ym1hdGljELoBIAJSCHB1Ym1hdGljEhkKCHB1Ym1hdGljELoBIAJSCHB1Ym1hdGljEhkKCHB1Ym1hdGljELoBIAJSCHB1Ym1hdGljEhkKCHB1Ym1hdGljELoBIAJSCHB1Ym1hdGljEhIKBW9wZW54EF4gAlIFb3BlbngSEgoFb3BlbngQXiACUgVvcGVueBISCgVvcGVueBBeIAJSBW9wZW54EhcKB3J1Ymljb24QxQEgAlIHcnViaWNvbhIUCgZhZGFnaW8QaSACUgZhZGFnaW8SIwoNc21hcnRhZHNlcnZlchC8ASACUg1zbWFydGFkc2VydmVyGAIiJGQ0YWViYWI2LThiYTEtNDJmOC1hYTg0LTljMmQyMTM3YTgyZCoECAMgADIHdjcuNTQuMEDEE0oA&dlt=1701926131276&idt=760&prev_scp=optimize_ad_unit_id%3Dbsa-zone_1696353404845-1_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%7Coptimize_ad_unit_id%3Dbsa-zone_1696436949673-7_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%7Coptimize_ad_unit_id%3Dbsa-zone_1696437007672-5_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%7Coptimize_ad_unit_id%3Dbsa-zone_1696437332180-4_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0&cust_params=optimize_refreshed%3Dfalse%26optimize_acceptable%3Dfalse%26optimize_adl_debug%3Dfalse%26optimize_ctv_debug%3Dfalse%26optimize_debug%3Dfalse%26optimize%3Dtrue%26optimize_adl_id%3D%26optimize_amp%3Dfalse%26optimize_audience%3Ddesign%26optimize_env%3Dprod%26optimize_pub%3Ddfonts%26optimize_xp%3Da&adks=2627363035%2C2096678803%2C843180816%2C309211424&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311290101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

42f2caf8c104f0aee5ca5cbc540c14ba7f90e5ca4e548c379e71389520a25702

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:33 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 82194
x-xss-protection: 0
google-lineitem-id: -1,-2,-1,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-2,-1,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.dfonts.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6BAD 6 KB
3 KB 121ms
29ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311290101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 05:15:32 GMT
expires: Fri, 06 Dec 2024 05:15:32 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311290101/ 39 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311290101/pubads_impl_page_level_ads.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311290101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b868a280d96941aab08a3afb8cb249906160ca8536f41df961058a9e292bb81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 13:06:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58118
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13838
x-xss-protection: 0
server: cafe
etag: 11308270236509144836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 05 Dec 2024 13:06:54 GMT

GET
H2 200 617 Show response
a.ad.gt/api/v1/u/matches/ 12 KB
4 KB 101ms
32ms Script
application/javascript 2606:4700:10::6816:445
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.ad.gt/api/v1/u/matches/617?_it=amazon
Requested by: Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.dfonts.org%2F&ref=&_it=amazon&partner_id=617
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 151ddda4bb0ed3cbce7d7cba31702611b63346736aa16d2773700a1ee4b43e46

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 07 Dec 2023 05:14:37 GMT
server: cloudflare
age: 55
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cross-origin-resource-policy: cross-origin
cf-ray: 831a4a9888d39a24-FRA

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/ 160 KB
55 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1096c9eb664cf3e06bdde846fbcb8c17529dad9f8ce274814c87b08a59b0dfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55947
x-xss-protection: 0
server: cafe
etag: 2148063820295853724
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Dec 2023 05:15:32 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/ Frame B9A5 9 KB
4 KB 21ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 30418
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Dec 2023 20:48:34 GMT
etag: 5585625838579639069
expires: Wed, 20 Dec 2023 20:48:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame DD5C 624 B
246 B 63ms
63ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYiIzo4gEwAQ&v=APEucNW5gzHG0znpOazt-FrFb10LpALWrgYrfEbYUWW6N5xebuk0lulYdKM3doq2lN6C_RPZqsgpZskIv1FKz0vIY6CHL-Clj1x9qgj9fhr75E0avk7IbaLi5EvXwU281_fAczGbvDgXiyj1-1ZaYR2Bd1qfXuPh_8G2KD1Fa0W6XWMoz0VXIl8

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 05:15:32 GMT
expires: Thu, 07 Dec 2023 05:15:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame D1FE 172 KB
61 KB 90ms
21ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:32:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34961
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 19:32:51 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/ Frame D1FE 7 KB
3 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 15:43:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48742
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Dec 2023 15:43:10 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/ Frame D1FE 24 KB
9 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/abg_lite_fy2021.js

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 15:43:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48751
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Dec 2023 15:43:01 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame D1FE 41 KB
14 KB 76ms
26ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 472224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 18:05:08 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame D1FE 3 KB
1 KB 75ms
24ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48870
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Dec 2023 15:41:02 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame D1FE 20 KB
9 KB 71ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48870
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Dec 2023 15:41:02 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame D1FE 202 KB
64 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 05:15:32 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D1FE 42 B
63 B 56ms
55ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CpynWG6bwa0A-ghDLhzmF6JRKYvXOy3E4eBaoyQYIgPnali4kbAlwJK6CyhF_FRfJ0WsHsYDvfxoFh0SuY7cC940G1OQitwYVagc-bgD73R8tHJo8

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame DD5C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1

43 B
337 B

34ms
34ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYiIzo4gEwAQ&v=APEucNW5gzHG0znpOazt-FrFb10LpALWrgYrfEbYUWW6N5xebuk0lulYdKM3doq2lN6C_RPZqsgpZskIv1FKz0vIY6CHL-Clj1x9qgj9fhr75E0avk7IbaLi5EvXwU281_fAczGbvDgXiyj1-1ZaYR2Bd1qfXuPh_8G2KD1Fa0W6XWMoz0VXIl8
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rpHQvhpfcupg3BEaGHHHA9zk8BfmpLFo4RUIpUIBe1OKWncOuOc%2F6jGklej%2BWtgydRdCkS1MlimWn3E01BFtC%2F1NXYUyNPwMSWxD5Cviw1zdCPyakUehh0W7ptfpfyRqokaJs%2F9ylwmjnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 831a4a9a4bbfbb9b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame DD5C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXFU9IWEN-nu.p2i-Wpp8AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1&google_hm=2

43 B
768 B

36ms
36ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYiIzo4gEwAQ&v=APEucNW5gzHG0znpOazt-FrFb10LpALWrgYrfEbYUWW6N5xebuk0lulYdKM3doq2lN6C_RPZqsgpZskIv1FKz0vIY6CHL-Clj1x9qgj9fhr75E0avk7IbaLi5EvXwU281_fAczGbvDgXiyj1-1ZaYR2Bd1qfXuPh_8G2KD1Fa0W6XWMoz0VXIl8
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MiNLVGkrINq07zfQ%2Fqla%2Fa9cBfvgO7s73cJ9t3DtSQoMgFVNvCMpxMaVvVd5uSATn%2BSNpmKko4BKosVisnGzoOsfu2HMxLq0n88XwWdXDeqK4EEPpVpbl8tSFh5HyTYtZWQKDRXYjDcYGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 831a4a9ac8fc1bcf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame DD5C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEG1AP01Oc5SfiE7GaRIZxtE&google_cver=1

43 B
843 B

35ms
35ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEG1AP01Oc5SfiE7GaRIZxtE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYiIzo4gEwAQ&v=APEucNW5gzHG0znpOazt-FrFb10LpALWrgYrfEbYUWW6N5xebuk0lulYdKM3doq2lN6C_RPZqsgpZskIv1FKz0vIY6CHL-Clj1x9qgj9fhr75E0avk7IbaLi5EvXwU281_fAczGbvDgXiyj1-1ZaYR2Bd1qfXuPh_8G2KD1Fa0W6XWMoz0VXIl8

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
an-x-request-uuid: fbed7373-8063-483d-b5f8-16c6541e5822
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.184; 84.19.175.184; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEG1AP01Oc5SfiE7GaRIZxtE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DD5C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzczNzgwNjI5MjM2MTM4NzcyNA%3D%3D

170 B
243 B

33ms
33ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzczNzgwNjI5MjM2MTM4NzcyNA%3D%3D

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
an-x-request-uuid: 7633f046-40db-4084-82c4-37e484a4b64a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzczNzgwNjI5MjM2MTM4NzcyNA%3D%3D
x-proxy-origin: 84.19.175.184; 84.19.175.184; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame D1FE 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a2bda53bddeaff8b64f19715985ec9a5c532daf4d270412932be9352fee8fa24

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 51A0 38 KB
13 KB 22ms
21ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 158647
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 09:11:25 GMT
expires: Wed, 04 Dec 2024 09:11:25 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15415463092317913147/ Frame 5311 1 KB
767 B 79ms
31ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51c012cf2461bf8b29f345373366183c7fd121579b6178e942be0b61d8c7da14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 739
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 05:15:32 GMT
expires: Fri, 06 Dec 2024 05:15:32 GMT
last-modified: Thu, 27 Apr 2023 13:50:29 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame D1FE 0
0 68ms
67ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsthMkMHc4Waom4Jej9nXWg0flrsVrffa_CNnWf2h91MXpH1GRfUeu5azEfJ3fjayHO76aUhmCdY-N81L3kb9ehzZ8UZTQZ266gZVhb7oSLgzT1LFWuwbJdONBLhMpXu8F5VMKd0rEFwvsJOvC-rvTetvQprYSAXNs8WTDMjQWeyruLzlu_yn9y1nkIPHNbD53oxPL5AHrPNoDntb7UyOry6rD7TKL_K34n_hrOcoYTMwtQ_VVnueHFIxCKQJFbwfZGfuNZoWGbHmAMtw8UnGrJtoFRSOAMeMHyI5rLM8FpXB-0Rnwgp-cK6ofZq737tMMWiULKPLKOO_x5qoJfE5QjjpslkQC2_io4TZ9X3nnY9ozEJqoB5ExPCMuQ1-4tzRsEeBU-gQ23xmuOX7FKF7h3S72_TF21YnJXpJqqlLueHc8Gpeus0X_s6IZeRBGji0SkeLj31_zgHviQxjuB6qv3RM5D-c2eV4leSmjrd50rxvuQteBpXwQa0E_YIkwiKleSxnBeMJ-TV200sDs3Df55EhoOmTIVHRS4OtrS2hUglJazDyIdg_7EDCq396FnYxa6Nk5wY6N-9NfMTeG1hCNkXCXw_MpA0uA2jZTfAiPjtfwDHr9OCT8GRaDzN0LgCC11L6V8uw4kiWZe6KuVUYNtRYeuuSy7WIHWInQZJC2PiJ8UMzUHtSvIGUqguRY4EVet2RGragzrYZQqI9iDVgerE8RBWGbYCHLdgSvY9vtG7qiC287sA5BRvdRYxTFfyK3IOLiT4g0EplhpF2m67Ojmi_fjB6MmQIraKfeu_OE8m2PeCBq5dqb1cWfaeU6DTrY5yXOxLvdSdGlYWcP_QLcFgDmdg1WDLRhNnei9bm6Ejx0c1P9oH9kvX7moV-AyUqS-I08UoP-zg5Z9QvrufW5tGq4jDlOpItjs43ySzXsPTS9vDTphRHshHvcZGHJhhQvPIR1EVMYxMSUxqG5gtFA65ZEaWJktXOUJezLV_nk5QfeqvWQzPlTzd6jIIwnuqiKkJypTjRuRhFj47Tfil5RJ4Roo0Tjv0DIUCHD1vBYvMMhO5z6R1xl6wYXiFLplKolb13A54UOAXrvne6XfM5B49MX8ifKyhVA4aBE25DS0LN-J5OAEDasA1eSeFgyfd-8Qkp-SN3ub-AOR24BqoxHu1ndJFEtqhj3jDmv03bdFhz9DFXWHeLp9mtFhI5IWE3CbF0mO-kW6Ze2uPh3DeeCjtrCuhSlZPc8zu19ODK50bZeMo1dsFCN8cac1hyNlJ8OQ8Kz52_KyzynDzfgO_dBpC3SShQgXbF2vbTc_CfqtGa8nkiuEr2SK6saVd_t_KK3B8ZQ693Bm-QUFG-1ABhnanMmGeePtuiB2KLL-ThMVExvZCSEUgHGW9D75YFqMWkR1lGbhksj8o-mJpB992oSbpG1wHecZ0rCx-Pfb-fb9h&sai=AMfl-YRxSUCkWrqgMBzN-PEh4LVPZpPj1kkLkJ2d16h0-2pGYc9OD_YtDOZnJF8XALZCSQm0D4DwAXSriuBI4JcdlNqWS9_EsH73iaSrva_ik_myTZsY-9-1_i2qeyWFZGVJ4KlCO0wLj-DtwUiU5z5NB2-xvy0nRkW_dqiFxk9nXYxZzomwKfjNCqSnfiG1IBUXCj788v_Hz529gw9DwuXBfm9QS6WCnLPVzPfFMiLJEm1JuYvLMFkmqhSBbVrbaTp8K037adBf5i3gNcMF5BUC_XVzu1y698Q-XKBd6txPht6TmYmV5U3yqCSHTLqFJvvt7s4CmYFSHdenGogfEOofvp0d7CNpmocPVUNSzSLKi5khbc4_XO6fmaBPb9YcY4msu5UJPeJHKgCmqbFgO_optQXaJtno-HtGei3mVozhutS0Qw1g_wX_0azMmLN2zl52RJOzJJ9lhghJoFQmfdnj6sHdB-KLAeDjcWu1mDffyVFF6FH7KL1YO4uYDcf0qMhYIKMvdms&sig=Cg0ArKJSzKA60PRHZaaeEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9sdWZ0aGFuc2EuY29tLGh0dHBzOi8vZXhhY3RhZy5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=136&cbvp=1&cstd=131&cisv=r20231205.48561&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 07 Dec 2023 05:15:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame D1FE 60 B
60 B 129ms
36ms Image
image/gif 213.202.235.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26915561&extCr=180481255&extPm=361198346&gdpr_consent=&gdpr=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.10 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 05:15:32 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Do, 07 Dez 2023 05:15:32 GMT
X-ET-Code: 0
Content-Type: image/gif
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-ET-Camp: 1119
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 51A0 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 22:29:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24390
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Dec 2024 22:29:02 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 5311 113 KB
38 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 05:15:32 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 5311 118 KB
40 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 04:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3779
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Dec 2023 04:12:33 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 51A0 0
20 B 58ms
57ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BIi_Y81RxZcK3N9Cmx_APhKy3qA4AAAAAOAHgBAI&bg=!KyilKGfNAAY3kmNgF5I7ADQBe5WfOMG5xPgxSQwJWKO5lOmbexWIHhcKpNFKf_c7LyRDeJbLTpm5ftzX3_jjS4mZmKO0AgAAADNSAAAAAmgBB5kDETH-WWJnNKGgbynY7yzk19IsYIGEdTX4PjpSRaF2JnBZ4hzZD-N1tQdVf-VKPvfAxqmvrveTB9a7f2mRZn-suXBlCAQDj4zaOMw4ToHjnWHcZQES-dbZ1sXeAZ8E_G141DetpY6FGKox8My_vD7v9EDqHhkOhL4fu-U9A9DatFKjFa2U-tqrXQKky5LAlQw9TB8Z6EKjZe1XjOwMK3Uz5aCSISbl_FD31vURMuVwqiHehj-8z5zlOtc3UG39xbQAv9ajTnoJmfk6v3umB08W40IH91Et-FIQtZqyt6yyJ9mMPtKVGsNMRty1w4gJrYZf5SXZB1Z_10UKPU4cd-VjlTrbc-ktsWLN6bll9n_bsJFOXvydhe0GB6tpCS8145YEWZjLMyzWpeZDLXuN13yQYVxlqWZv900Bl9QWLc7K5hGC_lgQ3DH3vvRdezqjzysBdbbmk3uK6ixncIRY8ybNLRfABc-LUC4gb5zVR7DF8hsFSXVJFdBn-jiI28yvFTZxZkoVmzCXd-MePAAbtjHJb01O43YysBqDUlmBgSHct_zi7lzFCoi0ZCCCfS2WvDIhoSXY5c5n-37mVwp0YkUROb_BxhKtKbLTIXgViCWQwdmZVsN74djWd52nHB8dLjngdKsw31ITefEhH9cgASojr25RPrSLLCyRSzQAgJXJcamXTnHhpkqGIWCLclUIzsg7Ev0GtbPLi3VnT8h3Zx3TuZScYG0Z_V3jpE971H_sVs4ddB_OelQdmPuTcQUgP-QOb3omKWhM0j6LGEyFMtRh5mJ-BWSM4xujDt15-CpgxvIgjPq1yiBkCVgluwKZaMSqBdSeFeRnEE3nkkJtp3sA-aStuSaXlDYhcEYILgAR5FVMRUaG7ahtVX4B6yDT--v0k8m1XRe3t0ggNHtwlqwupz1FXHqmz-mbIdWa1voMR3neZz5pU8f0qVdAEcF4wzhwub-zI9_Qj4LYXPX_dHlPqOK0Xy7gYA9B3ITiUrRPuEFL8i2z966FALqGnPolfrURN0QkBZSuaudQLdzI2fZVfGb-

