urlscan.io logo urlscan.io
SecurityTrails logo

faces.wtf Open in urlscan Pro
104.21.96.1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://faces.wtf/
Effective URL: https://faces.wtf/
Submission: On March 13 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 70 IPs in 5 countries across 49 domains to perform 292 HTTP transactions. The main IP is 104.21.96.1, located in and belongs to CLOUDFLARENET, US. The main domain is faces.wtf.
TLS certificate: Issued by WE1 on March 6th 2025. Valid for: 3 months.
This is the only time faces.wtf was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
22 104.21.96.1 13335 (CLOUDFLAR...)
33 151.101.131.42 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 151.101.65.194 54113 (FASTLY)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 52.210.9.111 16509 (AMAZON-02)
3 108.138.112.90 16509 (AMAZON-02)
1 2 2620:100:a00b... 19750 (AS-CRITEO)
3 5 3.33.220.150 16509 (AMAZON-02)
2 74.119.117.17 19750 (AS-CRITEO)
1 15 2606:4700:10:... 13335 (CLOUDFLAR...)
8 15 162.19.138.120 16276 (OVH OVH SAS)
2 34.95.69.49 396982 (GOOGLE-CL...)
59 142.251.41.2 15169 (GOOGLE)
1 108.138.106.108 16509 (AMAZON-02)
1 68.67.179.164 29990 (ASN-APPNEX)
4 23.201.174.84 16625 (AKAMAI-AS)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
6 52.18.207.0 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
1 3.233.167.98 14618 (AMAZON-AES)
2 104.18.34.190 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2602:803:c002... 26667 (RUBICONPR...)
1 18.238.63.180 16509 (AMAZON-02)
1 145.40.65.199 54825 (PACKET)
2 35.212.18.61 15169 (GOOGLE)
1 34.160.72.119 396982 (GOOGLE-CL...)
3 152.42.155.191 14061 (DIGITALOC...)
1 3.168.102.9 16509 (AMAZON-02)
1 2606:ae80:147... 26762 (CNVR-US-EAST)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
1 54.191.70.79 16509 (AMAZON-02)
4 4 68.67.181.102 29990 (ASN-APPNEX)
3 3 34.98.64.218 396982 (GOOGLE-CL...)
4 4 8.28.7.83 62713 (AS-PUBMATIC)
1 5 69.173.146.5 26667 (RUBICONPR...)
4 4 34.111.113.62 396982 (GOOGLE-CL...)
2 4 172.217.165.130 15169 (GOOGLE)
1 1 2620:112:f008... 26120 (RHYTHMONE)
2 2 2607:f350:3:2... 27630 (AS-XFERNET)
1 142.251.40.161 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2 98.82.156.207 14618 (AMAZON-AES)
8 142.250.65.174 15169 (GOOGLE)
2 2 3.226.233.195 14618 (AMAZON-AES)
1 1 178.250.7.11 44788 (ASN-CRITE...)
2 2 35.171.199.145 14618 (AMAZON-AES)
1 1 44.213.21.170 14618 (AMAZON-AES)
1 1 3.208.184.227 14618 (AMAZON-AES)
5 34.42.134.208 396982 (GOOGLE-CL...)
9 2607:f8b0:400... 15169 (GOOGLE)
7 142.251.40.194 15169 (GOOGLE)
3 2602:803:c001... 26667 (RUBICONPR...)
3 35.241.34.106 396982 (GOOGLE-CL...)
5 142.251.40.198 15169 (GOOGLE)
4 23.56.163.141 16625 (AKAMAI-AS)
2 23.200.197.55 16625 (AKAMAI-AS)
2 4 3.222.35.228 14618 (AMAZON-AES)
2 2607:f8b0:400... 15169 (GOOGLE)
1 18.238.49.67 16509 (AMAZON-02)
6 2600:9000:247... 16509 (AMAZON-02)
1 13.35.93.124 16509 (AMAZON-02)
12 2600:1f18:1ac... 14618 (AMAZON-AES)
2 34.194.3.3 14618 (AMAZON-AES)
1 13.226.94.42 16509 (AMAZON-02)
2 2600:9000:261... 16509 (AMAZON-02)
2 52.204.208.84 14618 (AMAZON-AES)
1 13.226.94.118 16509 (AMAZON-02)
6 130.211.115.4 396982 (GOOGLE-CL...)
1 68.183.103.129 14061 (DIGITALOC...)
1 104.18.3.52 13335 (CLOUDFLAR...)
1 35.71.139.29 16509 (AMAZON-02)
1 147.75.195.55 54825 (PACKET)
1 34.149.40.38 396982 (GOOGLE-CL...)
1 23.200.196.50 16625 (AKAMAI-AS)
292 70
22    104.21.96.1 (None, )

ASN13335 (CLOUDFLARENET, US)
faces.wtf
33    151.101.131.42 (San Francisco, United States)

ASN54113 (FASTLY, US)
hb.vntsm.com
1    2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
1    151.101.65.194 (San Francisco, United States)

ASN54113 (FASTLY, US)
hb-vntsm-com.global.ssl.fastly.net
1    2606:4700:4400::6812:291e (United States)

ASN13335 (CLOUDFLARENET, US)
cadmus.script.ac
1    2606:4700:20::681a:246 (United States)

ASN13335 (CLOUDFLARENET, US)
ad-delivery.net
1    2606:4700:10::6816:2f8e (United States)

ASN13335 (CLOUDFLARENET, US)
hb.vntsm.io
1    52.210.9.111 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-9-111.eu-west-1.compute.amazonaws.com
p.cpx.to
3    108.138.112.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-112-90.jfk50.r.cloudfront.net
c.amazon-adsystem.com
2    2620:100:a00b::12 (United States)

ASN19750 (AS-CRITEO, US)
gum.criteo.com
5    3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
2    74.119.117.17 (United States)

ASN19750 (AS-CRITEO, US)
mug.criteo.com
15    2606:4700:10::6816:445 (United States)

ASN13335 (CLOUDFLARENET, US)
id.hadron.ad.gt
a.ad.gt
ids.ad.gt
pixels.ad.gt
15    162.19.138.120 (Amsterdam, Netherlands)

ASN16276 (OVH OVH SAS, FR)
PTR: ns31533571.ip-162-19-138.eu
id5-sync.com
lb.eu-1-id5-sync.com
2    34.95.69.49 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.69.95.34.bc.googleusercontent.com
i.clean.gg
59    142.251.41.2 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f2.1e100.net
securepubads.g.doubleclick.net
pagead2.googlesyndication.com
1    108.138.106.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-108.jfk50.r.cloudfront.net
config.aps.amazon-adsystem.com
1    68.67.179.164 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
4    23.201.174.84 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-201-174-84.deploy.static.akamaitechnologies.com
secure.cdn.fastclick.net
1    2606:4700:10::6816:35ad (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.hadronid.net
1    2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.id5-sync.com
6    52.18.207.0 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-207-0.eu-west-1.compute.amazonaws.com
s.cpx.to
2    2607:f8b0:4006:80b::200e (United States)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
1    3.233.167.98 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-233-167-98.compute-1.amazonaws.com
tlx.3lift.com
2    104.18.34.190 (None, )

ASN13335 (CLOUDFLARENET, US)
elb.the-ozone-project.com
1    2606:4700:4400::ac40:994e (United States)

ASN13335 (CLOUDFLARENET, US)
mp.4dex.io
1    2602:803:c002:200::32 (United States)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
1    18.238.63.180 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-63-180.jfk52.r.cloudfront.net
aax.amazon-adsystem.com
1    145.40.65.199 (Secaucus, United States)