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231205/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame D1FE 0
0 59ms
59ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsthMkMHc4Waom4Jej9nXWg0flrsVrffa_CNnWf2h91MXpH1GRfUeu5azEfJ3fjayHO76aUhmCdY-N81L3kb9ehzZ8UZTQZ266gZVhb7oSLgzT1LFWuwbJdONBLhMpXu8F5VMKd0rEFwvsJOvC-rvTetvQprYSAXNs8WTDMjQWeyruLzlu_yn9y1nkIPHNbD53oxPL5AHrPNoDntb7UyOry6rD7TKL_K34n_hrOcoYTMwtQ_VVnueHFIxCKQJFbwfZGfuNZoWGbHmAMtw8UnGrJtoFRSOAMeMHyI5rLM8FpXB-0Rnwgp-cK6ofZq737tMMWiULKPLKOO_x5qoJfE5QjjpslkQC2_io4TZ9X3nnY9ozEJqoB5ExPCMuQ1-4tzRsEeBU-gQ23xmuOX7FKF7h3S72_TF21YnJXpJqqlLueHc8Gpeus0X_s6IZeRBGji0SkeLj31_zgHviQxjuB6qv3RM5D-c2eV4leSmjrd50rxvuQteBpXwQa0E_YIkwiKleSxnBeMJ-TV200sDs3Df55EhoOmTIVHRS4OtrS2hUglJazDyIdg_7EDCq396FnYxa6Nk5wY6N-9NfMTeG1hCNkXCXw_MpA0uA2jZTfAiPjtfwDHr9OCT8GRaDzN0LgCC11L6V8uw4kiWZe6KuVUYNtRYeuuSy7WIHWInQZJC2PiJ8UMzUHtSvIGUqguRY4EVet2RGragzrYZQqI9iDVgerE8RBWGbYCHLdgSvY9vtG7qiC287sA5BRvdRYxTFfyK3IOLiT4g0EplhpF2m67Ojmi_fjB6MmQIraKfeu_OE8m2PeCBq5dqb1cWfaeU6DTrY5yXOxLvdSdGlYWcP_QLcFgDmdg1WDLRhNnei9bm6Ejx0c1P9oH9kvX7moV-AyUqS-I08UoP-zg5Z9QvrufW5tGq4jDlOpItjs43ySzXsPTS9vDTphRHshHvcZGHJhhQvPIR1EVMYxMSUxqG5gtFA65ZEaWJktXOUJezLV_nk5QfeqvWQzPlTzd6jIIwnuqiKkJypTjRuRhFj47Tfil5RJ4Roo0Tjv0DIUCHD1vBYvMMhO5z6R1xl6wYXiFLplKolb13A54UOAXrvne6XfM5B49MX8ifKyhVA4aBE25DS0LN-J5OAEDasA1eSeFgyfd-8Qkp-SN3ub-AOR24BqoxHu1ndJFEtqhj3jDmv03bdFhz9DFXWHeLp9mtFhI5IWE3CbF0mO-kW6Ze2uPh3DeeCjtrCuhSlZPc8zu19ODK50bZeMo1dsFCN8cac1hyNlJ8OQ8Kz52_KyzynDzfgO_dBpC3SShQgXbF2vbTc_CfqtGa8nkiuEr2SK6saVd_t_KK3B8ZQ693Bm-QUFG-1ABhnanMmGeePtuiB2KLL-ThMVExvZCSEUgHGW9D75YFqMWkR1lGbhksj8o-mJpB992oSbpG1wHecZ0rCx-Pfb-fb9h&sai=AMfl-YRxSUCkWrqgMBzN-PEh4LVPZpPj1kkLkJ2d16h0-2pGYc9OD_YtDOZnJF8XALZCSQm0D4DwAXSriuBI4JcdlNqWS9_EsH73iaSrva_ik_myTZsY-9-1_i2qeyWFZGVJ4KlCO0wLj-DtwUiU5z5NB2-xvy0nRkW_dqiFxk9nXYxZzomwKfjNCqSnfiG1IBUXCj788v_Hz529gw9DwuXBfm9QS6WCnLPVzPfFMiLJEm1JuYvLMFkmqhSBbVrbaTp8K037adBf5i3gNcMF5BUC_XVzu1y698Q-XKBd6txPht6TmYmV5U3yqCSHTLqFJvvt7s4CmYFSHdenGogfEOofvp0d7CNpmocPVUNSzSLKi5khbc4_XO6fmaBPb9YcY4msu5UJPeJHKgCmqbFgO_optQXaJtno-HtGei3mVozhutS0Qw1g_wX_0azMmLN2zl52RJOzJJ9lhghJoFQmfdnj6sHdB-KLAeDjcWu1mDffyVFF6FH7KL1YO4uYDcf0qMhYIKMvdms&sig=Cg0ArKJSzKA60PRHZaaeEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9sdWZ0aGFuc2EuY29tLGh0dHBzOi8vZXhhY3RhZy5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=288&vt=11&dtpt=152&dett=3&cstd=131&cisv=r20231205.48561&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 71ms
71ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231205&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04bcd80d42f1c5e79821d81242a438dadf9611ecfd4e3398ada706257b0d7f3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12275
x-xss-protection: 0

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 5311 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:07:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 509
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1100
x-xss-protection: 0
last-modified: Fri, 05 May 2023 10:07:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 05:22:04 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5311 8 KB
6 KB 63ms
63ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5612d874ef0bbd2c4b465828a024e27a600edd583dda8f29d3a079ed2cb27650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5947
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 05:15:33 GMT

GET
H3 200 728x90_de-de_performance.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 5311 80 KB
19 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e22e6a4c1770831466a702ad01381d6e8ad3facca6587e0f70bd4fe77679b00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19260
x-xss-protection: 0
last-modified: Wed, 15 Nov 2023 13:32:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 05:30:20 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A874 13 KB
5 KB 22ms
21ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 24392
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Dec 2023 22:29:01 GMT
expires: Thu, 05 Dec 2024 22:29:01 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 76ED 829 B
1 KB 83ms
31ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a17666882d5064d542b5b1a1c4f507680b4ee3007a50020535d660910396e85a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-K3CUJpc4WNW0MfaT-y_quw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-K3CUJpc4WNW0MfaT-y_quw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 05:15:33 GMT
expires: Thu, 07 Dec 2023 05:15:33 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 5311 6 KB
2 KB 23ms
23ms Fetch
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/star_alliance.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:08:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 444
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2334
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 11:06:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 05:23:09 GMT

GET
H3 200 lh_logotype_single.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 5311 5 KB
2 KB 25ms
24ms Fetch
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_logotype_single.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:10:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2151
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 05:25:59 GMT

GET
H3 200 lh_crane.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 5311 2 KB
1 KB 26ms
25ms Fetch
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_crane.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:12:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 183
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1311
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 05:27:30 GMT

GET
H3 200 NH_D_EU_Coffee-European_728x90.jpg
s0.2mdn.net/creatives/assets/4703548/ Frame 5311 60 KB
60 KB 27ms
26ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4703548/NH_D_EU_Coffee-European_728x90.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

662ac6e22305dd4d0878fe53e642a36e1b6aa6ad02d4fb34d72e50fdf61f2742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:10:11 GMT
x-content-type-options: nosniff
age: 322
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61775
x-xss-protection: 0
last-modified: Tue, 08 Nov 2022 08:51:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 05:25:11 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5311 17 KB
6 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 05:15:33 GMT

GET
H3 200 LufthansaHeadWeb-Bold.woff2
s0.2mdn.net/creatives/assets/4714589/ Frame 5311 50 KB
50 KB 27ms
27ms Font
font/woff2 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4714589/LufthansaHeadWeb-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Gg7FypHLIx&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:14:18 GMT
x-content-type-options: nosniff
age: 75
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51548
x-xss-protection: 0
last-modified: Fri, 18 Nov 2022 11:46:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 05:29:18 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame A874 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 22:29:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24391
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Dec 2024 22:29:02 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 27C1 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 22:29:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24391
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Dec 2024 22:29:02 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 76ED 0
0 55ms
55ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231205&jk=1702920697313495&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A874 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?O5-lUg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:33 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
274 B 79ms
21ms Fetch
application/json 162.19.138.83
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.83 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31532338.ip-162-19-138.eu

Software

Resource Hash

e60407837f649e5523b3bca52a78d2b615254d7cb847c1f14246d3008b3221fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: https://www.dfonts.org
date: Thu, 07 Dec 2023 05:15:32 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

POST
H2 200 v3 Show response
id5-sync.com/gm/ 319 B
599 B 84ms
23ms XHR
application/json 141.95.33.120
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/gm/v3

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.95.33.120 , Germany, ASN16276 (OVH, FR),

Reverse DNS

ns3203256.ip-141-95-33.eu

Software

Resource Hash

ced9b0ea22ea840022b12f0c8cf2a43ffd1a466c5e3199afbd0d7b794c7e03e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.dfonts.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dfonts.org
date: Thu, 07 Dec 2023 05:15:33 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H2 200 container.html Show response
8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2A53 6 KB
3 KB 22ms
22ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311290101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 05:15:32 GMT
expires: Fri, 06 Dec 2024 05:15:32 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7D77 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311290101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 05:15:32 GMT
expires: Fri, 06 Dec 2024 05:15:32 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame 2A53 36 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1312e54d81f5e1f7fca841587ff4fe68e3b9bf10408ed2d1153a205db0dfa891

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 15:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14378
x-xss-protection: 0
server: cafe
etag: 14081725319182381301
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Dec 2023 15:52:35 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 2A53 24 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 22:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 197419
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 03 Dec 2024 22:25:14 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2A53 202 KB
64 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 05:15:33 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/ Frame 2A53 24 KB
9 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/abg_lite_fy2021.js

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48871
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Dec 2023 15:41:02 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame 2A53 3 KB
1 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48871
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Dec 2023 15:41:02 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame 2A53 20 KB
8 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48871
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Dec 2023 15:41:02 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AA31 624 B
245 B 61ms
61ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhjoqcLbATAB&v=APEucNXMyX-rFMkX1ANO6RzYOhWlRUS6u-3wTHzRSR8m_GzNQ37XBnnh43zWKKRcfoM9S8wag0ynBNHEmHe6b-lE3AU6O6xj5-qMco2ndJWDsmKcreVbqdHTyh0yjY-XMQgyLzy5cFkr6JMr-nHTFbM0PRbnYAQTockkW6e6BRXtbUzRghIpCH4

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 05:15:33 GMT
expires: Thu, 07 Dec 2023 05:15:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 7D77 111 KB
39 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
Origin: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:51:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33847
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 19:51:26 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/ Frame 7D77 7 KB
3 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 15:43:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48743
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Dec 2023 15:43:10 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/ Frame 7D77 24 KB
9 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231205/r20110914/abg_lite_fy2021.js

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 15:43:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48752
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Dec 2023 15:43:01 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 7D77 41 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 472225
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 18:05:08 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame 7D77 3 KB
1 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48871
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Dec 2023 15:41:02 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/ Frame 7D77 20 KB
8 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231205/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 15:41:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48871
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Dec 2023 15:41:02 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7D77 42 B
63 B 57ms
57ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AWgTrqo-_A8Dat_0vItZSxyk-kNrW5Fl9bTJdNPxLcuZQTD1OS_XNvzF3o4uXHuwN32Fj1ilmNe6ZI-27PKlncZkzC2PomvUvpeDw3QbFLbNvk7Z4

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7D77 202 KB
64 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 05:15:33 GMT

GET
H3 200 14765969140547304818
s0.2mdn.net/simgad/ Frame 2A53 196 KB
196 KB 25ms
24ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14765969140547304818

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ef80a6d25b51b7cccf581448df94d5a3ef2897ba51bb11d1f070c91ecc5adb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 12:20:18 GMT
x-content-type-options: nosniff
age: 233715
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 200268
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 13:04:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 12:20:18 GMT

GET
H3 200 10445506761871864519
s0.2mdn.net/simgad/ Frame 2A53 5 KB
5 KB 23ms
23ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10445506761871864519

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e95c8fe340de5f72262c9e050f89073e802a98abeed6c5570d0baa107df15a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 08:56:47 GMT
x-content-type-options: nosniff
age: 159526
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5193
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 13:04:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 08:56:47 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 59ms
58ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231205&jk=1702920697313495&bg=!gIOlg8zNAAY3kmNgF5I7ADQBe5WfONAQj5P0JdR_YRkXo1LBGg-RRlz6UBERkF6f03GP4isHe0BMc1DBvOL6gLCY3EPKAgAAAElSAAAAAmgBBwoAlEsehPvrDIBRTxE3trbgi_a_WPREsJxFw3VHybVN_C8c8tKtF7N7V2WxVfDMEkyXrHDYmpjrksIw-8MzbA0sFIDP-ivlsoEhq4vSaB18pI5PjBw4qg2fGCWcKMI8hsEAC4lHseV3x5nqPp_TF4PI2gV4J9-zgJr3lto6nIPp2yTGWkqlUdW719U6Txh4mpRDpZwwLDqZAr1Lc2USoEOAv243LeZ9dWWtIlhg0wbnzYPMiHCacwPkh2yQK-E4BvdWOdGjfq4QrtJ1BI0ik1zyAxr6XABD_uEyXhdq7VtcsUKEHOrNiTMZOmtUZNN1SDxV3uKThEECq-fqsnNgrYcfTZzmHnZ_0XjSYtJGoSJmHYchPph8CXWoWxjfzMxIztm6ERiaDLYVhI1nQuxpnAbXx0hKBvf2mzXFmZ2bxSiZCxeuH4lqsLwb5nvokZBSOCmFGVO4e4AS4XvzwpNq2CQ0s_KxQS77hjaT4zgwmWghokk2iRob8T8QN23lTF_UKxLvJnUH0y93H-IKmp6aANJXsYouatRgWZ8q5wDXJ0z0G6U_SERqokxXnNeeUGxatCZRmFYG5Txv6ymOcYmteOpa2tQT3yLi95zVOhd6WWC0QWcB0D3tMfjDbpZhw5PJKZAEdDtsZL-s-9SoczvImM0aqwgbgJhDYUe-xUHIPqR6p5QHrxPtIA-GJfyh8Y78met-fqbvWZNjGrwKPCbPiA1JnfC8kzRiCWr4dfg5MGRkJlfyk5LPSffci0XlOU3Q37tZW5gLHdHUTUkyueAUPVGCg9WRn7SwxE_A4lHI7TwBq_fsPjeX5kMaBgPFPaeWtjdsH9T9D5DdVdBDB1PRDlXH_TSokBS64DF8Jy-UV7cOjRDN9YUyzlrl3FvEXtjjoufzB7_xwlvf3M3CXOBYOwHsWPc_k2NTJk8NbDg1OxB0Y23DELL_BEZmGnJ24ZHzCpKEsoNlJGxR6VFufq8LfWjL3OMLyTuKRqkf4kgIDb8-8ObbNMVIOmEzHhf8ntfVrdsneUMM9mHbI6rMKwlNBvxAslwkFuEuvnofRs2VlCgnuo6qJIG3ROtPraXh2BdJoXN6WLwD3Pxy0SWl936iketDbiTzEk6EQKjPzLIOFjqrXV1tiuGisA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 7D77 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7b9edd5c178307414393d9c8fed0f70239f029f533879c86dd052f298c2305ab

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4572085191847110417/ Frame 22BA 31 KB
6 KB 23ms
23ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34dc221efcf66c277cfba9146dcf20933dc527c5baa0d4297f77573e1268e6b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 34321
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5687
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Dec 2023 19:43:32 GMT
expires: Thu, 05 Dec 2024 19:43:32 GMT
last-modified: Thu, 01 Dec 2022 23:44:57 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 7D77 0
0 70ms
70ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstu_0X5wK-DWRJMZNZFvSmQoPjJNfvjkj3TS6UQfhNiDBpzjcE3e6k6Sb0jZc9at1L1WChMK6NP-YJssHfp_KGDmHElS10PsjL5QZziPkvrbAJENn1OixUuudiwtKGShx_6o4rCV_7DUPlXaxs9YvuGebs9h-WHLQmn4C4UdRL1z0wqkecuTt4tPcHoafDAEB4dPPsB34cZ6uHWtI0z2juhtaATMQ9TLlzkAcaREh_QBZW07KRuNn6wlX84OLkhHHUtFTex-46pBe-HWvxug5NqlhjhH2Pzy780edUMRv_ZnFB-8hDU7I2VNO1OOrEtEAlJrZpjzkuxrZYr1ZfuuKQDuTpml0rau5h7Is5JkB0DiyhdNpwkzyS9W5LAUeVv_OX3mZsCz-KrAwNxjvDylKTUVFsAKsKpwh2R5qK9fSnMx4jzJttbXmnWBeSBmMVuIPdAClMkzwlkc8h9tSf6CJ3FNo6WQkaxe-3byWBFcLIuGcJKHuWI9yMvvm2uJEWX5cUSgH589bmx_GG3r-FAlA-7AGJN38UOq7fAvwLuQPjH2ZcJW7Ih4aoknpXMN2Y0Qnj8jG2ouGo2LqYwwGh2RYT9NyGUiDGncD5cYxGss8m6gi2h45Oa7rWhrdQvYAdGXlHEEw-ES1i5a-h8AcwOGsVp8X7S5Fphv35a7OxwUm9IVBy3AmP9Z29w_4GV8rLjRWbMx6BWqtvtwMpNKiOBdETP3Bds2P1BsPnXEM3gVSJM3wrcAHM6zbmn0StdbOUeYUxMcwGjz6PUa-LzgMUiZqhqarttEe6glaL8ubieN3alQp_AJy_bC1NEESs1XQOt4Sj2xzNz41IGBa4_GPctELM3_4kBQ00iFkUwkJmd4hC7EBGWNYs_JqTezzYOvLDb1jEt8lrqrvAoOMrDZsQOEOccpdni-ddqHpBhDSe9wmmrXjICKvYRZ0quUhDMhvHMlzYsnebAwMf7FPo5oVYMx0bJSsH-caqi-hGjkuk0cbMO6Uy9jeUx26kpUIIkx5bVu4m0dZfzDgk4bHx_Qjzzy2Rm_-yMe0tAfwC-ncuxlbLpCHvw-yZmFN6VHFCdcl6IYWMuMeY3bHbLANL8Rv_kJV_jUF-rQFNBqzZxqkM_SCm0VKvyYIeXGh9OXocboPFCIXcdpQ-ZsTg0WWEyX4URP3D6j7AjQHw5GGHS1Htt1vIJ2ewI_bOapbCvbFbG_StSRNcY7SiguJC66tGOLcJBQ8uH4tjL52vIR0R52J_gugh3z0TuaqC4ZogOqo-Nu5tKG9kfEggSd3GuwFloPPgo5Fwy_ctgR0lpZNvwb_M1_DpnAxo0-0CjpBm8ASJFnsNudORG5t6InG4vftk8mtkROwOD3FTjAXe4u88mJj9CXjwNDaX0nEQwf9hADTfnAEOQTn-dUH3bCFzBK-fxxBrq2vzU8kI&sai=AMfl-YT-rXi4zG0vZXz0FvZ57NzOFyIcwVPr0W67NI17pQQ5KECw7Xx2EmnG-lT-WROW5BL5qeZ0NLWO_rjgkPcs6rrkDhdyPSHaE5Sn5YY6Q_YSNtGrH1yq03ALzjJS501mAuUmOKIPEM8AnWzGxVuf1AFo03bA2l-qwHeQokUpOL5QeJ_2cfz1wwar89qEnvcpGCHPkcbg-Frtzx9U8Ocvl-iGrOnuuUaN547bF59ZvqXWowqCA76Omvh_y_Hi9h0NCkLhdd20Nvrt9Ni7eVuKaK8aMy9hGICAtpqL9QfIDibEOBJgcbzHq9cUR958mzr2EC0i_XMWDZ7YDGFQApZ3oU-MOlc0n2P5FO-91_HHdQxmZNNiGApZwLcb7p-uw6bkTpI8u8xZI7toiPqrCXfZ8wdrsUxw-YHpa-4Fka8i5xCarfGTLe27tdZ-1ql3yKMEaKuo7XiKsTMh5DQ9hJr4Y7Pfy9JnD2ukWSxwVB2Za80p7wSW4pIKonok2dfwVpfPML8oqRiOAI5sJg&sig=Cg0ArKJSzN0W_bp6sR2CEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ocGUuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=49&cbvp=1&cstd=47&cisv=r20231205.98652&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 07 Dec 2023 05:15:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 ca
choices.truste.com/ Frame 7D77 27 KB
27 KB 94ms
26ms Image
text/javascript 143.204.215.88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=1&c=digitas01cont8&w=728&h=90

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.88 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-88.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 05:35:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 c5c25772c7f14e267596e0f8ce51d9bc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 85222
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache
x-amz-cf-id: 4334LezgRNxiXo2DyRnt_Ud0ZCC14M-QoiTGsCgsqsZ6BM_hHGldEw==
expires: Wed, 06 Dec 2023 05:35:10 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 3BAB 38 KB
13 KB 21ms
21ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 158648
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 09:11:25 GMT
expires: Wed, 04 Dec 2024 09:11:25 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame AA31
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1

43 B
736 B

37ms
37ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhjoqcLbATAB&v=APEucNXMyX-rFMkX1ANO6RzYOhWlRUS6u-3wTHzRSR8m_GzNQ37XBnnh43zWKKRcfoM9S8wag0ynBNHEmHe6b-lE3AU6O6xj5-qMco2ndJWDsmKcreVbqdHTyh0yjY-XMQgyLzy5cFkr6JMr-nHTFbM0PRbnYAQTockkW6e6BRXtbUzRghIpCH4
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wxBWV3kGHkD%2FkYUd5ymTKtpKraY9ux5nDEwicqz0TqGYvpzsBMMujZqiwQXbuQacFxhi3cGKhVGAKjik0x%2FxluaHQbibWWP%2F7UWaVyrayRP%2FRA%2BFMSKRY3LYBfl67BwQbhzJknh5CthiZw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 831a4aa06d901bcf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame AA31
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXFU9IWEN-nu.p2i-Wpp8AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1&google_hm=2

43 B
734 B

35ms
35ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhjoqcLbATAB&v=APEucNXMyX-rFMkX1ANO6RzYOhWlRUS6u-3wTHzRSR8m_GzNQ37XBnnh43zWKKRcfoM9S8wag0ynBNHEmHe6b-lE3AU6O6xj5-qMco2ndJWDsmKcreVbqdHTyh0yjY-XMQgyLzy5cFkr6JMr-nHTFbM0PRbnYAQTockkW6e6BRXtbUzRghIpCH4
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5i89OwCUW2PBb2W%2FhAjyGq8jijCv7Mj96QFZEXUQc4giz1c6a4G3RmPhH06x021798GvOThAZ%2FZxiyI8mn6%2FOIruhgLNJmEB%2FThbQCXDsoOdUd7CGdjzeCXnCgr8G7np8y5EzJvpcQQYrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 831a4aa0ade31bcf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELjiLLt02j8pIcVrSsROLRA&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame AA31
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEG1AP01Oc5SfiE7GaRIZxtE&google_cver=1

43 B
843 B

46ms
46ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEG1AP01Oc5SfiE7GaRIZxtE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhjoqcLbATAB&v=APEucNXMyX-rFMkX1ANO6RzYOhWlRUS6u-3wTHzRSR8m_GzNQ37XBnnh43zWKKRcfoM9S8wag0ynBNHEmHe6b-lE3AU6O6xj5-qMco2ndJWDsmKcreVbqdHTyh0yjY-XMQgyLzy5cFkr6JMr-nHTFbM0PRbnYAQTockkW6e6BRXtbUzRghIpCH4

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:33 GMT
an-x-request-uuid: 770c98b9-2b5d-40ff-bd6a-96e60a2bbbbf
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.184; 84.19.175.184; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEG1AP01Oc5SfiE7GaRIZxtE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AA31
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzczNzgwNjI5MjM2MTM4NzcyNA%3D%3D

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzczNzgwNjI5MjM2MTM4NzcyNA%3D%3D

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:33 GMT
an-x-request-uuid: d2db1250-3f2f-4caf-b0aa-42435fe4f7eb
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzczNzgwNjI5MjM2MTM4NzcyNA%3D%3D
x-proxy-origin: 84.19.175.184; 84.19.175.184; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A613 143 B
166 B 21ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2226
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 04:38:27 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2A53 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c405ed5404f8e366cc975ac31eac87154017eec32f7847846cca9e39ba53c9a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 c8048154be43edfd0b4fcdc3fb22db5c.js Show response
s0.2mdn.net/sadbundle/4572085191847110417/ Frame 22BA 99 KB
28 KB 23ms
23ms Script
application/x-javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4572085191847110417/c8048154be43edfd0b4fcdc3fb22db5c.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

849032524598b6ff398f77a6bfc95235029778c3f6905e1459e53198077fb176

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 19:41:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120817
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29104
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 23:44:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 19:41:56 GMT

OPTIONS
H3 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 100ms
56ms Preflight
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=C-_cm9FRxZb_-E63U1PIPvtWckA2e_qHCdI6P94f6EaOf3KWNAhABIMT8ip0BYJXimYKsB8gBBqkChS4zU_YPsj6oAwGqBP4BT9BQyMPTrzR_eVWCyD5XEovH0Rb9rx9Tvca5TrDrDxHyVR445sk1mKiKxW_OrGbz7ozjmqMxXm09t8b3RAmCpodGtgyOaPX0Zb7PI-0TuSMwk9xQc1ZiMO1xixw-TqKa3VEO5Yt51_O7QPr6Mbg74_qOZlgXfw1sTnw_F0xup26El_PmFDkvTKotO2LHv238K3J_SNA5VAZjn8ATUT_DSPgVLaFt0_iju5zEpklMgIcifa8yaul8ejVO6Osoqu6juD3yakQukSyjEcqEEbrWoy_Y0oUUOlXXsT_F3o8jMqXLddzWuAhRCxIAE0in9zF8lHQnb6disUJpFkaHUjXABN3UsprFBOAEA4gF5Y_Iw02SBQkIIhgBSKmUmQKSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBjeAB5yxjrcEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwoQ76oiGPmu9_8B0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOlj4-rL0yPyCA5oJdmh0dHBzOi8vYWQ0LmFkZmFybTEuYWRpdGlvbi5jb20vcmVkaT9zaWQ9NTE1MjcwNSZraWQ9NjIzOTAwNiZiaWQ9MTg5MjUwMTEmZ2Rwcj0ke0dEUFJ9JmdkcHJfY29uc2VudD0ke0dEUFJfQ09OU0VOVF8zOX2ACgPICwGiDBwqGgoY5LSxAu61sQK1uLECrLqxAuS0sQLutbEC4g0TCL21s_TI_IIDFS0qVQgdvioH0rAT3YLZFcgT5Zf94wPQEwDYEwrYFAHQFQGAFwGyFx8KHQgAEhRwdWItNjc5MTAzNzU2MDc0OTYxORj__ZUB6BcF&sigh=rQgKn01ie_Q&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNUOktf05x-mf2WpXFxrd8uOcGE1s3xKWf5ea1D5Nksgvv9HkFBfsLgkimB52xO_DX9pBuPQQcrI3eUdUDu1lTWHvZomUxt23D9WMYAQ&template_id=509&vt=10&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 07 Dec 2023 05:15:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 2A53
Redirect Chain

https://securepubads.g.doubleclick.net/pagead/adview?ai=C-_cm9FRxZb_-E63U1PIPvtWckA2e_qHCdI6P94f6EaOf3KWNAhABIMT8ip0BYJXimYKsB8gBBqkChS4zU_YPsj6oAwGqBP4BT9BQyMPTrzR_eVWCyD5XEovH0Rb9rx9Tvca5TrDrDxHy...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217430387443045205920%22,%22debug_reporting%22:true,%22destination%22:%22https://adition.com%22,%22event_report_window%22:%...

0
0

109ms
59ms

Fetch
text/css

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217430387443045205920%22,%22debug_reporting%22:true,%22destination%22:%22https://adition.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%220%22],%224%22:[%2212-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217688856995774495441%22}&andc=true

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:34 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"17430387443045205920","debug_reporting":true,"destination":"https://adition.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["0"],"4":["12-07"],"6":["true"]},"priority":"500","source_event_id":"17688856995774495441"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: null
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 07 Dec 2023 05:15:34 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 07 Dec 2023 05:15:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"17430387443045205920","debug_reporting":true,"destination":"https://adition.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["0"],"4":["12-07"],"6":["true"]},"priority":"500","source_event_id":"17688856995774495441"}&andc=true
access-control-allow-origin: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame 2A53 42 B
64 B 49ms
49ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DnykfIsuzFGC3et8zZDLqmINK2FqpEzp_xwOOPPHS_F6-JZwi2fevdlZmH7_Nzbg0rUYy3T0E_x8FnXrpleeso7zEc1nA4djX_DRirOqp6Lp6QGHgEmjDahAz8pgcG1KKRYE4N5s2yXmxgWPxwGgEV0lKm431McKzhiOM9gjhjadGAp2o&cry=1&dbm_d=AKAmf-BwLEsZJDjwcI_jjbeY-UmSvnoyzZTXPfarAHTq9u3_YWVUseqGPq2FDQ3X1lby0jn_xxPF8tZ7RnAxTlI7vgKjAMmqEYuswxhG_4Wo7Va5x5LaOUZOiu_qmDXUif_8WVyCngJT-1m-FYnxiTW0rGOpgOpGdinTRdG0T7vOXU5eSKgtcIkrH0SBXQ7a-cp9usittU6mOuuc8XfoLviSopOIgpBs8CphJSk6UaGsHNV62QbxQ2qnyObjbspC6EHfRViIQVwKARoFZHYDslh2aRbfDxQcHRH9_sU3SZCBg8SuglHVYvmcTPL3W3ngoyJlG28XvS3u5W5eF2_GPTe8l1Pqa3q4LVbLHFy8KuiX41ca9R6ElSBFbwqJt2klXkV8yHBFnBsTCB_h8ZuOoTEWG6EnLfcaFF4ctKkAKi4Yuy93Q3OeLyBlr_m2RvwBmCedtMvwu3w3FO92wFhtV6uvAukezFJyJ_hIyZPQiCjRezZFu3uYFsYlY8IIEFIHgOaQBkgn8iQvGAO2NMcYHyjZgVV8KFTjqdQdqOXIWg9_aJBRKraopfGASItqo7_kVOm53liXy36yr_phZ4cLTae9NYmhFbTbHiSUSMrHWmmtJb7j2Q9ySezyp6agLCtwIp2fgn9B-KkdCS71N5AZQsmvuXbKG_LW7z1VyeWL4-wiSxACKzhR-WRK6FbUH-vUWMUrVn6P8yTbiecWitvigq-XqVeH4u7kOlb7J1y8De30bUUbR2Smth4eUDTqBLwPuByfIyVuMRed9ShaFcNMwL-JTUvQI7UY3L62ex5GaYaL2rlVVqM3hksuqWlqyoth3PtcpGGZm0R50vRWUjNPttiTEYdTFBsPCrRxIXqYe374T_qhjMm-i99Ftkika4T_jG5xdFnuzBW9iJtOGmuvggP240Ys_DFjboNMLueZwr__Qzb4PWWuXbvf44dEBNVJfLd0iEhwmmeOoCQPXm289LPGmLtmu043gmwWHXg51XdwmV-EAOKwWRzLrSmhKrNdbewOiHay1MVv-BiSCjG1PMeMZfC65zE6E_2PrYpgdo7KY78L1GgZqa2h5D4lqqS7UnFCftYMxicNyhOWri2CyM21CnPch3mXffZ40q-N3i6COc9eF5gEHNARB9mW4uiJd6NCYC3fB19FIRyZMo2H-1o2R7iW_wcvnhfM1yg7PNAt-h2mhzY7n1gg6aZyd-UGawOqcH8-AcAg82frpPJpcM6UzzP1Kn5aI-Pe9zL15r56hIFp0SMOvlB_FZcp8gkA868rJatKmf68SiQBn0o-Wp4wYgF1e9mvmvquLE5UyXcT9Eab4Gre8YhJ68Dy4cqbeFxNK-S1bXVt9ILdrizUXrsxq_g0QbnF1JsfnuMN3vRVjW58LmDAamMmHhXP0QJdvcOa4ONHrPrnf4gfmNm9L9U5TUWEGwN4bRDuBnSam1W53gQCLFtnrAyk3tHOJYD17RivBAcfFSDC15QG-TCoay7Iw9DoCvitfiVeNuowM3ltYNp03OH3VZONY4TJPLIfKUFlAIGuCYE1Gcg5aQ_oQb01w0K2q1YjklnD6sZwCcvf_mzOKn1jULRvcwzu0yJ3_ecy4UCnBqAa6x9h5uaet2mcDJypfUmY5di0GZQNd0L15FguUoHq2j5IxtvTavAR4EbO6TAuMAINUbStQu6q9cjmSlQIxRrkHLbMbn4mKsfKQiL1khjVyNgGfQi0azJuZ8h3NuZE7EoqwgizeNRkJxgNUzbAbijTbO1-CVQybjBLEEtbWuL_3z1UTlmrW-GStbZeKuCL6qfBzW0Jz8z7Ed0K6HbR_tZQj9v6kmB7I0ALalUhQ8kVsZjrWauwLZvjROPvpIctrIb02TJpaKoEySc4eIQ8qPNh3NBo2gChTkgJn8N0WA9IYZBFK3nei5-_zi8qHJpESq6jXd60Jq-o-v50yQ-1IhEv33dchJMB7VGmr3ocdNu70MCYLCaSjoJkQLG0uyvaD5YZ08MC73opgs7ppgUakXBHQTqsHZyV8Eqy2fdWSU-1s92cAnV0HbQkvF9Dw93ZaF3Jj5q6bjYSiHmIeTdGwDexnKh5GCFDVfpjuKq-DlRGBkXqStskh_2B66Mc4B_hEKzijjypnVV4uHRCNfg1qXYZgPoNJ0ONutJUC-3bYdRKAJrt09oFSl5ag1fk8vO0kXwSsutHtMkO-Q58lm2UusYWjza3TCRaFX-TAAobfrTm7O0YuC4r3K-NdlwjC4kLy_Ok_zOzR30TXtuX-7w45rjklWf0kX5z3eObhndlWR5ypq69nY05C_c3ekFDhOUFE_AGtpm-dGk6wixW4infeq2v6_ILat9lJPRCFnNQeIWORZTrCmuu1o-3OLqe_KUzEsT2IsukbbKRmpG39aoZw8Xycu60rxJiaEh4kObGbLBI9ou42N8obLCO3myuslqK9A3FYORe50DQZD9Uas-LW0rNrsMf89RPPDpOk5p3hIPNH61nhh6gPHIsOvA90Z6WszOCA5ojMi4EB_sDg4EGlhR_bhwJuLSGShbHs6ZSiwVbQngbUeqLdzNqA8v5Uy2rBk5P7NwarbCee-UwWctKLmafhsZGymwRh9V_79bV1b540Rf4d61GfUwrX6hN2sGktkmk6_eF_XPWgk1ZHcIIiDzodoyjmy_q0OXoCY1FVe3mmXIOrDQyddDH3t8bz4AMnzhACvYsa52i716zOXT16lFd-BDUpJlaKn55J756XUBidoODn9W8pUkfsoY6Uxl22WbUnfTFdjdXeYv2qb_2QA-DY7eXRxuRVVgm5hghnht-AoGlQ5IJz8eb83deYe1SyvwEI05bMCbTuOF9B2J7vVnJXiJx58Zqp9vE9fDM9oQ3djWwDXk_XwytBz6W_9gKHHywU_a7Jg4HIhjww9L9cg-uhgVB1r83aSBpP2Os9bcT2RZJyxKAbtuS0I7vhKm9nlOh_mcIukfenwXZrzHIx0HUUKylHuGRuIzXzHk4t52XIcPvvX5N0Sk3Yx4bOa_YdJKQSe-hssepmeiiIewc2eWG0k6AKf8NPDL2u_Ct58_vF0xe13HNp9oD76jPNX6m-gUaERJ997Htm2AJfkvjmc4WVFmtEHd74I6NlqodxyZUuqnW_ldJQGldfOpec-L2Pyx3be_DTkHrmhJT-qfRiMbT4OKR2XbV4gyuP0YWbNhwEWBo89eK3_pXV4VBlnLzhco6wuos3T6EaggWmVyKlLQnKAmwaefy6nnWiXJ8dCWNam6Vhq0xsuTIlhXp6D_LPUOwZmBRbUlj2vOKAT4TbfJtUbo6FRy4qgNIBVzqw9ziKd6oIklsbmdbLsV1BuTlL2Zktd3rNtQRClKNEqCvZg7Oqrnb_QfU8lWaqoa1g6y2Fz0jU2WkMeGzqZjEpnZx5QkpOK_KAoUlDErRPnqOfHsrvl7E3-t0LXvqecRDhSTovxcO-peegG7OnZ3MzID6cu1iglQVr1V96Bp2-xQelEQA9I8Ti3g9tgIF-0bcuUsmZW1ZdZLZeBurcPg7LK6X1WnpUw4ir-YXPm_Q9GTTFa2n1PuJgy7IZSDv02NQpWC3PeaX1Xe5EKlKSSeNbKMH5yLyx1LehMRi-x0KPGJk6HTms0D6i9RZql5z3-zxc5XY_0zeD-0Nmm6V4CVtNvBvqL7qzKjyltZbzZFhHGxKj-MvRyNfiYuutO2VeDB7D9Xp7i7AkxUkb9WSqvgfdKwxoaJkdtr0R1Ymd1wIfKw66iFRGScEfKMMb_59vn9OkLA8oMNEbyS5zbWckAfJ31YtwviRhpI5JSe84ArIUh3HvvOP_ujRjD-yobSg1d0rSfnRqwk&cid=CAQSTwDICaaNUOktf05x-mf2WpXFxrd8uOcGE1s3xKWf5ea1D5Nksgvv9HkFBfsLgkimB52xO_DX9pBuPQQcrI3eUdUDu1lTWHvZomUxt23D9WMYAQ&dc_exteid=31394995818597743173883074326219249&dc_pubid=4&cbvp=2