ASN54825 (PACKET, US)
PTR: omni-ny5-kmsweo
prebid.a-mo.net
2    35.212.18.61 (Washington, United States)

ASN15169 (GOOGLE, US)
PTR: 61.18.212.35.bc.googleusercontent.com
hb-api.omnitagjs.com
visitor.omnitagjs.com
1    34.160.72.119 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 119.72.160.34.bc.googleusercontent.com
pbs.optidigital.com
3    152.42.155.191 (New York, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
exchange.kueezrtb.com
1    3.168.102.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-168-102-9.jfk52.r.cloudfront.net
hb.yellowblue.io
1    2606:ae80:1471:1b::1780 (United States)

ASN26762 (CNVR-US-EAST, US)
proc.ad.cpe.dotomi.com
3    2606:4700:10::6816:545 (United States)

ASN13335 (CLOUDFLARENET, US)
p.ad.gt
1    54.191.70.79 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-191-70-79.us-west-2.compute.amazonaws.com
ids4.ad.gt
4    68.67.181.102 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 1040.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
3    34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com
u.openx.net
4    8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
5    69.173.146.5 (United States)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
pixel.rubiconproject.com
4    34.111.113.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com
pixel.tapad.com
4    172.217.165.130 (United States)

ASN15169 (GOOGLE, US)
PTR: lax30s03-in-f2.1e100.net
cm.g.doubleclick.net
1    2620:112:f008:200::101 (United States)

ASN26120 (RHYTHMONE, US)
d.turn.com
2    2607:f350:3:2569:0:10:0:c (United States)

ASN27630 (AS-XFERNET, US)
sync.go.sonobi.com
1    142.251.40.161 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f1.1e100.net
49df8c7b726f1f5265a4f8982841a893.safeframe.googlesyndication.com
1    2607:f8b0:4006:80e::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2606:4700:10::ac43:17ea (United States)

ASN13335 (CLOUDFLARENET, US)
seg.ad.gt
proton.ad.gt
2    98.82.156.207 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-98-82-156-207.compute-1.amazonaws.com
s.amazon-adsystem.com
8    142.250.65.174 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f14.1e100.net
fundingchoicesmessages.google.com
2    3.226.233.195 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-233-195.compute-1.amazonaws.com
match.prod.bidr.io
1    178.250.7.11 (France)

ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR)
dis.eu.criteo.com
2    35.171.199.145 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-199-145.compute-1.amazonaws.com
ice.360yield.com
1    44.213.21.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-213-21-170.compute-1.amazonaws.com
ce.lijit.com
1    3.208.184.227 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-184-227.compute-1.amazonaws.com
sync.ipredictive.com
5    34.42.134.208 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 208.134.42.34.bc.googleusercontent.com
edge.venatusmedia.com
9    2607:f8b0:4006:816::2001 (United States)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
7    142.251.40.194 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f2.1e100.net
googleads.g.doubleclick.net
3    2602:803:c001::200:164 (San Jose, United States)

ASN26667 (RUBICONPROJECT, US)
beacon-sjc2.rubiconproject.com
3    35.241.34.106 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 106.34.241.35.bc.googleusercontent.com
c.4dex.io
5    142.251.40.198 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f6.1e100.net
ad.doubleclick.net
4    23.56.163.141 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-163-141.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
2    23.200.197.55 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-200-197-55.deploy.static.akamaitechnologies.com
servedby.flashtalking.com
4    3.222.35.228 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-35-228.compute-1.amazonaws.com
fw.adsafeprotected.com
2    2607:f8b0:4006:822::2006 (United States)

ASN15169 (GOOGLE, US)
s0.2mdn.net
1    18.238.49.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-67.jfk52.r.cloudfront.net
ajs-assets.ftstatic.com
6    2600:9000:247b:5600:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
1    13.35.93.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-93-124.jfk50.r.cloudfront.net
agen-assets.ftstatic.com
12    2600:1f18:1aca:4280:46af:258a:9b81:4449 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dt.adsafeprotected.com
2    34.194.3.3 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-3-3.compute-1.amazonaws.com
d9.flashtalking.com
1    13.226.94.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-94-42.jfk52.r.cloudfront.net
cdn.flashtalking.com
2    2600:9000:261f:b400:a:deb0:3380:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.ad-score.com
2    52.204.208.84 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-208-84.compute-1.amazonaws.com
ad-events.flashtalking.com
1    13.226.94.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-94-118.jfk52.r.cloudfront.net
cdn.flashtalking.com
6    130.211.115.4 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 4.115.211.130.bc.googleusercontent.com
data.ad-score.com
1    68.183.103.129 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sync.kueezrtb.com
1    104.18.3.52 (None, )

ASN13335 (CLOUDFLARENET, US)
scripts.opti-digital.com
1    35.71.139.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
eb2.3lift.com
1    147.75.195.55 (Parsippany, United States)