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 banner
ad4.adfarm1.adition.com/ Frame 2A53 36 B
36 B 92ms
28ms Image
text/plain 217.79.188.46
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad4.adfarm1.adition.com/banner?sid=5152705&kid=6239006&bid=18925011&wpt=C&gdpr=&gdpr_consent=&cbvp=2
Requested by: Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.46 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: ad4.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 06:15:33 +0100
server: ADITIONSERVER v1.0
etag: 7309717081462866279
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
cache-control: no-cache
content-length: 36
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

1x1.gif
imagesrv.adition.com/ Frame 2A53
Redirect Chain

https://ad2.adfarm1.adition.com/banner?sid=5151015&gdpr=&gdpr_consent=&kid=6224115&bid=18905696&wpt=C&ts=[timestamp]&cbvp=2
https://imagesrv.adition.com/1x1.gif

68 B
178 B

79ms
23ms

Image
image/gif

217.79.188.59
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagesrv.adition.com/1x1.gif
Requested by: Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 217.79.188.59 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 5fb3bdb7f966c852579fb6b0574517445d5b2d171c804d66227ee67b1bffca9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 07 Dec 2023 05:15:33 GMT
last-modified: Fri, 24 Jul 2009 13:46:10 GMT
accept-ranges: bytes
etag: "3122740758"
content-length: 68
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 06:15:33 +0100
server: ADITIONSERVER v1.0
etag: 7309717081464571094
content-type: text/plain
location: https://imagesrv.adition.com/1x1.gif
access-control-allow-origin: *
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
cache-control: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 3BAB 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 22:29:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24391
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Dec 2024 22:29:02 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A613
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

31ms
30ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
URL: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 05:15:33 GMT
expires: Thu, 07 Dec 2023 05:15:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 05:15:33 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 metrichpe_501_normal.ttf
s0.2mdn.net/sadbundle/4572085191847110417/fonts/ Frame 22BA 59 KB
24 KB 24ms
23ms Font
font/ttf 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4572085191847110417/fonts/metrichpe_501_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4572085191847110417/c8048154be43edfd0b4fcdc3fb22db5c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3865c0dbe6b11b3a32b8c600acaeda70bae7b1f8287d566bcc0613c217907f2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:56:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 454750
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24241
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 23:44:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 30 Nov 2024 22:56:23 GMT

GET
H3 200 8e493e4428fc103db3191da83a8775d0.jpg
s0.2mdn.net/sadbundle/4572085191847110417/media/ Frame 22BA 14 KB
14 KB 24ms
24ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4572085191847110417/media/8e493e4428fc103db3191da83a8775d0.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

608b4742e840e98757ce147a69e9c51bce390ecb572dfb7a1ec231748e05acdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:46:56 GMT
x-content-type-options: nosniff
age: 34117
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14143
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 23:44:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Dec 2024 19:46:56 GMT

GET
H3 200 395d370bde56edb1a7a13cb7c151fd9f.svg
s0.2mdn.net/sadbundle/4572085191847110417/media/ Frame 22BA 4 KB
2 KB 25ms
25ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4572085191847110417/media/395d370bde56edb1a7a13cb7c151fd9f.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae9ec49acaff45c6a341e9a552d546bd6fea845331c314261be35a40c37ddc7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 07:58:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76604
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1630
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 23:44:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Dec 2024 07:58:49 GMT

GET
H3 200 metrichpe_401_normal.ttf
s0.2mdn.net/sadbundle/4572085191847110417/fonts/ Frame 22BA 60 KB
25 KB 24ms
24ms Font
font/ttf 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4572085191847110417/fonts/metrichpe_401_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4572085191847110417/c8048154be43edfd0b4fcdc3fb22db5c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

671fca35d060e3ce06bbe0848b80e47be23f3322befbeb57bbce5d46994c846b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 09:09:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158756
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26072
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 23:44:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 09:09:37 GMT

GET
H3 200 metrichpe_601_normal.ttf
s0.2mdn.net/sadbundle/4572085191847110417/fonts/ Frame 22BA 61 KB
26 KB 23ms
23ms Font
font/ttf 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4572085191847110417/fonts/metrichpe_601_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4572085191847110417/c8048154be43edfd0b4fcdc3fb22db5c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39c7c602e0d57a569539f7e8e0b2d75a9f5aa9bb38d59782d2011d9e35c07d77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 22:38:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 196629
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26501
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 23:44:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 22:38:24 GMT

GET
H3 200 3da15c1a1519d4142b61be4acb2551ca.jpg
s0.2mdn.net/sadbundle/4572085191847110417/media/ Frame 22BA 20 KB
20 KB 24ms
24ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4572085191847110417/media/3da15c1a1519d4142b61be4acb2551ca.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59b122193996b704d97e25c4b10369a2c0e7c514dbef92ad01fafc8412f483dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 19:41:56 GMT
x-content-type-options: nosniff
age: 120817
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20743
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 23:44:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 19:41:56 GMT

GET
H3 200 bf92c8be83eeb2dbf186eb1436ebcb5e.svg
s0.2mdn.net/sadbundle/4572085191847110417/media/ Frame 22BA 4 KB
2 KB 23ms
23ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4572085191847110417/media/bf92c8be83eeb2dbf186eb1436ebcb5e.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6648009549b81e81582f3fb8345dd6305ee4a232fd4eac4fd803a78cb69b0c1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4572085191847110417/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 22:53:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 195709
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1630
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 23:44:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 22:53:44 GMT

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 7D77 0
0 59ms
59ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstu_0X5wK-DWRJMZNZFvSmQoPjJNfvjkj3TS6UQfhNiDBpzjcE3e6k6Sb0jZc9at1L1WChMK6NP-YJssHfp_KGDmHElS10PsjL5QZziPkvrbAJENn1OixUuudiwtKGShx_6o4rCV_7DUPlXaxs9YvuGebs9h-WHLQmn4C4UdRL1z0wqkecuTt4tPcHoafDAEB4dPPsB34cZ6uHWtI0z2juhtaATMQ9TLlzkAcaREh_QBZW07KRuNn6wlX84OLkhHHUtFTex-46pBe-HWvxug5NqlhjhH2Pzy780edUMRv_ZnFB-8hDU7I2VNO1OOrEtEAlJrZpjzkuxrZYr1ZfuuKQDuTpml0rau5h7Is5JkB0DiyhdNpwkzyS9W5LAUeVv_OX3mZsCz-KrAwNxjvDylKTUVFsAKsKpwh2R5qK9fSnMx4jzJttbXmnWBeSBmMVuIPdAClMkzwlkc8h9tSf6CJ3FNo6WQkaxe-3byWBFcLIuGcJKHuWI9yMvvm2uJEWX5cUSgH589bmx_GG3r-FAlA-7AGJN38UOq7fAvwLuQPjH2ZcJW7Ih4aoknpXMN2Y0Qnj8jG2ouGo2LqYwwGh2RYT9NyGUiDGncD5cYxGss8m6gi2h45Oa7rWhrdQvYAdGXlHEEw-ES1i5a-h8AcwOGsVp8X7S5Fphv35a7OxwUm9IVBy3AmP9Z29w_4GV8rLjRWbMx6BWqtvtwMpNKiOBdETP3Bds2P1BsPnXEM3gVSJM3wrcAHM6zbmn0StdbOUeYUxMcwGjz6PUa-LzgMUiZqhqarttEe6glaL8ubieN3alQp_AJy_bC1NEESs1XQOt4Sj2xzNz41IGBa4_GPctELM3_4kBQ00iFkUwkJmd4hC7EBGWNYs_JqTezzYOvLDb1jEt8lrqrvAoOMrDZsQOEOccpdni-ddqHpBhDSe9wmmrXjICKvYRZ0quUhDMhvHMlzYsnebAwMf7FPo5oVYMx0bJSsH-caqi-hGjkuk0cbMO6Uy9jeUx26kpUIIkx5bVu4m0dZfzDgk4bHx_Qjzzy2Rm_-yMe0tAfwC-ncuxlbLpCHvw-yZmFN6VHFCdcl6IYWMuMeY3bHbLANL8Rv_kJV_jUF-rQFNBqzZxqkM_SCm0VKvyYIeXGh9OXocboPFCIXcdpQ-ZsTg0WWEyX4URP3D6j7AjQHw5GGHS1Htt1vIJ2ewI_bOapbCvbFbG_StSRNcY7SiguJC66tGOLcJBQ8uH4tjL52vIR0R52J_gugh3z0TuaqC4ZogOqo-Nu5tKG9kfEggSd3GuwFloPPgo5Fwy_ctgR0lpZNvwb_M1_DpnAxo0-0CjpBm8ASJFnsNudORG5t6InG4vftk8mtkROwOD3FTjAXe4u88mJj9CXjwNDaX0nEQwf9hADTfnAEOQTn-dUH3bCFzBK-fxxBrq2vzU8kI&sai=AMfl-YT-rXi4zG0vZXz0FvZ57NzOFyIcwVPr0W67NI17pQQ5KECw7Xx2EmnG-lT-WROW5BL5qeZ0NLWO_rjgkPcs6rrkDhdyPSHaE5Sn5YY6Q_YSNtGrH1yq03ALzjJS501mAuUmOKIPEM8AnWzGxVuf1AFo03bA2l-qwHeQokUpOL5QeJ_2cfz1wwar89qEnvcpGCHPkcbg-Frtzx9U8Ocvl-iGrOnuuUaN547bF59ZvqXWowqCA76Omvh_y_Hi9h0NCkLhdd20Nvrt9Ni7eVuKaK8aMy9hGICAtpqL9QfIDibEOBJgcbzHq9cUR958mzr2EC0i_XMWDZ7YDGFQApZ3oU-MOlc0n2P5FO-91_HHdQxmZNNiGApZwLcb7p-uw6bkTpI8u8xZI7toiPqrCXfZ8wdrsUxw-YHpa-4Fka8i5xCarfGTLe27tdZ-1ql3yKMEaKuo7XiKsTMh5DQ9hJr4Y7Pfy9JnD2ukWSxwVB2Za80p7wSW4pIKonok2dfwVpfPML8oqRiOAI5sJg&sig=Cg0ArKJSzN0W_bp6sR2CEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ocGUuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=206&vt=11&dtpt=157&dett=3&cstd=47&cisv=r20231205.98652&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.dfonts.org
URL: https://www.dfonts.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3BAB 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BaXl79FRxZcH-E63U1PIPvtWckA0AAAAAOAHgBAI&bg=!TE-lTwDNAAY3kmNgF5I7ADQBe5WfOKFeWH1Ta8Q8wbTHzHvR0V6WJUN8RGg3Oawkt_4WwwLIJcQYYCtBNr85jdTjRqddAgAAADlSAAAAAmgBB5kC_CZyYIIqBfQ2_LkPjRJT3Fxafdaicxn0L4D-IOtwbBdzqk-ACfkk_WYuUBFOCuKx9rkDZY9JqzxmWB5emHjBlCP9-GVpEbJCMxiIblBiDyDUDySOg7lMx57mrAJin6iJHkVLbzO_nOkLbfloRLe4YEidQYreRn0cq7larccThCYGVBpZKPGrZl0CiZKGHEpmJMgE21VTnd5l1FChiSg5GfJQyneOTN4qPBUcIGDbFmzImY6iplr81WKac8Fe1sPOaJuUPDgA8W8A9X-6eeGq7LL0FAv51tLOhq75LRlIYPo4s5jeQ_P9BR2Z4ETeCzKgwB4D0yt7aOQcANmXn7o3WZjRrilzjcGhGM5Hub0fJypqbF-xCh9-lpjxGvmdHc4cd9DfWAYOC-zmaJjcbQWwTMiedQxzJ6MYYaoIdK5hA254_-CqvCc8C5cBJ9z4niGF37Gbd0u36ByUYthz-WQIaiWwHPyS5i-yE6KEYMiz5ii-amDf9zFEsB4g7runCubTY7dfR1F0P-T6gMz_WAjPkl_IOn2r36vwzU0Xw4MR0KuF9ilZOoRUHN24jq8_8YYWd_hKnuvsHXNxVi5q-MwCfLldVdNaybClYvU3ylwkDod1zeMz_-TsaetAcezez_Jc5JOvhQs8RZoCUEnQ2l3fnzrEEOGzoOmDxBujEFoeCxxSE1RxDYQS24d1v4Yo2TxZ_AyBakKo1KeAsWhx-I311Z0Va9Jj5zH-dhOcSw2cMds8i1cf4xvaIPnQut15oQxhGof60i8ZfgPKdAOxPbhXMgurKU17vHP53W2lQ9InxSYlGolRe5w6gFHsJRmeZ_EpKeN6aG24XGQ72dIs58RauR4et0T2vdUUkI3ftDS82HQiPlNP2RyQraoQ1rqDg09AE3PoYXuV802PlBeJxMo5RJVmiOwsjnlZHcvlBQ-5ZScdB1OsPOQB9gJdMv9dINzaXgT5sk_9QVKhWpwlFdti_QpShKbMaHp6QUGEIhiN8Dm_ZTl77xpxxiYquAmy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D1FE 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv5pPXjJj2ccELWwfRZID8YazJeymOcLNWEP6rAltkoeOv3Xpdw-w8ZmXYUgi-TewoWo5O2qcKJEYTiTH0ZRGEp0nzK1SIGv6tcTfWfBICIU9Wx1YxfvL2w9AbAbikPwmDJ1r-C29RKJXu3&sai=AMfl-YQZYGCD8lH3vcFzfjpmo-qxGAjhvBRzQFmDojlVh4vPv0mSXWESn6Od8tcFiF6itUNhTqap1Zh7NUxl7ttCqP8raNE3YvTzMTfWUhkiN_xn8preifdeqFhRca-h5zV4goqxc03usi6Bf4AIH5nlLbDzQkAQlAiNtTc&sig=Cg0ArKJSzOAD8xX99ShMEAE&cid=CAQSTgDICaaNxLsLDPYmzv2M0t9XNdmOdI13J0ypDTaWzeqbHx9eHhlMPYGoMUucXaLckDboC3cBdAH3DNy3ROQRch2PZrKPV0AB8qeMf1DWkhgB&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=350,847,1000,1000,1000&tos=350,497,153,0,0&v=20231206&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701926132658&rpt=301&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 123ms
57ms Preflight
text/html 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 07 Dec 2023 05:15:34 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 publishertag.prebid.136.js Show response
static.criteo.net/js/ld/ 93 KB
30 KB 193ms
92ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.136.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0c1ce1aa8e07e9cd49cd881147c0495b5c636dab10ab1c30ceb935b74a8c0ecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:34 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 19 May 2023 17:15:21 GMT
server: nginx
etag: W/"6467aea9-175c4"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 08 Dec 2023 05:15:34 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2A53 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsueQHgRXojN8myhUzPVo1kcNBIkSBKd6q37Dq89CrooRrAZ48fBMu2CW1XWIJ497ASPJsNmtD0VT4zwph8Hnok23KyRe357qVzobA60HiLF63rKXjV_l4BUHlAShrLcLQ4&sai=AMfl-YQQLmz9UzN65YucR0yBAgs0d291MeSk_JZ-rSfbjViNw48BSuMG7NhfJVGjlVh_JrD4JRrtBlMtI4pY3MiFgEPHXonh-vV8z6VYGvyGHp-UE0vv1fZtBHhGeZ11GImiN7D2EO2EuwwFVIUa1WdV6oFM-oxns1e_U3CK&sig=Cg0ArKJSzEwscWgbcVnHEAE&cid=CAQSTwDICaaNUOktf05x-mf2WpXFxrd8uOcGE1s3xKWf5ea1D5Nksgvv9HkFBfsLgkimB52xO_DX9pBuPQQcrI3eUdUDu1lTWHvZomUxt23D9WMYAQ&id=lidar2&mcvt=1000&p=1106,437,1151,1165&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231206&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=9&adk=2627363035&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701926133649&rpt=122&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 80E0 15 KB
6 KB 115ms
39ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.dfonts.org