ASN54825 (PACKET, US)
use1-sync.a-mo.net
1    34.149.40.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.40.149.34.bc.googleusercontent.com
u.4dex.io
1    23.200.196.50 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-200-196-50.deploy.static.akamaitechnologies.com
secure.flashtalking.com
Apex Domain
Subdomains		 Transfer
56 googlesyndication.com
49df8c7b726f1f5265a4f8982841a893.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 113
tpc.googlesyndication.com — Cisco Umbrella Rank: 181
261 KB
33 vntsm.com
hb.vntsm.com — Cisco Umbrella Rank: 30717
469 KB
29 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 229
cm.g.doubleclick.net — Cisco Umbrella Rank: 293
googleads.g.doubleclick.net — Cisco Umbrella Rank: 45
ad.doubleclick.net — Cisco Umbrella Rank: 153
377 KB
22 adsafeprotected.com
fw.adsafeprotected.com — Cisco Umbrella Rank: 971
static.adsafeprotected.com — Cisco Umbrella Rank: 692
dt.adsafeprotected.com — Cisco Umbrella Rank: 612
131 KB
22 ad.gt
id.hadron.ad.gt — Cisco Umbrella Rank: 1606
a.ad.gt — Cisco Umbrella Rank: 1435
p.ad.gt — Cisco Umbrella Rank: 1576
ids.ad.gt — Cisco Umbrella Rank: 1459
ids4.ad.gt — Cisco Umbrella Rank: 1534
seg.ad.gt — Cisco Umbrella Rank: 1839
pixels.ad.gt — Cisco Umbrella Rank: 1571
proton.ad.gt — Cisco Umbrella Rank: 2853
21 KB
22 faces.wtf
faces.wtf
580 KB
14 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 522
cdn.id5-sync.com — Cisco Umbrella Rank: 941
46 KB
13 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 521
token.rubiconproject.com — Cisco Umbrella Rank: 508
pixel.rubiconproject.com — Cisco Umbrella Rank: 428
beacon-sjc2.rubiconproject.com — Cisco Umbrella Rank: 2961
eus.rubiconproject.com — Cisco Umbrella Rank: 616
16 KB
10 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 722
71 KB
9 flashtalking.com
servedby.flashtalking.com — Cisco Umbrella Rank: 924
d9.flashtalking.com — Cisco Umbrella Rank: 1772
cdn.flashtalking.com — Cisco Umbrella Rank: 1148
ad-events.flashtalking.com — Cisco Umbrella Rank: 1249
secure.flashtalking.com — Cisco Umbrella Rank: 2482
21 KB
8 ad-score.com
js.ad-score.com — Cisco Umbrella Rank: 3135
data.ad-score.com — Cisco Umbrella Rank: 2669
284 KB
7 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 338
config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 681
aax.amazon-adsystem.com — Cisco Umbrella Rank: 450
s.amazon-adsystem.com — Cisco Umbrella Rank: 351
101 KB
7 cpx.to
p.cpx.to — Cisco Umbrella Rank: 12077
s.cpx.to — Cisco Umbrella Rank: 11179
8 KB
5 venatusmedia.com
edge.venatusmedia.com — Cisco Umbrella Rank: 12559
323 B
5 4dex.io
mp.4dex.io — Cisco Umbrella Rank: 2638
c.4dex.io — Cisco Umbrella Rank: 7077
u.4dex.io — Cisco Umbrella Rank: 2998
19 KB
5 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 279
secure.adnxs.com — Cisco Umbrella Rank: 486
5 KB
5 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 380
4 KB
5 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 469
mug.criteo.com — Cisco Umbrella Rank: 3655
dis.eu.criteo.com — Cisco Umbrella Rank: 8128
2 KB
4 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 463
1 KB
4 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 915
1 KB
4 kueezrtb.com
exchange.kueezrtb.com — Cisco Umbrella Rank: 2289
sync.kueezrtb.com — Cisco Umbrella Rank: 1912
3 KB
4 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 1160
106 KB
3 openx.net
u.openx.net — Cisco Umbrella Rank: 710
776 B
2 ftstatic.com
ajs-assets.ftstatic.com — Cisco Umbrella Rank: 1636
agen-assets.ftstatic.com — Cisco Umbrella Rank: 1365
32 KB
2 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 384
23 KB
2 360yield.com
ice.360yield.com — Cisco Umbrella Rank: 2899
1 KB
2 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 614
1 KB
2 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 902
1 KB
2 omnitagjs.com
hb-api.omnitagjs.com — Cisco Umbrella Rank: 4563
visitor.omnitagjs.com — Cisco Umbrella Rank: 1062
707 B
2 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 756
use1-sync.a-mo.net
1 KB
2 the-ozone-project.com
elb.the-ozone-project.com — Cisco Umbrella Rank: 2681
986 B
2 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 561
eb2.3lift.com — Cisco Umbrella Rank: 427
1 KB
2 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 956
561 B
2 clean.gg
i.clean.gg — Cisco Umbrella Rank: 1878
104 B
1 opti-digital.com
scripts.opti-digital.com — Cisco Umbrella Rank: 9861
1 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 897
485 B
1 lijit.com
ce.lijit.com — Cisco Umbrella Rank: 906
724 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37
106 KB
1 turn.com
d.turn.com — Cisco Umbrella Rank: 1100
443 B
1 dotomi.com
proc.ad.cpe.dotomi.com — Cisco Umbrella Rank: 2996
458 B
1 yellowblue.io
hb.yellowblue.io — Cisco Umbrella Rank: 1423
622 B
1 optidigital.com
pbs.optidigital.com — Cisco Umbrella Rank: 7739
248 B
1 hadronid.net
cdn.hadronid.net — Cisco Umbrella Rank: 1401
13 KB
1 vntsm.io
hb.vntsm.io — Cisco Umbrella Rank: 16048
467 B
1 ad-delivery.net
ad-delivery.net — Cisco Umbrella Rank: 989
1 KB
1 script.ac
cadmus.script.ac — Cisco Umbrella Rank: 1956
70 KB
1 fastly.net
hb-vntsm-com.global.ssl.fastly.net — Cisco Umbrella Rank: 14297
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 544
7 KB
0 rlcdn.com Failed
api.rlcdn.com Failed
292 49
Domain Requested by
46 pagead2.googlesyndication.com cadmus.script.ac
faces.wtf
pagead2.googlesyndication.com
33 hb.vntsm.com faces.wtf
hb.vntsm.com
cadmus.script.ac
22 faces.wtf faces.wtf
13 securepubads.g.doubleclick.net cadmus.script.ac
faces.wtf
13 id5-sync.com 8 redirects hb.vntsm.com
cdn.id5-sync.com
faces.wtf
12 dt.adsafeprotected.com faces.wtf
10 fundingchoicesmessages.google.com cadmus.script.ac
9 tpc.googlesyndication.com cadmus.script.ac
faces.wtf
9 ids.ad.gt 1 redirects faces.wtf
7 googleads.g.doubleclick.net cadmus.script.ac
6 data.ad-score.com faces.wtf
6 static.adsafeprotected.com faces.wtf
6 s.cpx.to cadmus.script.ac
faces.wtf
5 ad.doubleclick.net faces.wtf
5 edge.venatusmedia.com hb.vntsm.com
faces.wtf
5 match.adsrvr.org 3 redirects hb.vntsm.com
cadmus.script.ac
4 fw.adsafeprotected.com 2 redirects faces.wtf
4 eus.rubiconproject.com faces.wtf
cadmus.script.ac
4 cm.g.doubleclick.net 2 redirects faces.wtf
4 pixel.tapad.com 4 redirects
4 token.rubiconproject.com faces.wtf
cadmus.script.ac
4 image2.pubmatic.com 4 redirects
4 secure.adnxs.com 4 redirects
4 secure.cdn.fastclick.net faces.wtf
secure.cdn.fastclick.net
3 c.4dex.io cadmus.script.ac
3 beacon-sjc2.rubiconproject.com cadmus.script.ac
3 u.openx.net 3 redirects
3 p.ad.gt a.ad.gt
p.ad.gt
3 exchange.kueezrtb.com hb.vntsm.com
3 id.hadron.ad.gt hb.vntsm.com
cdn.hadronid.net
3 c.amazon-adsystem.com hb.vntsm.com
c.amazon-adsystem.com
2 ad-events.flashtalking.com faces.wtf
2 js.ad-score.com faces.wtf
2 cdn.flashtalking.com faces.wtf
2 d9.flashtalking.com faces.wtf
d9.flashtalking.com
2 s0.2mdn.net faces.wtf
cadmus.script.ac
2 servedby.flashtalking.com faces.wtf
2 ice.360yield.com 2 redirects
2 match.prod.bidr.io 2 redirects
2 s.amazon-adsystem.com 1 redirects c.amazon-adsystem.com
2 seg.ad.gt p.ad.gt
2 sync.go.sonobi.com 2 redirects
2 elb.the-ozone-project.com hb.vntsm.com
cadmus.script.ac
2 a.ad.gt cdn.hadronid.net
p.ad.gt
2 lb.eu-1-id5-sync.com hb.vntsm.com
cdn.id5-sync.com
2 i.clean.gg cadmus.script.ac
2 mug.criteo.com faces.wtf
2 gum.criteo.com 1 redirects
1 secure.flashtalking.com faces.wtf
1 u.4dex.io cadmus.script.ac
1 use1-sync.a-mo.net cadmus.script.ac
1 visitor.omnitagjs.com cadmus.script.ac
1 eb2.3lift.com cadmus.script.ac
1 scripts.opti-digital.com cadmus.script.ac
1 sync.kueezrtb.com cadmus.script.ac
1 agen-assets.ftstatic.com ajs-assets.ftstatic.com
1 ajs-assets.ftstatic.com faces.wtf
1 proton.ad.gt p.ad.gt
1 sync.ipredictive.com 1 redirects
1 ce.lijit.com 1 redirects
1 dis.eu.criteo.com 1 redirects
1 pixels.ad.gt p.ad.gt
1 www.googletagmanager.com p.ad.gt
1 49df8c7b726f1f5265a4f8982841a893.safeframe.googlesyndication.com cadmus.script.ac
1 pixel.rubiconproject.com 1 redirects
1 d.turn.com 1 redirects
1 ids4.ad.gt faces.wtf
1 proc.ad.cpe.dotomi.com secure.cdn.fastclick.net
1 hb.yellowblue.io hb.vntsm.com
1 pbs.optidigital.com hb.vntsm.com
1 hb-api.omnitagjs.com hb.vntsm.com
1 prebid.a-mo.net hb.vntsm.com
1 aax.amazon-adsystem.com c.amazon-adsystem.com
1 fastlane.rubiconproject.com hb.vntsm.com
1 mp.4dex.io hb.vntsm.com
1 tlx.3lift.com hb.vntsm.com
1 cdn.id5-sync.com faces.wtf
1 cdn.hadronid.net faces.wtf
1 ib.adnxs.com cadmus.script.ac
1 config.aps.amazon-adsystem.com c.amazon-adsystem.com
1 p.cpx.to hb.vntsm.com
1 hb.vntsm.io hb.vntsm.com
1 ad-delivery.net hb.vntsm.com
1 cadmus.script.ac hb.vntsm.com
1 hb-vntsm-com.global.ssl.fastly.net hb.vntsm.com
1 static.cloudflareinsights.com faces.wtf
0 api.rlcdn.com Failed hb.vntsm.com
292 87

This site contains no links.

Subject Issuer Validity Valid
faces.wtf
WE1		 2025-03-06 -
2025-06-04		 3 months crt.sh
*.vntsm.com
R10		 2025-02-18 -
2025-05-19		 3 months crt.sh
cloudflareinsights.com
WE1		 2025-02-27 -
2025-05-28		 3 months crt.sh
*.freetls.fastly.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-09-11 -
2025-10-13		 a year crt.sh
script.ac
E6		 2025-02-14 -
2025-05-15		 3 months crt.sh
ad-delivery.net
WE1		 2025-03-08 -
2025-06-06		 3 months crt.sh
hb.vntsm.io
WE1		 2025-02-28 -
2025-05-29		 3 months crt.sh
p.cpx.to
Amazon RSA 2048 M02		 2024-12-20 -
2026-01-18		 a year crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M03		 2024-11-19 -
2025-12-18		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-02-09 -
2025-05-10		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2024-04-23 -
2025-05-25		 a year crt.sh
id.hadron.ad.gt
WE1		 2025-01-16 -
2025-04-16		 3 months crt.sh
id5-sync.com
E5		 2025-03-01 -
2025-05-30		 3 months crt.sh
i.clean.gg
WR3		 2025-02-21 -
2025-05-22		 3 months crt.sh
*.g.doubleclick.net
WR2		 2025-02-26 -
2025-05-21		 3 months crt.sh
config.aps.amazon-adsystem.com
Amazon RSA 2048 M02		 2024-12-22 -
2026-01-21		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2025-02-21 -
2026-03-23		 a year crt.sh
secure.cdn.fastclick.net
DigiCert TLS RSA SHA256 2020 CA1		 2024-08-07 -
2025-08-07		 a year crt.sh
hadronid.net
WE1		 2025-01-20 -
2025-04-20		 3 months crt.sh
eu-1-id5-sync.com
R10		 2025-03-01 -
2025-05-30		 3 months crt.sh
s.cpx.to
Amazon RSA 2048 M03		 2024-12-20 -
2026-01-18		 a year crt.sh
*.google.com
WR2		 2025-02-26 -
2025-05-21		 3 months crt.sh
a.ad.gt
WE1		 2025-01-31 -
2025-05-01		 3 months crt.sh
*.3lift.com
Amazon RSA 2048 M02		 2025-02-10 -
2026-03-11		 a year crt.sh
the-ozone-project.com
WE1		 2025-02-09 -
2025-05-10		 3 months crt.sh
mp.4dex.io
WE1		 2025-02-22 -
2025-05-23		 3 months crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2025-03-04 -
2026-04-03		 a year crt.sh
alt1-3ps.amazon-adsystem.com
Amazon RSA 2048 M03		 2025-01-22 -
2026-02-20		 a year crt.sh
*.a-mo.net
R10		 2025-03-01 -
2025-05-30		 3 months crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA		 2024-07-02 -
2025-08-01		 a year crt.sh
pbs.optidigital.com
WR3		 2025-02-10 -
2025-05-12		 3 months crt.sh
*.kueezrtb.com
Sectigo RSA Domain Validation Secure Server CA		 2024-09-05 -
2025-09-14		 a year crt.sh
*.yellowblue.io
Amazon RSA 2048 M02		 2025-02-16 -
2026-03-17		 a year crt.sh
ad.cpe.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2024-06-17 -
2025-07-19		 a year crt.sh
p.ad.gt
WE1		 2025-02-02 -
2025-05-04		 3 months crt.sh
ids.ad.gt
WE1		 2025-03-12 -
2025-06-10		 3 months crt.sh
*.ad.gt
Amazon RSA 2048 M03		 2025-02-08 -
2026-03-09		 a year crt.sh
*.google-analytics.com
WR2		 2025-02-26 -
2025-05-21		 3 months crt.sh
seg.ad.gt
WE1		 2025-03-01 -
2025-05-30		 3 months crt.sh
pixels.ad.gt
WE1		 2025-03-01 -
2025-05-30		 3 months crt.sh
s.amazon-adsystem.com
Amazon RSA 2048 M01		 2025-02-17 -
2026-02-03		 a year crt.sh
*.venatusmedia.com
R10		 2025-02-24 -
2025-05-25		 3 months crt.sh
proton.ad.gt
WE1		 2025-03-03 -
2025-06-01		 3 months crt.sh
tpc.googlesyndication.com
WR2		 2025-02-26 -
2025-05-21		 3 months crt.sh
c.4dex.io
WR3		 2025-02-12 -
2025-05-13		 3 months crt.sh
*.doubleclick.net
WR2		 2025-02-26 -
2025-05-21		 3 months crt.sh
servedby.flashtalking.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-07-17 -
2025-07-17		 a year crt.sh
fw.adsafeprotected.com
Amazon RSA 2048 M02		 2025-01-28 -
2026-02-27		 a year crt.sh
*.ftstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-02-10 -
2026-03-11		 a year crt.sh
static.adsafeprotected.com
Amazon RSA 2048 M02		 2024-04-25 -
2025-05-24		 a year crt.sh
dt.adsafeprotected.com
Amazon RSA 2048 M02		 2025-03-10 -
2026-04-09		 a year crt.sh
*.flashtalking.com
Amazon RSA 2048 M02		 2024-07-30 -
2025-08-28		 a year crt.sh
*.ad-score.com
Go Daddy Secure Certificate Authority - G2		 2024-09-05 -
2025-10-07		 a year crt.sh
opti-digital.com
WE1		 2025-01-25 -
2025-04-25		 3 months crt.sh
u.4dex.io
WR3		 2025-01-25 -
2025-04-25		 3 months crt.sh
cdn.flashtalking.com
DigiCert TLS RSA SHA256 2020 CA1		 2025-02-25 -
2026-02-25		 a year crt.sh

This page contains 30 frames:

Primary Page: https://faces.wtf/
Frame ID: D74593D90BAFF42436BE11AF1424ADA5
Requests: 124 HTTP requests in this frame