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.136.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4563823fd629a48517c7feb8bf33640e12440e08bdde7a172ce477c2ddfc9c4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 05:15:34 GMT
server: Kestrel
server-processing-duration-in-ticks: 237626
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET
H2 200 publishertag.prebid.136.js Show response
static.criteo.net/js/ld/ 94 KB
30 KB 175ms
87ms XHR
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.136.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.136.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ed3dc50aa8e28ea856d113dfbd2bd12dbb09ceb4381f2bdf8dba7b14b2a00108

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfonts.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:34 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 07 Nov 2023 09:08:30 GMT
server: nginx
etag: W/"6549fe8e-17704"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 08 Dec 2023 05:15:34 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7D77 42 B
64 B 57ms
57ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv9W1AjAqnSlIemZTbB8092egQ_RTwUg6PdmbBPXKqmtSt4Qau28f5WCCo54sKgk6ZFtC0iVTtoMoq_DnFnDWwaR-UyArJ4H_w8Lav-v2nPWORQ0CrcoxC9teJM1rIva4XR0pUALcg7EzK7&sai=AMfl-YSD09CTW7hBXqmakDWKuhUlA2go4lv3DhGWqZS2xiuN1R8Ym30YrryvyJhpZB1Y4zTBLE-gs12Z-3P9CriPVa9mREKyupsZHWRM04zRyd7f-VZbSnGy2WBlOAOK72Z-RIYGQjCUPU_-cQ6-w7EuT-BCcVmrt96-GWT9&sig=Cg0ArKJSzG2avFFsFRzbEAE&cid=CAQSTwDICaaNUOktf05x-mf2WpXFxrd8uOcGE1s3xKWf5ea1D5Nksgvv9HkFBfsLgkimB52xO_DX9pBuPQQcrI3eUdUDu1lTWHvZomUxt23D9WMYAQ&id=lidar2&mcvt=1000&p=115,436,205,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231206&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=843180816&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701926133663&rpt=134&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 80E0
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=dfonts.org&sn=ChromeSyncframe&so=0&topUrl=www.dfonts.org&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=Vy0_u3xVZ0hHUExPeSthODE3THhlbkVjc1VSWlhscXhQdkY0QTFIMWN2cGNmSjBJVEV2eVdkcFdWWCttTlBqM3RDSkRYVzFVSlRaMnZib01GdHZXSG1BMXVJTHFDYlZJeC9DcDIrQlp5RWxUbzRDN1JFQmxqaVA3N2w3b1...

430 B
649 B

41ms
40ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=Vy0_u3xVZ0hHUExPeSthODE3THhlbkVjc1VSWlhscXhQdkY0QTFIMWN2cGNmSjBJVEV2eVdkcFdWWCttTlBqM3RDSkRYVzFVSlRaMnZib01GdHZXSG1BMXVJTHFDYlZJeC9DcDIrQlp5RWxUbzRDN1JFQmxqaVA3N2w3b1M4aHI3TEtsbnlCNW04TmthbEJvY2N6YXpzRzB0aG5kTG5MbHdOdGpZQ0F4dlVHWk15N3NjekRwREJaZ1o5SHlzZmxtdTdCeXo4Z0grRFpFbjdsTEpCT1JUNUsrSmFmSnRQVmVUemRMckdydnJNRDExNTA3aFk2ci9IMXg4cUZaNGFyNG1IdHVYemEzV1hyYmgzeEpVOURxU0MwTFFXOGRJbXhhZm1pbGJwZGdXTGY0ZzkyST18&cppv=2

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a135f9454a9364f98e8613551c6e9a8e8aa1fd63069ecdc0b6bf6e3c4dcc3688

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:34 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2629252
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:34 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=Vy0_u3xVZ0hHUExPeSthODE3THhlbkVjc1VSWlhscXhQdkY0QTFIMWN2cGNmSjBJVEV2eVdkcFdWWCttTlBqM3RDSkRYVzFVSlRaMnZib01GdHZXSG1BMXVJTHFDYlZJeC9DcDIrQlp5RWxUbzRDN1JFQmxqaVA3N2w3b1M4aHI3TEtsbnlCNW04TmthbEJvY2N6YXpzRzB0aG5kTG5MbHdOdGpZQ0F4dlVHWk15N3NjekRwREJaZ1o5SHlzZmxtdTdCeXo4Z0grRFpFbjdsTEpCT1JUNUsrSmFmSnRQVmVUemRMckdydnJNRDExNTA3aFk2ci9IMXg4cUZaNGFyNG1IdHVYemEzV1hyYmgzeEpVOURxU0MwTFFXOGRJbXhhZm1pbGJwZGdXTGY0ZzkyST18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 215974
content-length: 0
expires: 0

GET
H2 204 /
onetag-sys.com/usync/ Frame 440F 0
0 22ms
21ms Document
text/plain 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1701926132137

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-store
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame BF43 281 B
555 B 152ms
46ms Document
text/html 2.19.217.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.217.60 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-217-60.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 07 Dec 2023 05:15:35 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 9D7C 0
82 B 37ms
31ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Thu, 07 Dec 2023 05:15:35 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame E136 52 KB
17 KB 103ms
26ms Document
text/html 184.30.16.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.183 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-183.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Thu, 07 Dec 2023 05:15:35 GMT
ETag: "623de86a-cf34"
Expires: Fri, 08 Dec 2023 05:15:37 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
X-Akamai-EW-Subworker: 8096267

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame CAA2 16 KB
6 KB 98ms
25ms Document
text/html 184.30.16.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-195.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=171629
content-encoding: gzip
content-length: 5622
content-type: text/html
date: Thu, 07 Dec 2023 05:15:35 GMT
expires: Sat, 09 Dec 2023 04:56:04 GMT
last-modified: Thu, 16 Nov 2023 09:11:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame 35DD 9 KB
4 KB 80ms
23ms Document
text/html 13.32.27.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/dfonts.js?1701925800000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-45.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1c20d54555b098aef8269b6fa89b316fa731aac67e6926c1203c27edf8cf9dbd

Request headers

Referer: https://www.dfonts.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 77463
cache-control: max-age=86400
content-encoding: gzip
content-type: text/html
date: Wed, 06 Dec 2023 08:47:07 GMT
etag: W/"ea81456e0a6e1fca0e7a864b1d3121aa"
last-modified: Mon, 02 Oct 2023 23:54:30 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
x-amz-cf-id: x1NyHNp7CceUehDBlgiZlLBKDI-6kTask8hguCLjo3Exd1NZ0ZknNw==
x-amz-cf-pop: FRA56-C2
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:58584356-ee8f-4de0-abcc-b50f847fba2c
x-amz-meta-codebuild-content-md5: d3f9c0952d74faa30fada14e06b377b0
x-amz-meta-codebuild-content-sha256: 8aa4841af9e8588faa6f0e126d94acab1f39eb0115dfa16eac2daccf149690d0
x-amz-server-side-encryption: AES256
x-amz-version-id: null
x-cache: Hit from cloudfront

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame E366 3 KB
1 KB 142ms
43ms Document
text/html 34.240.94.206
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.94.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-94-206.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 0693b922f8f5753de1106d4676878103995a83403b293ce7c7d04b532410aa2a

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Thu, 07 Dec 2023 05:15:35 GMT
etag: W/"0642906e90c40d4be4214657a4c4cd228"
server: nginx
timing-allow-origin: *

GET
H2 204 /
onetag-sys.com/usync/ Frame 3B51 0
0 22ms
21ms Document
text/plain 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 sync Show response
ssbsync.smartadserver.com/api/ Frame 9B6F 882 B
1 KB 165ms
33ms Document
text/html 5.135.209.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.135.209.100 , France, ASN16276 (OVH, FR),
Reverse DNS: ip100.ip-5-135-209.eu
Software: /
Resource Hash: 5619783368ec5d53088632e2f5228ad05e1aa33de92273d501355eb7b42f7e20

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 882
content-type: text/html
date: Thu, 07 Dec 2023 05:15:35 GMT

GET
H2 200 usermatch Show response
ssum-sec.casalemedia.com/ Frame 617A 2 KB
1 KB 49ms
41ms Document
text/html 172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 120dc866d6448303d0b02c7090d14e6d391981dd8124e9bed6424da8873202cc

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 831a4aaa1a7abb9b-FRA
content-encoding: br
content-type: text/html
date: Thu, 07 Dec 2023 05:15:35 GMT
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ryKPDpa3J9xHTv6fFOWPnhS7GIWcf2sibF0dfQk0oXiBm72DFbgaKFNkubMzNgCg4R8hJ0ZNmWvFpc%2FxgObN4%2BdV3qvgqxj9Z5J5ZbUYRulKCFM0KLsa4SFiQJfBHFd%2B25L7t8tWF0wuTA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame E6B0
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=duration_media&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east

281 B
555 B

46ms
46ms

Document
text/html

2.19.217.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.217.60 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-217-60.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 07 Dec 2023 05:15:35 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Thu, 07 Dec 2023 05:15:35 GMT
location: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
server: AkamaiGHost

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 649A 16 KB
6 KB 24ms
23ms Document
text/html 184.30.16.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-195.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=171629
content-encoding: gzip
content-length: 5622
content-type: text/html
date: Thu, 07 Dec 2023 05:15:35 GMT
expires: Sat, 09 Dec 2023 04:56:04 GMT
last-modified: Thu, 16 Nov 2023 09:11:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 sync-iframe Show response
cs-rtb.minutemedia-prebid.com/ Frame 8C6A 0
526 B 172ms
114ms Document
text/html 2600:9000:2057:4c00:1f:4c18:bd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs-rtb.minutemedia-prebid.com/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D348%26uid%3D%7BpartnerId%7D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:4c00:1f:4c18:bd40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://public.servenobid.com/
content-length: 0
content-type: text/html
date: Thu, 07 Dec 2023 05:15:35 GMT
server: istio-envoy
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-id: GANyuS5WdbTSFKR8fE0OUX5eFYwYQXmgRFr_moJSjpg5pB43OyKAyA==
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 0
x-reason: could not perform CS due to GDPR policy: gdpr is not applied

GET
H/1.1 200
OK user-sync Show response
sync.adkernel.com/ Frame 7210 0
134 B 119ms
38ms Document
text/plain 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adkernel.com/user-sync?zone=181225&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D152%26uid%3D%7BUID%7D&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store
Connection: close
Content-Length: 0
Date: Thu, 07 Dec 2023 05:15:35 GMT
Server: nginx

GET
H2 200 sync-iframe Show response
cs-server-s2s.yellowblue.io/ Frame FDE8 0
370 B 383ms
127ms Document
text/html 3.214.250.236
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D352%26uid%3D%7BpartnerId%7D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 3.214.250.236 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-250-236.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://public.servenobid.com/
content-length: 0
content-type: text/html
date: Thu, 07 Dec 2023 05:15:35 GMT
server: istio-envoy
x-envoy-upstream-service-time: 1
x-reason: could not perform CS due to GDPR policy: gdpr is not applied

GET
H2

200

sync
ads.servenobid.com/ Frame 35DD
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=7737806292361387724

0
344 B

48ms
48ms

Image
image/avif

34.249.137.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=7737806292361387724
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.137.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-137-246.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
an-x-request-uuid: 5e829d7d-e347-42d3-9569-8be73415905c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://ads.servenobid.com/sync?pid=312&uid=7737806292361387724
x-proxy-origin: 84.19.175.184; 84.19.175.184; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 35DD
Redirect Chain

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1
https://ads.servenobid.com/sync?pid=310&uid=Hx47sRZH5FSIMIaTQWStiTeb

0
350 B

48ms
47ms

Image
image/avif

34.249.137.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=Hx47sRZH5FSIMIaTQWStiTeb
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.137.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-137-246.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Thu, 07 Dec 2023 05:15:35 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ads.servenobid.com/sync?pid=310&uid=Hx47sRZH5FSIMIaTQWStiTeb
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 35DD 0
277 B 122ms
37ms Image
text/plain 216.52.2.30
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 07 Dec 2023 05:15:35 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H2

200

sync
ads.servenobid.com/ Frame 35DD
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1701926135454
https://ad.turn.com/r/cs?pid=45&rndcb=7264791533
https://sync.1rx.io/usersync/turn/2565260229049947321?dspret=1&gdpr=&gdpr_consent=&us_privacy=
https://sync.targeting.unrulymedia.com/csync/RX-31c69869-111c-42d0-86f5-039a0f1bd3be-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-31c69869-111c-42d0-86f5-039a0f1bd3be-003
https://ads.servenobid.com/sync?pid=321&uid=RX-31c69869-111c-42d0-86f5-039a0f1bd3be-003

0
361 B

48ms
48ms

Image
image/avif

34.249.137.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=321&uid=RX-31c69869-111c-42d0-86f5-039a0f1bd3be-003
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.137.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-137-246.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=321&uid=RX-31c69869-111c-42d0-86f5-039a0f1bd3be-003
date: Thu, 07 Dec 2023 05:15:35 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX31c69869111c42d086f5039a0f1bd3be003
content-type: text/html

GET
H2

200

sync
ads.servenobid.com/ Frame 35DD
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=5142336726765185660

0
344 B

48ms
48ms

Image
image/avif

34.249.137.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=5142336726765185660
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.137.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-137-246.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=5142336726765185660
Date: Thu, 07 Dec 2023 05:15:35 GMT
Server: Jetty(9.4.51.v20230217)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 usa
sync.go.sonobi.com/ Frame 35DD 0
399 B 362ms
117ms Image
text/plain 69.166.1.34
AS-XFERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