Frame: https://c.amazon-adsystem.com/aax2/apstag.js
Frame ID: 79ADDF43E19B9DBE637E54FADDEDBF7B
Requests: 36 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 33EDC95B28FA648ED8FCD846F729E129
Requests: 1 HTTP requests in this frame

Frame: https://49df8c7b726f1f5265a4f8982841a893.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html
Frame ID: 81CB52B3921A6606E975D834DE5B7ED4
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-mediagrid_n-Ogury_rx_snb_n-MediaNet_smrt_n-inmobi_n-adYouLike_n-smaato_rbd_an-db5_3lift&dcc=t
Frame ID: 86DDD5896348E2EA42CF37932F27E548
Requests: 1 HTTP requests in this frame

Frame: https://proton.ad.gt/join-ad-interest-groups.html
Frame ID: C1077BBCE2DC85B342E66A716C1DA48F
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv7NJDl_oOY1sCabR9J2fm38zPCAhZXdZmxBHT6u2xXwcdNkknRAeaUZtnBNctw7ePNf0kvSpJ8_LpHAEweYKEwES_VFMsyCphqoniUQbypHb9Zc51TIkwTcwLSykxdwMP0oTTkkrGuzDxuEx0lwIwFzvnxlTHk0sof_lbPD69vfimY4uAyl1bDR3e3CAkoNsYiaKNCEaMrOmM-YBS27udX_28OI3bwe6VfPMbQDS9ABTW2VkfDGWoe4H481DTtmfVGwQzVGpW97CTOZ5eDP9VWIRU_rWyuXJG2cklZOZWHjftbBXLByHKIRz_A7bBScS7U73uV58kasXSlFzLAkt9MPrccRtc1Qs2E41bhTka4et2PuC-UCGZnix0b49bYXVtiSuUj7zMGoR4C6W9S-PzCQMlzXm-qBK870PRfSYNeQqU1ZBnALSCB_KZzxg&sai=AMfl-YQlqaY8vc8jusP7DWAcQQzlysu2HGiTKbfyK0sndQ-7f71sIOs9NLamnD5r_hMRg7P8A2YK2K2TPlL7VeUKD-ANFi2orWpbuhMgzZzoHlXYrhdF7lCaU--pCsxyzuOPE4iHE56ocOgSRvMgbSw&sig=Cg0ArKJSzHx5dpHRvs5JEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: C74313AB7600F1B81AE292AD2D02D7B9
Requests: 30 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPaoDBCdjaSiBRjO2pqyAjAB&v=APEucNUPo8puXjO_xPe8tlRUbHo5JsjAq-uGPYO9V96gAc0lfv0DXwOv8CbbzcEiMRGiYIx9Rzx1-t54NeoCyjcfBY47ervXGyBSEb7VVNhqqxClCSKSKDo
Frame ID: C59060B0528DB2AC5B7261F02E6C3EBE
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstAblWXKJnQgDsTbv8tlfOPS8XKJmwd-uncZTDGiLnERfdlfL3osDXekF7MOb7nZGJ82j0ghpPDTaKk4_RNjgwWhx6NqK22ubYoivIM1F-IrrForGyVy9uP9gjnKBTKVJWuqKc3c3j0qZyXMhV9FbKhmWMfkYevhctW8cvGwN31rMepCOpT9r7wxOdfKGmrXQGTz4_3FXoyRmFqiUmaEOfTTS3fzRh0vZqI3DuDMFtsVHei2MRwvUll3q2DfRjxpLZP1i-WiZYE9Xfd1zWDKwuxMgW37yWnJTphiI91SCkhm51IEaLcFWmD8IekHrkO5fCIMZ30m7QB-nLAPdLsgNDP82jZo-agJZ_a1FGjfqe2xHDo5Q1VgkH0vnImG1hg7qINT8wxhfQNLkRV6QwbYTSPrDJCW8Z6CA6PMROejYaO76XvZMJJc_hfOmQ3Dw&sai=AMfl-YRjLrBI1KpI7EKbTKeWbsWPF8nnx6OSmurXie6046Z0ZBTGFvfvKpuWxQxG6Od7sTvc5cinQ9hBXWB15J7pNhjNwLSMc-uwA0xVtSjiByjEXEV2oYAs1cEaBp7yYKIOBDboQJphOhTs-VGDgLU&sig=Cg0ArKJSzLGfYElv6WHcEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: FD9B906F84C8667F197937663067032D
Requests: 30 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPaoDBCdjaSiBRjO2pqyAjAB&v=APEucNXqEBIyzRneuYwf6MX37u7gz1_0MGFnxNEscyVgDW-bTnp06bG34JbJrcFHaiXAuIVvDWwwq3FBCL58Bc9ZCyof7v6BguKgBQAjQrOKMJUmZPiMvOI
Frame ID: 4DA5AFAAD66F8C5238B0DD47DBC01942
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvqOOAxrIkYNUAcaj10Bnn0SBsk1MCbP3qiNdraossNfGhYF__psFajbdkThrGUdd-YDoJSvpWy9Ngj274XFa7RCwhNXpLOMHnsWwzD-C1d0H_YrUECXfqSNWFot_aHTEk06Lo40WiKl2iockYa0d-QS3ta314OrlEuOFMt_q-z7TeQcqjqH5XGFbBEACjJFe0N7_4fMp1VTKIF0K0RqCikgEzmjzllA4Y_aXfPKfQojsGISCnoKVkRk51rMaHNf_3kN_I88Pv2xI9qa_b_h2bm2iXi6NCR2hzRpbsGlawkFf3rfuUsrdWgq0dUFs0w3qCQZy7jN2PZA8tDmBvD039KtM84f9zQQS0j9RtA7hICmfqslpe2aiW3_uSvjs2BPZ2DLq_9Rh9LWVQf2ED4U8wObEVRYG9TfRQm4P8W68kssnkfr_JHS03lxkVcxPIZU3HesO2tRQ&sai=AMfl-YSCG3PFwsK8KUtK4hJ7oTPih0IbPg2uHZtiAe83O2AY7vJxBtunMhpaoLWwm2XESbk0vn6QX-HfsVYaOkDSgee6znnU7ygWlMCwWqCRXWhZzQRQpjwYiMwTT-0g3nXFAo-Z8CfAHOGBhfN3704&sig=Cg0ArKJSzNgmuFhJ0SpwEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 4659585C04A5047A7964C56A69C79953
Requests: 48 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARi7j9OzAjAB&v=APEucNXC5_S5U8m9Xby8PRpexjNLFjsAHaClAGxKW9iiDT2MqF2Nhs5KMztx9-hqscyUdFofVHz9gVke8ibBYbhWXTYRdK6tOreRyRAvnvcTRrAvuP3wgzo
Frame ID: C7F018A88BE9AC7E2C98BF1C063C4875
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=0&geo=na&co=us
Frame ID: 3B95CEA24722797DFD184EB97198091B
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=0&geo=na&co=us
Frame ID: 1135541CF790F3AEC93804B0F4A71CBD
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=0&geo=na&co=us
Frame ID: D774AB5F36B2953D7BF001F98941376A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 70C86D23C083660C430BA47D370C5134
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 5A1C7A44A34A0A61DA777F98016EF6DB
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 9E02242D0B46553A0794AA39F2169E74
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.4.js
Frame ID: 06DF2F446B60CEA3E9469CBAFEB7F861
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.4.js
Frame ID: EF44E0B9484197990EC752E4AD7F9501
Requests: 1 HTTP requests in this frame

Frame: https://cdn.flashtalking.com/172799/5204940/index.html
Frame ID: 97DA923AC4857675EEB28F4862F85F35
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 971920F936514C04CF5DFF7672679388
Requests: 1 HTTP requests in this frame

Frame: https://sync.kueezrtb.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: 61E2E92E070D09FEBE32E406E28EAD5E
Requests: 1 HTTP requests in this frame

Frame: https://scripts.opti-digital.com/js/presync.html?endpoint=optidigital
Frame ID: 396FA6FA54FE78A635A6A7B6A0E05DBC
Requests: 1 HTTP requests in this frame

Frame: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&gpp=&gpp_sid=&pubcid.org=aed0aebb-d34e-4d33-824f-53231927c1cc&adserver.org=f7f272c4-ba58-4f19-bcf7-2852999b8cd8&audigent.com=0001yum0eabkba98bciae6gibddj96ldclf786khdaabackkc2jl&publisherId=OZONEVEN0005&siteId=1500000649&cb=1741898953660&bidder=ozone
Frame ID: EE22E06E3F706BF24D7325BE6074CF27
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 41E2C3E922355F71167E6D69940E0E1A
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 03382B4E328EAEB497C50539E134D12B
Requests: 1 HTTP requests in this frame

Frame: https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4
Frame ID: 6575A43191F59FA3C1FBBB860468426D
Requests: 1 HTTP requests in this frame

Frame: https://use1-sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CtUBSglmYWNlcy53dGZSC2Fhcy04NGY0N2I4WghwYmExLjMuNGoJZmFjZXMud3Rm-gEGOS4yOS4w6AIBiAPJic2-BqgDP-oDJGUzMDY2YjRhLWU0NTEtNDU4YS1hZTMxLTI1MGYxYWM3NDA4N6IEEmh0dHBzOi8vZmFjZXMud3RmL6oEA0RDSLIFA1VTROoFB2Rlc2t0b3D6BQNueTXABgDIBgGqBwN3ZWLKBwlmYWNlcy53dGbgBwGCCAlmYWNlcy53dGaKCAZjaHJvbWWZCCAAAAAACEAA
Frame ID: EA266C8D68D00497CA17E09F070F76A3
Requests: 1 HTTP requests in this frame

Frame: https://u.4dex.io/usync.html?it=adg-pb-clt&lang=en&publisher_id=1090&website_name=faces-wtf
Frame ID: 81E99AD46FC90FA683C38678B76E3897
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Faces - Unravel the Celebrity Blends

Page URL History Show full URLs

  1. http://faces.wtf/ HTTP 307
    https://faces.wtf/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Page Statistics