69.166.1.34 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
server: sonobi-go
vary: negotiate,Accept-Encoding
x-go-server: go-iad-2-5-38
content-type: text/plain; charset=utf8
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store, private
tcn: Choice
content-length: 0
x-xss-protection: 0
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 35DD
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1YN-&gdpr=0

0
252 B

48ms
48ms

Image
image/avif

34.249.137.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1YN-&gdpr=0
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.137.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-137-246.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1YN-&gdpr=0
date: Thu, 07 Dec 2023 05:15:34 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 0
server: envoy
content-length: 0

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58559/ Frame 35DD 0
15 B 128ms
67ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58559/occ

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.87 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.87
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

sync
ads.servenobid.com/ Frame 35DD
Redirect Chain

https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID
https://ads.servenobid.com/sync?pid=346&uid=ua-245edab7-c8e2-365b-a1ac-9f381675ba97

0
359 B

48ms
47ms

Image
image/avif

34.249.137.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=346&uid=ua-245edab7-c8e2-365b-a1ac-9f381675ba97
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.137.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-137-246.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=346&uid=ua-245edab7-c8e2-365b-a1ac-9f381675ba97
pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
cache-control: no-store
content-length: 0
expires: 0

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58632/ Frame 35DD 0
125 B 84ms
23ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58632/occ

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.87 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.87
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 v1
match.sharethrough.com/universal/ Frame 35DD 0
35 B 80ms
22ms Image
text/plain 3.68.0.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/universal/v1?supply_id=KW3eSFMR&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.68.0.8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-68-0-8.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 35DD
Redirect Chain

https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D353%26uid%3D%3Cvsid%3E
https://ads.servenobid.com/sync?pid=353&uid=0000EEA

0
336 B

48ms
47ms

Image
image/avif

34.249.137.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=353&uid=0000EEA
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.137.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-137-246.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
date: Thu, 07 Dec 2023 05:15:35 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
location: https://ads.servenobid.com/sync?pid=353&uid=0000EEA
content-type: text/html
cache-control: max-age=0, no-cache, no-store
content-length: 154
x-mnet-hl2: E
expires: Thu, 07 Dec 2023 05:15:35 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame CAA2 0
42 B 133ms
37ms Script
text/plain 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=28247484&p=161102&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
content-length: 0

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame E136 0
595 B 36ms
36ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
an-x-request-uuid: 4fea315f-d6ab-440d-b895-daff6929f032
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.184; 84.19.175.184; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

451

501709.gif
idsync.rlcdn.com/ Frame 617A
Redirect Chain

https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZXFU9IWEN-nu.p2i-Wpp8AAA%263296&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZXFU9IWEN-nu.p2i-Wpp8AAA%263296&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=892f50abcc1244dbb432f25701deb609
https://live.rezync.com/sync?c=0aa2530f29e4f4a05b5d5d9bb35d60c2&p=93c1662463a616a7155169889dd99651&pid=892f50ab-cc12-44db-b432-f25701deb609
https://p.rfihub.com/cm?pub=39342&in=1&userid=53368c7a-0de4-4554-92dd-53425967bb28%3A1701926136.217712&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D53368c7a-0de4-4554-92dd-53425967...
https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5142336726765185660&referrer={encSite}&forward=https%3A%2F%2Fidsync.rlcdn.com%2F501709.gif%3Fpartner_uid%3D53368c7a-0de4-4554-92...
https://idsync.rlcdn.com/501709.gif?partner_uid=53368c7a-0de4-4554-92dd-53425967bb28%3A1701926136.217712&_=1701926136.2204893

0
98 B

96ms
33ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/501709.gif?partner_uid=53368c7a-0de4-4554-92dd-53425967bb28%3A1701926136.217712&_=1701926136.2204893
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:36 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

date: Thu, 07 Dec 2023 05:15:36 GMT
via: 1.1 1a3d61cabf9778724765b3e70befe816.cloudfront.net (CloudFront)
server: lighttpd/1.4.69
x-amz-cf-pop: FRA56-C2
vary: Cookie
x-cache: Miss from cloudfront
content-type: text/html; charset=utf-8
location: https://idsync.rlcdn.com/501709.gif?partner_uid=53368c7a-0de4-4554-92dd-53425967bb28%3A1701926136.217712&_=1701926136.2204893
content-length: 445
x-amz-cf-id: CyLeUZtx16wjjsxfVkd_L9gkpwhq_qufiLwfle2GHo7zGo2R0o-lUg==

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 617A 70 B
149 B 153ms
48ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 617A
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZXFU9IWEN_nu-p2i_Wpp8AAADOAAAAIB&gpp=&gpp_sid=
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZXFU9IWEN_nu-p2i_Wpp8AAADOAAAAIB&gpp=&gpp_sid=&dcc=t

43 B
855 B

137ms
136ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZXFU9IWEN_nu-p2i_Wpp8AAADOAAAAIB&gpp=&gpp_sid=&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Dec 2023 05:15:35 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: NWQYQW6X0Q95600K4RB6
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 07 Dec 2023 05:15:35 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: X63PF6C737AM3K75XDKV
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZXFU9IWEN_nu-p2i_Wpp8AAADOAAAAIB&gpp=&gpp_sid=&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

usermatchredir
ssum-sec.casalemedia.com/ Frame 617A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZXFU9IWEN_nu-p2i_Wpp8AAADOAAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEEmK2Ccp6y6c62SKOiZkyuI&google_cver=1

43 B
731 B

36ms
35ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEEmK2Ccp6y6c62SKOiZkyuI&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HOtHJeK7D7hudZMzzOGJS0xiLlow1xrPUV7n9FSikAOredrBfG3jiVnVxaZs3xywNb0ty0%2FIgVH%2F4MIug%2FvojFot1rlYWEs0g6NtG0uqGlA9tcOdWLmnojMae2jrcYlyE3TdQWv0afU%2FRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 831a4aaa98911bcf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEEmK2Ccp6y6c62SKOiZkyuI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 364
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tp_out
d.adroll.com/cm/index/ Frame 617A 42 B
181 B 144ms
45ms Image
image/gif 2a05:d018:cc3:fe05:e92:7b45:a851:1db9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/index/tp_out?advertisable=3GMDZMBFQREVBC75SYYKWH
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe05:e92:7b45:a851:1db9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
cache-control: no-transform,public,max-age=300,s-maxage=900
server: nginx/1.22.1
content-length: 42
vary: Cookie
content-type: image/gif

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 617A
Redirect Chain

https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZXFU9IWEN-nu.p2i-Wpp8AAA%263296
https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZXFU9IWEN-nu.p2i-Wpp8AAA%263296&tc=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=qUSaH0BAVwprWp0tMFRaBfK6DLxsGsD1spPr16nWSxc&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZXFU9IWEN-nu.p2i-Wpp8AAA%263296&tc=1

43 B
736 B

39ms
39ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=qUSaH0BAVwprWp0tMFRaBfK6DLxsGsD1spPr16nWSxc&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZXFU9IWEN-nu.p2i-Wpp8AAA%263296&tc=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ea1GQwk2%2BPVav8z0QlNlJbR7aoe7HdCwTba9LwhAOz2aERw72fLR%2BXe69dviuMI5EILrRObgxUduAwNm5WCyboR%2FdkuRirrL7UiGHOzdE2noK7LX17SDQ876LlFS%2B7tGTTzDA%2FgEQ%2B3YPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 831a4aab490e1bcf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=qUSaH0BAVwprWp0tMFRaBfK6DLxsGsD1spPr16nWSxc&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZXFU9IWEN-nu.p2i-Wpp8AAA%263296&tc=1
pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT, Thu, 07 Dec 2023 05:15:35 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 617A
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=zS92Uchm1Rb6Jx5

43 B
735 B

39ms
39ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=zS92Uchm1Rb6Jx5
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p2cwjkj925V4ElT2Y9NKdRdXLGm7Fzcwl%2F9zWFjtLTCLdL67nj9%2B0%2FucMa9%2FpTKacOm%2BfN8wUEnTRHek9IjLXprC1YaWrBpPezthizqDoeY6YeD%2F8jwalcWIOuIcMYTfPo0AsBorKbWrpg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 831a4aab29011bcf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 07 Dec 2023 05:15:35 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-006fa252bd7417634@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=zS92Uchm1Rb6Jx5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 617A
Redirect Chain

https://trace.mediago.io/ju/cs/indexexchange
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=9d9fcb00445891302ujurk00lpuqvmzy

43 B
732 B

38ms
38ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=9d9fcb00445891302ujurk00lpuqvmzy
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yFwn0utjy%2BX78ypEopwJ9JZVudwAUG7ExAs3621SlCWbTkCr2cQ8dEwk%2FeRd5StMe4e7IoudrVIkPZn8fZwKiVWVahvXHuRSWZA5e%2FPdl2wK8hcGd76DE4YxhUtATmOISSzA5pShVKRpvg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 831a4aaddb111bcf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

date: Thu, 07 Dec 2023 05:15:35 GMT
via: 1.1 google
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=9d9fcb00445891302ujurk00lpuqvmzy
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 sync
ads.servenobid.com/ Frame 617A 0
357 B 48ms
48ms Image
image/avif 34.249.137.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=333&uid=ZXFU9IWEN_nu-p2i_Wpp8AAADOAAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.137.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-137-246.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame BF43 46 KB
13 KB 48ms
48ms Script
text/html 2.19.217.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.217.60 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-217-60.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: df1a6759cb2c74060ccc1c84a6a3dda6eb96edba71eaf94b4c62586e7fa42575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 05:15:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Dec 2023 09:38:06 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=15784
Connection: keep-alive
Content-Length: 13235
Expires: Thu, 07 Dec 2023 09:38:39 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame BF43 7 B
380 B 121ms
25ms XHR
application/json 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 402fba8a82f093def2459220061c8d31
Expires: 0

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame E366
Redirect Chain

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
https://usersync.gumgum.com/usersync?b=apn&i=7737806292361387724

35 B
250 B

151ms
46ms

Image
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=apn&i=7737806292361387724
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 07 Dec 2023 05:15:35 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
an-x-request-uuid: 96a61f2d-904d-4754-a528-f2992ba0f2e1
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://usersync.gumgum.com/usersync?b=apn&i=7737806292361387724
x-proxy-origin: 84.19.175.184; 84.19.175.184; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
x.bidswitch.net/ Frame E366
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_0667704d-3cbf-419b-b4bc-766a4ae4c227&gdpr=0&gdpr_consent=&us_privacy=1---
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_0667704d-3cbf-419b-b4bc-766a4ae4c227&gdpr=0&gdpr_consent=&us_privacy=1---
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=gumgum2
https://x.bidswitch.net/sync?dsp_id=70&user_id=9047829430685708652&ssp=gumgum2

43 B
145 B

24ms
23ms

Image
image/gif

52.28.146.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=70&user_id=9047829430685708652&ssp=gumgum2
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.28.146.18 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-146-18.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://x.bidswitch.net/sync?dsp_id=70&user_id=9047829430685708652&ssp=gumgum2
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame E366
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://usersync.gumgum.com/usersync?b=opx&i=58b51560-9e06-4b06-b86e-3175037577a2

35 B
250 B

133ms
47ms

Image
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=opx&i=58b51560-9e06-4b06-b86e-3175037577a2
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 07 Dec 2023 05:15:35 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

date: Thu, 07 Dec 2023 05:15:35 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://usersync.gumgum.com/usersync?b=opx&i=58b51560-9e06-4b06-b86e-3175037577a2
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame E366
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=sta&i=0-cd591e90-626d-5fa4-77f2-fa711c7c25ae$ip$84.19.175.184

35 B
250 B

46ms
46ms

Image
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=sta&i=0-cd591e90-626d-5fa4-77f2-fa711c7c25ae$ip$84.19.175.184
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 07 Dec 2023 05:15:36 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

Location: https://usersync.gumgum.com/usersync?b=sta&i=0-cd591e90-626d-5fa4-77f2-fa711c7c25ae$ip$84.19.175.184
Date: Thu, 07 Dec 2023 05:15:35 GMT
Connection: keep-alive
Content-Length: 127
Content-Type: text/html; charset=utf-8

GET
H2 200 gumgum
pr-bh.ybp.yahoo.com/sync/ Frame E366 43 B
426 B 158ms
51ms Image
image/gif 2a05:d018:d29:3601:c84a:f3f:c1a8:24dc
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3601:c84a:f3f:c1a8:24dc Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame E366
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fuser...
https://usersync.gumgum.com/usersync?b=vnt&i=cca7ba37-b57c-4d35-bced-22faf712a0a0

35 B
250 B

46ms
46ms

Image
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=vnt&i=cca7ba37-b57c-4d35-bced-22faf712a0a0
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 07 Dec 2023 05:15:36 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

Location: https://usersync.gumgum.com/usersync?b=vnt&i=cca7ba37-b57c-4d35-bced-22faf712a0a0
Date: Thu, 07 Dec 2023 05:15:35 GMT
Connection: keep-alive
X-CI-RTID: d78033c5-db00-4394-b853-6e9b7cdebcd3
Content-Length: 108
Content-Type: text/html; charset=utf-8

GET
H2 200 142
match.deepintent.com/usersync/ Frame E366 0
44 B 334ms
109ms Image
text/plain 169.197.150.8
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
content-length: 0
server: b

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame E366
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_0667704d-3cbf-419b-b4bc-766a4ae4c227&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
https://b1sync.zemanta.com/usersync/gumgum/?cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__&gdpr=0&gdpr_consent=&puid=e_0667704d-3cbf-419b-b4bc-766a4ae4c227&s=2&us_privacy=...
https://usersync.gumgum.com/usersync?b=zem&i=OuyQlLGacZeNWisePUkW&gdpr=0&us_privacy=1---

35 B
250 B

46ms
46ms

Image
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=zem&i=OuyQlLGacZeNWisePUkW&gdpr=0&us_privacy=1---
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 07 Dec 2023 05:15:36 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 07 Dec 2023 05:15:36 GMT
Content-Type: text/html; charset=utf-8
Location: https://usersync.gumgum.com/usersync?b=zem&i=OuyQlLGacZeNWisePUkW&gdpr=0&us_privacy=1---
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 123
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame E366
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://usersync.gumgum.com/usersync?b=pln&i=a28b4fuIW9Vw&ev=1&pid=558355

35 B
250 B

117ms
46ms

Image
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=pln&i=a28b4fuIW9Vw&ev=1&pid=558355
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 07 Dec 2023 05:15:35 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

strict-transport-security: max-age=15768000
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server: Jetty(10.0.14)
content-language: de-DE
location: https://usersync.gumgum.com/usersync?b=pln&i=a28b4fuIW9Vw&ev=1&pid=558355
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-5c6449b65-v92vn
expires: -1

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame E366
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=sad&i=8929380387806690083

35 B
250 B

174ms
47ms

Image
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=sad&i=8929380387806690083
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 07 Dec 2023 05:15:35 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

location: https://usersync.gumgum.com/usersync?b=sad&i=8929380387806690083
date: Thu, 07 Dec 2023 05:15:34 GMT
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame E366 0
358 B 50ms
47ms Image
image/avif 34.249.137.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_0667704d-3cbf-419b-b4bc-766a4ae4c227
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.137.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-137-246.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 3AE8
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?CC=1&party=1301&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=adf&i=173419606983424896&gdpr=0&gdpr_consent=

35 B
208 B

61ms
46ms

Document
image/gif

34.240.94.206
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=adf&i=173419606983424896&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.94.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-94-206.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif;charset=UTF-8
date: Thu, 07 Dec 2023 05:15:35 GMT
expires: 0
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
date: Thu, 07 Dec 2023 05:15:35 GMT
expires: -1
location: https://rtb.gumgum.com/usersync?b=adf&i=173419606983424896&gdpr=0&gdpr_consent=
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 pixel Show response
cm.g.doubleclick.net/ Frame 18C6 170 B
188 B 35ms
31ms Document
image/png 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wNjY3NzA0ZC0zY2JmLTQxOWItYjRiYy03NjZhNGFlNGMyMjc=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 170
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 05:15:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 945E 16 KB
6 KB 27ms
25ms Document
text/html 184.30.16.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-195.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=171629
content-encoding: gzip
content-length: 5622
content-type: text/html
date: Thu, 07 Dec 2023 05:15:35 GMT
expires: Sat, 09 Dec 2023 04:56:04 GMT
last-modified: Thu, 16 Nov 2023 09:11:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 generic Show response
match.adsrvr.org/track/cmf/ Frame 168A 70 B
148 B 59ms
50ms Document
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 70
content-type: image/gif
date: Thu, 07 Dec 2023 05:15:35 GMT
server: Kestrel

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame F924
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://usersync.gumgum.com/usersync?b=sus&i=ZXFU.MCo8XkAACEiPgIAAAAA

35 B
250 B

47ms
46ms

Document
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=sus&i=ZXFU.MCo8XkAACEiPgIAAAAA
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Thu, 07 Dec 2023 05:15:36 GMT
Expires: 0
Pragma: no-cache