292
Requests

93 %
HTTPS

29 %
IPv6

49
Domains

87
Subdomains

70
IPs

5
Countries

2759 kB
Transfer

9612 kB
Size

275
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://faces.wtf/ HTTP 307
    https://faces.wtf/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 60
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Ffaces.wtf%2F&domain=faces.wtf&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=cQFzT3w4bGpzdFAxMDE0UXVjbkhZYStFVUM1dno5R0ZybEpNVENqWXU1Z01jYzNGYjU3T2NycmROVjU1cjBNbzhrclFPdWsxMzA1RmhVYnFJMTB5R2k2L1l4akE5SERPcjZOZnc3NmlWeXZKMHdqcU9NaVRwSWVvRVpoYktBQ0xxeWlhODNkSnNyWE9jOVREL2pzbEpQNURxakRFaDdWWDBDQU5KWTc4Uk81aGJhaGRMU0hXMExta0RyRHlPQXJZdDVEVEJnOS85d0F1QWV4ZndiVHdNeS9mUm9YcWEzZHhkK29Pa0RjUnY4bFJsYmxFUGZpdGRNN202N0lheFNWcHBCUmxnfA&cppv=2
Request Chain 106
  • https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&adnxs_id=$UID&gdpr=0 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3DAU1D-0100-001741898953-EIBAPF3G-CJXT%26adnxs_id%3D%24UID%26gdpr%3D0 HTTP 302
  • https://ids.ad.gt/api/v1/match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&adnxs_id=4240468663692882447&gdpr=0
Request Chain 107
  • https://u.openx.net/w/1.0/cm?id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3DAU1D-0100-001741898953-EIBAPF3G-CJXT%26auid%3DAU1D-0100-001741898953-EIBAPF3G-CJXT HTTP 302
  • https://u.openx.net/w/1.0/cm?cc=1&id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3DAU1D-0100-001741898953-EIBAPF3G-CJXT%26auid%3DAU1D-0100-001741898953-EIBAPF3G-CJXT HTTP 302
  • https://ids.ad.gt/api/v1/openx?openx_id=65dbebb1-3a93-4537-b529-cabaa4485c66&id=AU1D-0100-001741898953-EIBAPF3G-CJXT&auid=AU1D-0100-001741898953-EIBAPF3G-CJXT
Request Chain 108
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001741898953-EIBAPF3G-CJXT HTTP 302
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001741898953-EIBAPF3G-CJXT HTTP 302
  • https://ids.ad.gt/api/v1/pbm_match?pbm=8255A0EB-E98C-4BA0-AD19-90E39EB92532&id=AU1D-0100-001741898953-EIBAPF3G-CJXT
Request Chain 110
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001741898953-EIBAPF3G-CJXT&gdpr=0 HTTP 302
  • https://ids.ad.gt/api/v1/t_match?tdid=f7f272c4-ba58-4f19-bcf7-2852999b8cd8&id=AU1D-0100-001741898953-EIBAPF3G-CJXT
Request Chain 111
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3185&partner_device_id=AU1D-0100-001741898953-EIBAPF3G-CJXT&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001741898953-EIBAPF3G-CJXT%26tapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3185&partner_device_id=AU1D-0100-001741898953-EIBAPF3G-CJXT&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001741898953-EIBAPF3G-CJXT%26tapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=7b808386-ded4-4fa0-9901-37f48422813b%252Chttps%25253A%25252F%25252Fids.ad.gt%25252Fapi%25252Fv1%25252Ftapad_match%25253Fid%25253DAU1D-0100-001741898953-EIBAPF3G-CJXT%252526tapad_id%25253D7b808386-ded4-4fa0-9901-37f48422813b%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=f7f272c4-ba58-4f19-bcf7-2852999b8cd8&ttd_puid=7b808386-ded4-4fa0-9901-37f48422813b%2Chttps%253A%252F%252Fids.ad.gt%252Fapi%252Fv1%252Ftapad_match%253Fid%253DAU1D-0100-001741898953-EIBAPF3G-CJXT%2526tapad_id%253D7b808386-ded4-4fa0-9901-37f48422813b%2C HTTP 302
  • https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&tapad_id=7b808386-ded4-4fa0-9901-37f48422813b
Request Chain 113
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODI0MTY1OC90LzA/url/https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Famo_match%3Fturn_id%3D%24!%7BTURN_UUID%7D%26id%3DAU1D-0100-001741898953-EIBAPF3G-CJXT HTTP 302
  • https://ids.ad.gt/api/v1/amo_match?turn_id=7017034605181824636&id=AU1D-0100-001741898953-EIBAPF3G-CJXT
Request Chain 114
  • https://sync.go.sonobi.com/us?https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&uid=[UID]&gdpr=0 HTTP 302
  • https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&uid=e4c0b503-d2ff-4105-b499-91ca4139a2d6&gdpr=0
Request Chain 115
  • https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001741898953-EIBAPF3G-CJXT HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTc0MTg5ODk1My1FSUJBUEYzRy1DSlhU
Request Chain 116
  • https://pixel.rubiconproject.com/token?pid=34010&customParamenters HTTP 302
  • https://s.cpx.to/sync?dsp=rubicon&dsp_uid=M87TNUK5-15-JGCE&customParamenters=
Request Chain 117
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&google_tc= HTTP 302
  • https://s.cpx.to/sync?dsp_uid=CAESEC04iH2Lg5h0oWMSxSUVAZo&dsp=dbm&google_cver=1
Request Chain 118
  • https://u.openx.net/w/1.0/cm?id=f0f39a70-2c21-4d5d-af4b-7350637edcd5&r=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3DOPENX%26dsp_uid%3D%7BOPENX_ID%7D HTTP 302
  • https://s.cpx.to/sync?dsp=OPENX&dsp_uid=0ca6dec7-8fb7-46c4-8444-2646b2a08ce0
Request Chain 119
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Ffire.js%3Fdsp%3Dapp_nexus%26dsp_uid%3D%24UID%26pid%3D13058%26url%3Dhttps%253A%252F%252Ffaces.wtf%252F%26hn_ver%3D95%26fid%3Db9ccaa25-5024-4d90-a77c-f32c7ca17d5a%26cdl%3D1391%26dsp%3DTTD%26dsp_uid%3Df7f272c4-ba58-4f19-bcf7-2852999b8cd8 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Ffire.js%253Fdsp%253Dapp_nexus%2526dsp_uid%253D%2524UID%2526pid%253D13058%2526url%253Dhttps%25253A%25252F%25252Ffaces.wtf%25252F%2526hn_ver%253D95%2526fid%253Db9ccaa25-5024-4d90-a77c-f32c7ca17d5a%2526cdl%253D1391%2526dsp%253DTTD%2526dsp_uid%253Df7f272c4-ba58-4f19-bcf7-2852999b8cd8 HTTP 302
  • https://s.cpx.to/fire.js?dsp=app_nexus&dsp_uid=4240468663692882447&pid=13058&url=https%3A%2F%2Ffaces.wtf%2F&hn_ver=95&fid=b9ccaa25-5024-4d90-a77c-f32c7ca17d5a&cdl=1391&dsp=TTD&dsp_uid=f7f272c4-ba58-4f19-bcf7-2852999b8cd8
Request Chain 120
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID HTTP 302
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID HTTP 302
  • https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=8255A0EB-E98C-4BA0-AD19-90E39EB92532
Request Chain 135
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-mediagrid_n-Ogury_rx_snb_n-MediaNet_smrt_n-inmobi_n-adYouLike_n-smaato_rbd_an-db5_3lift HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-mediagrid_n-Ogury_rx_snb_n-MediaNet_smrt_n-inmobi_n-adYouLike_n-smaato_rbd_an-db5_3lift&dcc=t
Request Chain 137
  • https://id5-sync.com/i/258/8.gif?o=api&id5id=ID5*konx_AiLKoSEYHOrxPwIv_V5Gu7rAq6EWfo_VZ86izwCreGa_Xu9Ebw3stIV9iSz&gdpr_consent=undefined&gdpr=false HTTP 302
  • https://match.prod.bidr.io/cookie-sync/id5?us_privacy= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/id5?us_privacy=&_bee_ppp=1 HTTP 303
  • https://id5-sync.com/k/155.gif?puid=AACwp07PpooAABvauAIGtw&id5AccountNum=155&numCascadesAllowed=9 HTTP 302
  • https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F258%2F203%2F6%2F3.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://id5-sync.com/c/258/203/6/3.gif?puid=402f6467-b4f1-400e-b69a-0ea59db406ce&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F258%2F108%2F5%2F4.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/258/108/5/4.gif?puid=7b808386-ded4-4fa0-9901-37f48422813b&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fid5-sync.com%2Fc%2F258%2F434%2F4%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&consent= HTTP 302
  • https://id5-sync.com/c/258/434/4/5.gif?puid=e4c0b503-d2ff-4105-b499-91ca4139a2d6&gdpr=0&gdpr_consent= HTTP 302
  • https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-5c01r2HrSSOKsmZjFslyUpPbI0zob0n-EP6YONBK8Q&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F258%2F124%2F3%2F6.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://ice.360yield.com/ul_cb/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-5c01r2HrSSOKsmZjFslyUpPbI0zob0n-EP6YONBK8Q&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F258%2F124%2F3%2F6.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/cq/258/124/3/6.gif?puid=f4892ac6-d577-4372-9a12-2ac1476d9397&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=85&3pid=AACwp07PpooAABvauAIGtw&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F258%2F1241%2F2%2F7.gif%3Fpuid%3D%5BSOVRNID%5D%26gdpr%3D0%26gdpr_consent%3D&s=id5 HTTP 302
  • https://id5-sync.com/c/258/1241/2/7.gif?puid=KUihALZHgTw-C69LTc-pkxE4&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=id5&cspid=18&cb=&redirect=https%3A%2F%2Fid5-sync.com%2Fc%2F258%2F796%2F1%2F8.gif%3Fpuid%3D%24%7BADELPHIC_CUID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/258/796/1/8.gif?puid=519b468e-5426-4604-b143-04047cdb1286&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/k/264.gif?puid=f7f272c4-ba58-4f19-bcf7-2852999b8cd8&ttl=%%TTL%%
Request Chain 242
  • https://fw.adsafeprotected.com/rfw/st/2388769/85746127/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1019977296&ias_pubId=19116&ias_chanId=8&ias_placementId=22224013572&bidurl=https://faces.wtf/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0g6wEQB0ZtEPt6cpcjN1jx1&adsafe_url=https%3A%2F%2Ffaces.wtf%2F&adsafe_type=abedfq&adsafe_jsinfo=,id:23bf21b3-d8ef-915e-b22c-089decdecd8a,c:6JMM0p,sl:inView,em:true,fr:true,thd:1,mn:jsserver-primary-6f4c968599-cbvk9,rg:va,pt:1-5-15,wc:400.400.1600.1200,ac:445.456.300.600,am:sp,cc:400.400.300.600,piv:100,obst:0,th:0,reas:,mu:10000,br:c,bru:c,an:n,oam:0,mtim:327,mot:0,app:0,maw:0,tdt:s,fm:uFmmva4+11%7C121111%7C121112%7C1211131%7C1211132%7C1211133%7C1211134%7C121114%7C121115%7C121116%7C121117%7C12112%7C12113%7C12114%7C12115%7C12116%7C12117%7C12118%7C122%7C13%7C14%7C15%7C16%7C17%7C18*.2388769-85746127%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3,idMap:18*,pl:CV8L.CV8L.CV8L.CV8L.CV8L,rmeas:1,rend:1,renddet:IMG.qs,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:367,oid:a08684b5-004c-11f0-a54a-86e0023098d4,v:19.8.578,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/skeleton.js?ias_xappb=
Request Chain 244
  • https://fw.adsafeprotected.com/rfw/st/2388769/85746127/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1019977296&ias_pubId=19116&ias_chanId=8&ias_placementId=22224013572&bidurl=https://faces.wtf/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0hM5HuQTJ46FaPZm1e1-tBr&adsafe_url=https%3A%2F%2Ffaces.wtf%2F&adsafe_type=abedfq&adsafe_jsinfo=,id:c026729b-c97e-8018-f342-f420d7362d04,c:6JMM17,sl:outOfView,em:true,fr:true,thd:1,mn:jsserver-primary-6f4c968599-64gg9,rg:va,pt:1-5-15,wc:400.400.1600.1200,ac:1655.456.300.600,am:sp,cc:400.400.300.600,piv:0,obst:0,th:0,reas:l,mu:10000,br:c,bru:c,an:n,oam:0,mtim:392,mot:0,app:0,maw:0,tdt:s,fm:uFmmvac+11%7C121111%7C121112%7C1211131%7C1211132%7C1211133%7C1211134%7C121114%7C121115%7C121116%7C121117%7C12112%7C12113%7C12114%7C12115%7C12116%7C12117%7C12118%7C122%7C13%7C14%7C15%7C16%7C17%7C181%7C182%7C183%7C184%7C19*.2388769-85746127%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3,idMap:19*,pl:CV8L.CV8L.CV8L.CV8L.CV8L,rmeas:1,rend:1,renddet:IMG.qs,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:401,oid:a086847b-004c-11f0-8f8d-ee927cd9b020,v:19.8.578,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/skeleton.js?ias_xappb=