Redirect headers

Cache-Control: private
Connection: keep-alive
Content-Length: 0
Date: Thu, 07 Dec 2023 05:15:36 GMT
Location: https://usersync.gumgum.com/usersync?b=sus&i=ZXFU.MCo8XkAACEiPgIAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
Server: nginx
X-SO-Ads-Time: 3
X-SO-Cluster-ID: 0
X-SO-HostName: m-ad193.dc4p.scaleout.jp
X-SO-IP: 84.19.175.184
X-SO-Key: ZXFU.MCo8XkAACEiPgIAAAAA
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"ZXFU.MCo8XkAACEiPgIAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad193"}
X-SO-LB-Hostname: m-tgng21.dc4p.scaleout.jp
X-SO-Upstream-ID: m-ad193

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame CA40
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://usersync.gumgum.com/usersync?b=rth&i=m9kjEg8OXlK0GEQcFmXLGmLD7X68i-Eh8mXdV4DA0pM&pi=gumgum&tc=1

35 B
250 B

124ms
47ms

Document
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=rth&i=m9kjEg8OXlK0GEQcFmXLGmLD7X68i-Eh8mXdV4DA0pM&pi=gumgum&tc=1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Thu, 07 Dec 2023 05:15:35 GMT
Expires: 0
Pragma: no-cache

Redirect headers

cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
date: Thu, 07 Dec 2023 05:15:35 GMT Thu, 07 Dec 2023 05:15:35 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://usersync.gumgum.com/usersync?b=rth&i=m9kjEg8OXlK0GEQcFmXLGmLD7X68i-Eh8mXdV4DA0pM&pi=gumgum&tc=1
pragma: no-cache

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame BEFA
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

281 B
555 B

51ms
48ms

Document
text/html

2.19.217.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.217.60 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-217-60.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 07 Dec 2023 05:15:35 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Thu, 07 Dec 2023 05:15:35 GMT
location: https://eus.rubiconproject.com/usync.html?p=gumgum
server: AkamaiGHost

GET
H2 200 sync
ads.servenobid.com/ Frame 9B6F 0
344 B 48ms
48ms Image
image/avif 34.249.137.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=8612948079568403207&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.137.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-137-246.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 9B6F
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=30&p=273&cp=smartortb&cu=1&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D79%26partneruserid%3D%40%40CRITEO_USERID%40%4...
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=2e33c140-b403-4338-9357-592f25ed83b2&gdpr=0&gdpr_consent=

43 B
425 B

126ms
43ms

Image
image/gif

185.86.138.145
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=2e33c140-b403-4338-9357-592f25ed83b2&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.138.145 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
cache-control: no-cache,no-store
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:34 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=2e33c140-b403-4338-9357-592f25ed83b2&gdpr=0&gdpr_consent=
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 850794
content-length: 0
expires: Thu, 07 Dec 2023 00:00:00 GMT

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 9B6F
Redirect Chain

https://cms.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=Iy0FOyAsVD04IQJsdC8faCMrVjM4fAEzcCkgTf3T

43 B
163 B

139ms
41ms

Image
image/gif

185.86.138.145
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=Iy0FOyAsVD04IQJsdC8faCMrVjM4fAEzcCkgTf3T
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.138.145 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 05:15:35 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=Iy0FOyAsVD04IQJsdC8faCMrVjM4fAEzcCkgTf3T
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 9B6F
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=...
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=94&partneruserid=ZXFU9wAFFzVP2QBU&gdpr=0&gdpr_consent=&_test=ZXFU9wAFFzVP2QBU

43 B
421 B

49ms
49ms

Image
image/gif

185.86.138.145
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=94&partneruserid=ZXFU9wAFFzVP2QBU&gdpr=0&gdpr_consent=&_test=ZXFU9wAFFzVP2QBU
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.138.145 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
cache-control: no-cache,no-store
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

x-served-by: cache-cph2320038-CPH
pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1701926136.780970,VS0,VE0
x-cache: HIT
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=94&partneruserid=ZXFU9wAFFzVP2QBU&gdpr=0&gdpr_consent=&_test=ZXFU9wAFFzVP2QBU
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 9B6F
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D92%26partneruserid%3D%25%25VGUID%25%25&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=JqXgeDUvs1jN&ev=1&pid=560288&gdpr_consent=&gdpr=0

43 B
401 B

149ms
50ms

Image
image/gif

185.86.138.145
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=JqXgeDUvs1jN&ev=1&pid=560288&gdpr_consent=&gdpr=0
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.138.145 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 07 Dec 2023 05:15:35 GMT
cache-control: no-cache,no-store
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

strict-transport-security: max-age=15768000
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server: Jetty(10.0.14)
content-language: de-DE
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=JqXgeDUvs1jN&ev=1&pid=560288&gdpr_consent=&gdpr=0
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-5c6449b65-rq9bf
expires: -1

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame E6B0 46 KB
13 KB 105ms
55ms Script
text/html 2.19.217.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.217.60 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-217-60.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: df1a6759cb2c74060ccc1c84a6a3dda6eb96edba71eaf94b4c62586e7fa42575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 05:15:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Dec 2023 09:38:06 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=15784
Connection: keep-alive
Content-Length: 13235
Expires: Thu, 07 Dec 2023 09:38:39 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame BEFA 46 KB
13 KB 65ms
40ms Script
text/html 2.19.217.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.217.60 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-217-60.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: df1a6759cb2c74060ccc1c84a6a3dda6eb96edba71eaf94b4c62586e7fa42575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 05:15:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Dec 2023 09:38:06 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=15784
Connection: keep-alive
Content-Length: 13235
Expires: Thu, 07 Dec 2023 09:38:39 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame E6B0 7 B
380 B 23ms
23ms XHR
application/json 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 402fba8a82f093def2459220061c8d31
Expires: 0

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame BEFA 7 B
380 B 40ms
24ms XHR
application/json 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 402fba8a82f093def2459220061c8d31
Expires: 0

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame E136 0
595 B 36ms
35ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 05:15:36 GMT
an-x-request-uuid: 927c561f-f838-4988-a723-f6d2dac304a6
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.184; 84.19.175.184; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Verdicts & Comments Add Verdict or Comment

223 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

80 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
i.liadm.com/s	1970-01-20 17:28:38	Name: _li_ss Value: CggKBgiiARDWFg
.dfonts.org/	1970-01-21 02:21:26	Name: _ga_MR52E2DEC2 Value: GS1.1.1701926131.1.0.1701926131.0.0.0
.dfonts.org/	1970-01-21 02:21:26	Name: _ga Value: GA1.2.2052933350.1701926132
.dfonts.org/	1970-01-20 16:46:52	Name: _gid Value: GA1.2.1880796810.1701926132
.dfonts.org/	1970-01-20 16:45:26	Name: _gat_gtag_UA_91655558_5 Value: 1
.dfonts.org/	1970-01-20 16:45:26	Name: lotame_domain_check Value: dfonts.org
.rubiconproject.com/	1970-01-21 01:31:02	Name: khaos Value: LPUQVK5X-I-JUP1
.rubiconproject.com/	1970-01-21 01:31:02	Name: audit Value: 1\|naVuGyos1qrJ4vqbZE1wNObASkO6QPb7E03ikE5KqM38WIacSke7l8kWru6aICajoMTt49qpOjYvqW4iVreBbMxuhZpbWKLtKo1K0XDjsVm+xUA9sgf/4eNEKcfJxgEB
.doubleclick.net/	1970-01-21 02:07:02	Name: IDE Value: AHWqTUmeASUx2vhASEIXe0JdUk-6PGMXJbSkDy2xZisAKlFbOnT8bRKM2WUx_cTv
.adnxs.com/	1970-01-20 18:55:02	Name: uuid2 Value: 7737806292361387724
.casalemedia.com/	1970-01-21 01:31:02	Name: CMID Value: ZXFU9IWEN-nu.p2i-Wpp8AAA
.casalemedia.com/	1970-01-20 18:55:02	Name: CMPS Value: 3296
.casalemedia.com/	1970-01-20 18:55:02	Name: CMPRO Value: 3296
m.exactag.com/	1970-01-20 18:55:02	Name: exactag_new_gk Value: aa2e07ed6aca47e5a6ebd670558bef16%7C05.02.2024%2005%3A15%3A32
m.exactag.com/	1970-01-20 21:04:38	Name: exactag_new_uk Value: 06b4cbe8aecc47cdb1d5b8e2ff457fe1%7C
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 0a146faec91d41e392d64add
.dfonts.org/	1970-01-21 02:07:02	Name: __gads Value: ID=e1c29846672c8c4d:T=1701926132:RT=1701926132:S=ALNI_MYOJVbjaZVd8DKss8prOY6sds9g5g
.dfonts.org/	1970-01-21 02:07:02	Name: __gpi Value: UID=00000d0ca9953771:T=1701926132:RT=1701926132:S=ALNI_MYrVw-qaYgpMAz6Wnl_t9VmTnE4Bg
.doubleclick.net/	1970-01-20 21:04:38	Name: APC Value: AfxxVi5DohR09WUwrlxn5Ao72klL-VOtsLb31feGPdP4676pwTMhsA
.adnxs.com/	1970-01-20 18:55:02	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In3IsBJX!A#Fc.TOKKnyW<U1`VROYQM-:b>ndgN^DW!FqM:U]4@ViSGvRbQ9#KHTy.tc<QG=%9sk@3@'s>T8V</Q
.doubleclick.net/	1970-01-20 16:45:29	Name: DSID Value: NO_DATA
.adfarm1.adition.com/	1970-01-20 18:55:02	Name: UserID1 Value: 7309717081462800743
.googleadservices.com/	1970-01-20 18:55:02	Name: ar_debug Value: 1
.criteo.com/	1970-01-21 02:07:02	Name: receive-cookie-deprecation Value: 1
.criteo.com/	1970-01-21 02:07:02	Name: uid Value: 2e33c140-b403-4338-9357-592f25ed83b2
.dfonts.org/	1970-01-21 02:07:02	Name: cto_bundle Value: cQhSQF9PRHVoQmdJdlFUam9FblJPdm40aEwxZXlIMFdMZHJ4Smc2R1JWbWw1SENmTCUyRmRld2t6c0taJTJCSEhnTlprN1FYdWFBV1VBSGtCODNmN2lycyUyRjlSNDRTckFJQXdvNm82bnBJMm1PN0Ewd3RjZTdMUldnb1BwMDdkZEQ2U2VMQmtkVVp6JTJCYyUyRndNQjczYk9pWTZBWlB2cHRnJTNEJTNE
.ads.pubmatic.com/	1970-01-20 16:46:52	Name: KCCH Value: YES
.servenobid.com/	1970-01-20 16:55:30	Name: pid_312 Value: 7737806292361387724
.servenobid.com/	1970-01-20 16:55:30	Name: pid_333 Value: ZXFU9IWEN_nu-p2i_Wpp8AAADOAAAAIB
.lijit.com/	1970-01-21 01:31:02	Name: ljt_reader Value: Hx47sRZH5FSIMIaTQWStiTeb
prebid.a-mo.net/	1970-01-20 16:45:26	Name: _Amc_b Value: 0
.gumgum.com/	1970-01-21 01:31:02	Name: vst Value: e_0667704d-3cbf-419b-b4bc-766a4ae4c227
.w55c.net/	1970-01-21 02:17:06	Name: wfivefivec Value: zS92Uchm1Rb6Jx5
.creativecdn.com/	1970-01-21 01:31:02	Name: ts Value: 1701926135
.lijit.com/	1970-01-21 01:31:02	Name: _ljtrtb_273657 Value: 273657
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MTI2NjM3MjM3MzW0MDUzMxDiM9QNSPeMcE8uLknJSzMGAGSUtlIlAAAA
.rfihub.com/	1970-01-21 02:07:02	Name: rud Value: H4sIAAAAAAAA_-MSNjU0MTI2NjM3MjM3MzW0MDUzMxDiM9QNSPeMcE8uLknJSzMGAGSUtlIlAAAA
.w55c.net/	1970-01-20 17:28:38	Name: matchcasale Value: 5
.creativecdn.com/	1970-01-21 01:31:02	Name: u Value: qFoHjuhl03tizDYghpKa
.creativecdn.com/	1970-01-21 01:31:02	Name: g Value: qFoHjuhl03tizDYghpKa_1701926135525
.smartadserver.com/	1970-01-21 02:15:40	Name: pid Value: 8929380387806690083
.openx.net/	1970-01-21 01:31:02	Name: i Value: 7c248e49-1f94-4ca7-85c3-e970af024519\|1701926135
.servenobid.com/	1970-01-20 16:55:30	Name: pid_309 Value: e_0667704d-3cbf-419b-b4bc-766a4ae4c227
.servenobid.com/	1970-01-20 16:55:30	Name: pid_310 Value: Hx47sRZH5FSIMIaTQWStiTeb
.servenobid.com/	1970-01-20 16:55:30	Name: pid_317 Value: 8612948079568403207
.servenobid.com/	1970-01-20 16:55:30	Name: pid_324 Value: 5142336726765185660
.bidswitch.net/	1970-01-21 01:31:02	Name: tuuid Value: aae71dad-46cf-4d89-b219-9ac453f48e50
.bidswitch.net/	1970-01-21 01:31:02	Name: c Value: 1701926135
.bidswitch.net/	1970-01-21 01:31:02	Name: tuuid_lu Value: 1701926135
.quantserve.com/	1970-01-20 18:55:02	Name: d Value: EAgBDQHNKoir0QA
.quantserve.com/	1970-01-21 02:15:40	Name: mc Value: 657154f7-90fa7-b63d9-d39e1
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 3a2cb37e86a262eb
.adform.net/	1970-01-20 17:30:04	Name: C Value: 1
.turn.com/	1970-01-20 21:04:38	Name: uid Value: 2565260229049947321
.servenobid.com/	1970-01-20 16:55:30	Name: pid_353 Value: 0000EEA
.1rx.io/	1970-01-21 01:31:02	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-31c69869-111c-42d0-86f5-039a0f1bd3be-003%22%7D
.adform.net/	1970-01-20 18:11:50	Name: uid Value: 9047829430685708652
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8G Value: s8538\|ZXFU+
.disqus.com/	1970-01-21 01:31:02	Name: zeta-ssp-user-id Value: ua-245edab7-c8e2-365b-a1ac-9f381675ba97
.everesttech.net/	1970-01-21 01:31:02	Name: everest_g_v2 Value: g_surferid~ZXFU9wAFFzVP2QBU
.servenobid.com/	1970-01-20 16:55:30	Name: pid_346 Value: ua-245edab7-c8e2-365b-a1ac-9f381675ba97
.targeting.unrulymedia.com/	1970-01-21 01:31:02	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-31c69869-111c-42d0-86f5-039a0f1bd3be-003%22%7D
.smartadserver.com/	1970-01-21 01:32:28	Name: csync Value: 92:JqXgeDUvs1jN\|94:ZXFU9wAFFzVP2QBU
.servenobid.com/	1970-01-20 16:55:30	Name: pid_321 Value: RX-31c69869-111c-42d0-86f5-039a0f1bd3be-003
.amazon-adsystem.com/	1970-01-20 21:43:30	Name: ad-id Value: A0wKoNeD9U-ErTu7nTX3y1I
.amazon-adsystem.com/	1970-01-21 02:21:26	Name: ad-privacy Value: 0
.liadm.com/	1970-01-21 02:21:26	Name: lidid Value: 892f50ab-cc12-44db-b432-f25701deb609
.mediago.io/	1970-01-21 01:31:02	Name: __mguid_ Value: 9d9fcb00445891302ujurk00lpuqvmzy
.ipredictive.com/	1970-01-21 01:31:02	Name: cu Value: cca7ba37-b57c-4d35-bced-22faf712a0a0\|1701926135935
.zemanta.com/	1970-01-21 01:31:02	Name: zuid Value: OuyQlLGacZeNWisePUkW
sync.srv.stackadapt.com/	1970-01-21 01:31:02	Name: sa-user-id Value: s%3A0-cd591e90-626d-5fa4-77f2-fa711c7c25ae.QzTHb3z7gYqt0BMeac%2BXwe7S8h4CvMA%2B2jt8qNk%2BOos
.srv.stackadapt.com/	1970-01-21 01:31:02	Name: sa-user-id Value: s%3A0-cd591e90-626d-5fa4-77f2-fa711c7c25ae.QzTHb3z7gYqt0BMeac%2BXwe7S8h4CvMA%2B2jt8qNk%2BOos
sync.srv.stackadapt.com/	1970-01-21 01:31:02	Name: sa-user-id-v2 Value: s%3AzVkekGJtX6R38vpxHHwlrlQTr7g.W8YjXyWoBjWrDTHbYbe0KlN5OVSz4a3UQjngpZzWaRg
.srv.stackadapt.com/	1970-01-21 01:31:02	Name: sa-user-id-v2 Value: s%3AzVkekGJtX6R38vpxHHwlrlQTr7g.W8YjXyWoBjWrDTHbYbe0KlN5OVSz4a3UQjngpZzWaRg
sync.srv.stackadapt.com/	1970-01-21 01:31:02	Name: sa-user-id-v3 Value: s%3AAQAKIFyIvLX3H1eASrZuKY3zIYwTG35A0XxVTwRw3UW3siYzEHwYBCD3qcWrBjABOgSVjvJGQgRajsMz.WU2G6b9OKheShCwhJ1JQUyeIGNQRSKNmBsyQbynXG%2BM
.srv.stackadapt.com/	1970-01-21 01:31:02	Name: sa-user-id-v3 Value: s%3AAQAKIFyIvLX3H1eASrZuKY3zIYwTG35A0XxVTwRw3UW3siYzEHwYBCD3qcWrBjABOgSVjvJGQgRajsMz.WU2G6b9OKheShCwhJ1JQUyeIGNQRSKNmBsyQbynXG%2BM
.rezync.com/	1970-01-20 21:04:38	Name: zync-uuid Value: 53368c7a-0de4-4554-92dd-53425967bb28:1701926136.217712
.rfihub.com/	1970-01-21 02:07:02	Name: eud Value: H4sIAAAAAAAA_1XIuRGAMAwEwAqIHFCFGOn0YbrBmIYICSmHqgg9hLtXCVeN9ciduJ9G5m5U0Tu5GrxGtoZ1k2SpCNFYIJmCu0zjFPz8Le887A7-AAgiziFpAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAA_wXBwRGAMAgEwI_t4ISDg2A3RmwklWd3X0GzmF--Mvp3cdKl0C00BytyLcxHc2gh1OKGZioOlvkHhDkAAAA
live.rezync.com/	1970-01-20 21:04:38	Name: sd-session-id Value: .eJwVysEOgyAMANB_6VkWWmgL_IxR4UA22SJ6mfHf544veSeMn7KtUytth7RvRxlgedVbHdIJvX7X8oQEjJ6cEyVRYQwsYuEaoJfe67uNNf_PHcKik7G5eOOZvYmUs2HniaPoPFNIqBYjCTp5EKoiwfUDcV8kqw.ZXFU-A.oFM4-clmUDYw7jWqCTB6I5MofVY

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://idsync.rlcdn.com/501709.gif?partner_uid=53368c7a-0de4-4554-92dd-53425967bb28%3A1701926136.217712&_=1701926136.2204893 Message: Failed to load resource: the server responded with a status of 451 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8e8ca4422f36c57c57006405c44a8d9a.safeframe.googlesyndication.com
a.ad.gt
aax.amazon-adsystem.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ad.turn.com
ad2.adfarm1.adition.com
ad4.adfarm1.adition.com
ads.pubmatic.com
ads.servenobid.com
ap.lijit.com
api.btloader.com
b1sync.zemanta.com
bcp.crwdcntrl.net
bh.contextweb.com
bidder.criteo.com
btloader.com
buysellads-d.openx.net
c.amazon-adsystem.com
c1.adform.net
cdn.hadronid.net
cdn.id5-sync.com
cdn4.buysellads.net
ce.lijit.com
choices.truste.com
cm.g.doubleclick.net
cms.quantserve.com
config.aps.amazon-adsystem.com
connect.facebook.net
creativecdn.com
cs-rtb.minutemedia-prebid.com
cs-server-s2s.yellowblue.io
d.adroll.com
dis.criteo.com
dsum-sec.casalemedia.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
googleads.g.doubleclick.net
gum.criteo.com
hb-api.omnitagjs.com
hbopenbid.pubmatic.com
hbx.media.net
i.liadm.com
ib.adnxs.com
id.hadron.ad.gt
id5-sync.com
idsync.rlcdn.com
image6.pubmatic.com
imagesrv.adition.com
lb.eu-1-id5-sync.com
live.rezync.com
m.exactag.com
match.adsrvr.org
match.deepintent.com
match.sharethrough.com
mp.4dex.io
mug.criteo.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prg.smartadserver.com
public.servenobid.com
region1.google-analytics.com
rtb-csync.smartadserver.com
rtb.gumgum.com
s.amazon-adsystem.com
s0.2mdn.net
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
securepubads.g.doubleclick.net
srv.buysellads.com
ssbsync.smartadserver.com
ssp.disqus.com
ssum-sec.casalemedia.com
static.criteo.net
sync-tm.everesttech.net
sync.1rx.io
sync.adkernel.com
sync.go.sonobi.com
sync.ipredictive.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
tags.crwdcntrl.net
tg.socdm.com
token.rubiconproject.com
tpc.googlesyndication.com
trace.mediago.io
u.openx.net
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
www.dfonts.org
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
104.64.126.246
108.138.1.25
124.146.153.164
13.32.119.77
13.32.27.28
13.32.27.45
130.211.23.194
141.95.33.120
142.250.184.198
142.250.74.194
143.204.215.88
145.40.97.66
151.101.66.49
161.35.94.134
162.19.138.83
169.197.150.8
172.217.16.194
172.64.151.101
178.250.1.9
184.30.16.183
184.30.16.195
184.30.211.26
185.184.8.90
185.64.189.112
185.86.138.145
185.86.138.16
193.0.160.131
198.47.127.19
2.18.160.23
2.19.217.60
2001:4860:4802:34::36
2001:678:cb4:bbbb::11
208.93.169.131
213.202.235.10
216.52.2.30
216.52.2.86
217.79.188.21
217.79.188.46
217.79.188.59
2600:9000:2057:4c00:1f:4c18:bd40:93a1
2602:803:c003:200::21
2606:4700:10::6816:34ad
2606:4700:10::6816:445
2606:4700:10::6816:4ad8
2606:4700:10::ac43:17ea
2606:4700:10::ac43:266a
2606:4700:20::681a:346
2606:4700:20::681a:8a9
2606:4700:4400::6812:22b2
2620:116:800d:21:7eb1:3826:be7e:d981
2a00:1450:4001:808::2001
2a00:1450:4001:80f::2008
2a00:1450:4001:810::2004
2a00:1450:4001:813::200a
2a00:1450:4001:81c::2001
2a00:1450:4001:828::2002
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2006
2a02:2638:3::3
2a02:2638:3::7
2a02:2638:3::c
2a03:2880:f084:d:face:b00c:0:3
2a05:d018:cc3:fe05:e92:7b45:a851:1db9
2a05:d018:d29:3601:c84a:f3f:c1a8:24dc
3.214.250.236
3.231.9.89
3.68.0.8
3.75.62.37
34.240.94.206
34.247.233.198
34.249.137.246
35.190.31.54
35.208.249.213
35.244.159.8
35.244.174.68
35.71.131.137
37.157.6.237
37.252.172.123
46.228.174.117
5.135.209.100
51.89.9.252
52.212.46.188
52.28.146.18
52.46.130.91
52.50.121.249
52.57.164.72
54.165.74.222
54.198.207.123
54.88.245.32
64.227.38.224
65.9.66.104
69.166.1.34
69.173.144.138
70.42.32.63
77.245.57.72
99.86.4.39
00444cf69273dfb4bc5dd06c52e846eeb8744482e77d8d6839d046905b43fa30
0329648c2245364002928c0e30110f0a4669e099dfdb18cb3ba8711e89d0d616
04bcd80d42f1c5e79821d81242a438dadf9611ecfd4e3398ada706257b0d7f3d
0693b922f8f5753de1106d4676878103995a83403b293ce7c7d04b532410aa2a
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0790d3a5d577732707e3ad67c5dd7cf11ddb415ebe325e5f0713925bd22c9fe5
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c1ce1aa8e07e9cd49cd881147c0495b5c636dab10ab1c30ceb935b74a8c0ecd
0e22e6a4c1770831466a702ad01381d6e8ad3facca6587e0f70bd4fe77679b00
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
120dc866d6448303d0b02c7090d14e6d391981dd8124e9bed6424da8873202cc
1312e54d81f5e1f7fca841587ff4fe68e3b9bf10408ed2d1153a205db0dfa891
151ddda4bb0ed3cbce7d7cba31702611b63346736aa16d2773700a1ee4b43e46
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c20d54555b098aef8269b6fa89b316fa731aac67e6926c1203c27edf8cf9dbd
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
2365cc11ef3d43f265b848c7164e5487c7a49d6af06c2938ac9272c8d91fc1a2
23836c52582c1ddeba713c22ebb82a74da9774e9ad5b2a70ef89c01c919b6383
25fdc7a17a7b3884e86c6f6b72b60288025980e5bcfff6b736f077902c1697ef
26305a08644b4f51b55812cf0ecf879c22da303a365b3d2769baa1b54c028c4d
27ee242b921f59d78e31c26fccf87878dace33101a167f8fa281b486e57c2097
2c405ed5404f8e366cc975ac31eac87154017eec32f7847846cca9e39ba53c9a
2c55dea800c7c131d9f3e3ac8a411abf3ca2b4fa836a7376aba3e99c43a621ba
2e120707b7a0de913a32da3e779b975bd342672ca68c9aa373029f38c90cfb56
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
34dc221efcf66c277cfba9146dcf20933dc527c5baa0d4297f77573e1268e6b7
3865c0dbe6b11b3a32b8c600acaeda70bae7b1f8287d566bcc0613c217907f2c
39c7c602e0d57a569539f7e8e0b2d75a9f5aa9bb38d59782d2011d9e35c07d77
3a08ccb47c3e686e5e9ffc20db26e299425a975242225d505288ab69383e2700
3af9ba784e1e962d6fdb8ec57b6c9ac4158048ed2e75adb93d3ebb03cc7cc578
3b19be37f7406b9c3e0256afd4fbbcc57252777a1d8289bf4311ba5b5c59ca03
3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
42f2caf8c104f0aee5ca5cbc540c14ba7f90e5ca4e548c379e71389520a25702
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff
4460f1596174d06cca957fdaca2c71e1a377cf1d6f07ee4c75ffb3bf3fc97a03
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
4563823fd629a48517c7feb8bf33640e12440e08bdde7a172ce477c2ddfc9c4d
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b880eb424c63923c43ac898cce2712d9f952f7894bb5b3ea61f37589c72677c
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
51c012cf2461bf8b29f345373366183c7fd121579b6178e942be0b61d8c7da14
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
530ad95a8887f94dd3890b38205d8edb5de8be21a72c171d05c40198da7d3161
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5612d874ef0bbd2c4b465828a024e27a600edd583dda8f29d3a079ed2cb27650
5619783368ec5d53088632e2f5228ad05e1aa33de92273d501355eb7b42f7e20
563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1
59b122193996b704d97e25c4b10369a2c0e7c514dbef92ad01fafc8412f483dc
5b868a280d96941aab08a3afb8cb249906160ca8536f41df961058a9e292bb81
5fb3bdb7f966c852579fb6b0574517445d5b2d171c804d66227ee67b1bffca9c
608b4742e840e98757ce147a69e9c51bce390ecb572dfb7a1ec231748e05acdc
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
662ac6e22305dd4d0878fe53e642a36e1b6aa6ad02d4fb34d72e50fdf61f2742
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
6648009549b81e81582f3fb8345dd6305ee4a232fd4eac4fd803a78cb69b0c1a
671fca35d060e3ce06bbe0848b80e47be23f3322befbeb57bbce5d46994c846b
696be02dc60f1f621a22ae9a949076e48dd2ea52392329455714d1c11d75e2ba
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b05c95654b01ec9f166bd9804f4c71abcae1a42a90f4914922f214160351b81
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c38dc17dbebb7e00014f3ea1025d5bb245baff733b50069eff5403b5dfaeeb8
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7571db16348512fc55b35102ce3699733cf0882f4b4fb3e652fa8db700c07fb5
767c2f6c69bd4ad04353b55d51d851b3e12bdf31133d7e7d9b90caa828753c15
7713183ba1a38b1ea2be2d5f7d3d49dab7b8d468cf78a603e6517ffbd1f33d59
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39
7b9edd5c178307414393d9c8fed0f70239f029f533879c86dd052f298c2305ab
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7e0e7d1f269d674d7e0f04d805a5527cf4e0017a60abd430f0c8b32228dbd483
7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1
7ef80a6d25b51b7cccf581448df94d5a3ef2897ba51bb11d1f070c91ecc5adb9
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
81f1ccd0ee62a87a0b5c69783701c4c931701c48b977ee695857962a66ec3834
82bf029005528c74c01bf9c0a6ced2000ca12feaec4f0d32b6e49ca44da2f77a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
849032524598b6ff398f77a6bfc95235029778c3f6905e1459e53198077fb176
87a4360aaa319cb594fcff4fdb72b02ec294a9335541d6dc42a879e0a83ef8d8
891d1e8b1ca03e007c7565fb0791761184911527a8e1035d457ba0aff0f5eca1
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a2d4ea5b09c3b92ec593adfcf1f461f62a692910f782c0fb341a3ff5b0046c8
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e529657f179a77b9c630fe09fd235b174be1e048ca186cc91cad33ed907120c
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652
8e84fd9436924a2ecdb5162c25581384a82fca487b3b99f0d4d598a03a939c75
9295e23df9dda8bab5064223da0a9f153b07fd0ee6c6fc1ccb1ba0edb023a677
94144a7c3eec4bd1837ace267ee3f4027409e43c123627e2769575387584e3ab
9969c20b05385e44eef49078bb0fbffd8dd6081b90adf392fbcad9a894fa549a
9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d
9cbfbd3add1a547cf0ad66d9b79abac7bae67bb3e535da53c8e1fed16fd579f6
9e95c8fe340de5f72262c9e050f89073e802a98abeed6c5570d0baa107df15a1
9f0c785ba1945c5c419f212228f41d0ce8dbc5f0c67ab3340ebb984f4a97751a
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24
a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0cccf77c0be9203a74f22b2246442b26686c609215c33cbf548c6467970968a
a135f9454a9364f98e8613551c6e9a8e8aa1fd63069ecdc0b6bf6e3c4dcc3688
a17666882d5064d542b5b1a1c4f507680b4ee3007a50020535d660910396e85a
a2bda53bddeaff8b64f19715985ec9a5c532daf4d270412932be9352fee8fa24
a3d0f070d0358fa4b008809b6af48b74936113455ee5f68ee4df8135c2933090
a6221fce403db3b29a437d4b7be9ab8864ff6291db49cf2020cdf5b8e8d2c03a
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
aaadde89b0db2f97f270379b4762e025c85a1a4d8a4c9ae2421ab48198cc3ae6
ad386e83074906780dfa1feec2070ff6e11f15c07953ac3d8431300ae0ba175b
ae9ec49acaff45c6a341e9a552d546bd6fea845331c314261be35a40c37ddc7f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b15255d1612218e5bc547c6ce77b3390296ed9b451abbb82931d3e0526e4f337
b4bd5d9c925221dd7459384eda1f80dacef05d633d934f3086c9a9b5eb2021d3
bb37de03f271464fc1c239df22034bc840954dfefe4d0f5577f5929f4a1949e8
bc2d054ef4de79c1f0c982cc6439c6ef7385853321e8d7bb5091a0baf7fd6891
c1096c9eb664cf3e06bdde846fbcb8c17529dad9f8ce274814c87b08a59b0dfa
c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c4b28091ff95cc788e57d3be9cbf0505f5e4989dc2003a722b5fc8268203f02a
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cba14c6234bc12996d6c69aa8132df7219380e904708f0539025b37533dbd2d1
ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b
ced9b0ea22ea840022b12f0c8cf2a43ffd1a466c5e3199afbd0d7b794c7e03e5
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d08e4d1316d0e068b251be740c96ab3158e1df4749899ded57def07bc2728c83
d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9ce958515e4c42199afa5f6f985d7038047c2ca5821147d68fe3604b138e5aa
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df1a6759cb2c74060ccc1c84a6a3dda6eb96edba71eaf94b4c62586e7fa42575
e015f0e9637e5e41ed5f5c2f113ee8d6d55b68ad8242565d84915ab1bbf692ad
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e60407837f649e5523b3bca52a78d2b615254d7cb847c1f14246d3008b3221fd
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e97d38beead97b0809f85589a704ab3549867340d369d396a0bc88f627f74554
e9b5304539f129dec18fe03cce94b91635effef970a506cc86a132f8467be2f4
eab222df4af1514fcfc742a0eb9e01f5603d5e08f011e7edfc8a4b6711b98b8d
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ec0679a7cc0f9507525446465947769ff397c47edc17542fe15340b4119142b8
ed3dc50aa8e28ea856d113dfbd2bd12dbb09ceb4381f2bdf8dba7b14b2a00108
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fa40858bc00aa25239b434a313f9b30b4b604715b21395c0f278a3055cd31deb
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

www.dfonts.org Open in urlscan Pro 35.190.31.54 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

260 Requests

86 %HTTPS

30 %IPv6

71 Domains

107 Subdomains

77 IPs

9 Countries

3231 kBTransfer

8736 kBSize

80 Cookies

2 Outgoing links

Page URL History

Redirected requests

260 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.dfonts.org Open in urlscan Pro
35.190.31.54 Public Scan

Screenshot
Live screenshot

Full Image

260
Requests

86 %
HTTPS

30 %
IPv6

71
Domains

107
Subdomains

77
IPs

9
Countries

3231 kB
Transfer

8736 kB
Size

80
Cookies

260 HTTP transactions
3 data transactions