292 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
faces.wtf/
Redirect Chain
  • http://faces.wtf/
  • https://faces.wtf/
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1716f46643cca9cf4558a3a3e659716634f1f803334e5fd085316fd6cecb520
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
91fe657ea81b8da2-MIA
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 13 Mar 2025 20:49:11 GMT
link
</_next/static/css/e825c0e96f23ce71.css>; rel="preload"; as=style
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A9U6YVP%2FeoyBN%2FdXF%2FWpKOoilpL9vd%2BkOwTc0W%2Bka3ermGJ8qFY0us6RJmUjhOnJQtCZ5t9%2BynGX853SYpclPwecWP0C8VWt3fwXALT%2BznFWh9bgRkzrdhntSHE%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfCacheStatus;desc="DYNAMIC"
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

Location
https://faces.wtf/
Non-Authoritative-Reason
HttpsUpgrades
e825c0e96f23ce71.css
faces.wtf/_next/static/css/ 		16 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/css/e825c0e96f23ce71.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0583928e8a0e6d838cc8d965fd74e8b2f59f4fad014fbf6919d1229ea33fd8e9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"1e7ec880da3b01c25fe8695fb428c7ec"
age
3395
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i%2Bv6F%2FqbAyrXVdMjS6aPon4XY4HyHX3iHL1h3bVRuOQ1TeSuAMhMwyYL4upxTU1XANnV8XplfUQ%2FNMzqHVubF4NaUBHuBwFYBeEvJK3N8064o5Jd%2BztRnMh9I40SHxNpLiBJUEQyo3A%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
91fe657f281c8da2-MIA
access-control-allow-origin
*
server
cloudflare
index.js
hb.vntsm.com/v4/live/vms/sites/faces.wtf/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/sites/faces.wtf/index.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d1c616a3c0e6b1989605bc5959a0cf9a1248051e49d158d8179e693e428eac49
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"0aae40d300d137d9d67b90efdbb58da3"
x-amz-version-id
sJNRr3B88JnCVD6gPlEmQcnxMoeTggyy
age
3233
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:11 GMT
last-modified
Fri, 07 Mar 2025 16:51:07 GMT
vary
Accept-Encoding
x-served-by
cache-dub4333-DUB, cache-mia-kmia1760048-MIA
content-type
text/javascript
x-amz-id-2
XWeDeZVqL480jaLyLDYCvhcOUT8IeTrYBjzIq+1WoEWGmKUCvX00LQmCJZ2uIJNRtjPQawNfm4U=
x-cache-hits
34, 8
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.732516,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
13065
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
cd0918d767a3fa86-s.p.woff2
faces.wtf/_next/static/media/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/media/cd0918d767a3fa86-s.p.woff2
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
38f5657034c309a5f28063340d3040713f51be3b4ccd08025354ef9ce7d30309
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Origin
https://faces.wtf
Referer
https://faces.wtf/

Response headers

cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
REVALIDATED
etag
"53812665ae9e4396668646c5a33d42c1"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7YJf5fNtGvmsxTNS%2F1FmPglXD3mnaZ73Ka%2BlJf%2FY1LMdROH2hFNVP55LlQYTzv8vWzmUCaYMmY1LytMnUK7TFg5yuGdd3ifKVACsh1pwjeSHTFWkwIrdRfA88vo%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
cf-ray
91fe657f98208da2-MIA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
35404
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
font/woff2
vary
Accept-Encoding
server
cloudflare
92f44bb82993d879-s.p.woff2
faces.wtf/_next/static/media/ 		32 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/media/92f44bb82993d879-s.p.woff2
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a36029ae3decd7c3a7063696bb3152ef53af5081cf8393e2d721531bcd63fbf6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Origin
https://faces.wtf
Referer
https://faces.wtf/

Response headers

cf-cache-status
HIT
etag
"7afe74dfacfedb20269f81d7322f8c45"
age
3395
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tSMAjJx%2B8FqtyJlpweyBIh4MpawLgMgdOwcr0F%2B8D%2Bmp9YVZkVN6h2aQu7Kcw6qvfappSk5QKucA24MWZvinpw6nHeRALMkmX1SjswQ5qrdWoAQdcDHE4n%2FTOsp52tO4OZYd7EAy2CQ%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
font/woff2
vary
Accept-Encoding
cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
91fe657f98218da2-MIA
accept-ranges
bytes
access-control-allow-origin
*
content-length
32836
server
cloudflare
webpack-7d287dd906ad6643.js
faces.wtf/_next/static/chunks/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/chunks/webpack-7d287dd906ad6643.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a552757ba69eee944c05944f342aa42eb4f46cf2aaf6ba8993b4a6da45057cfd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"dd7095c0faf3baafb0aec825bffa88ad"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rGHWIWbUKwXzQwj%2BhlmoX8XqVk%2FVtA%2FbZh1VxIukqRUPz3R26tZtUqv4psj7XrTuBPD%2FjDhYgyYFgxP6wsd5jL8zLAxsl4UAjM6ABvG1oqgvShUI%2F%2BQob2xQrwc%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
cf-ray
91fe657fc8228da2-MIA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
framework-2c16ac744b6cdea6.js
faces.wtf/_next/static/chunks/ 		138 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/chunks/framework-2c16ac744b6cdea6.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad5dcc4e01dab6422e6e5c6b3e67267079b6a145fe17981fe1e21688cc118eb4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"ba081822204541bb07bd8ef0b3b4f170"
age
3233
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ujxw%2B9LWww%2Fdf4cmC3YJa5GCU1MqTIQHZzQoBHMR%2BPFb2qZTOlIHkaWYuh6c2aFPX6meVfn7ZfgCzlnZjVVBzIVEy4XB1iDbpiJVP%2FtWyf1Oh3eiKj1KV6K8xRM%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
91fe657fd8238da2-MIA
access-control-allow-origin
*
server
cloudflare
main-e6e07284ec5dd648.js
faces.wtf/_next/static/chunks/ 		107 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/chunks/main-e6e07284ec5dd648.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cee6b1696aa0b323f94d7559594ce15d448db33341e8bee998b2553e8b1242be
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"fe471d5d15625fb5d626949960ad9edf"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eyHakj7fvN%2Bv%2Frc0SIiQaNsn%2FoO8SqDs5jKfhobI4JNejBnzP%2B8dPMW%2BFzThOrYLgaS0YZuSnh0oIwA3Yuzx4HcdGaXVZWD1W1tocy6qr7NV1iLoBVeKDHv69I0%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
cf-ray
91fe657fd8248da2-MIA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
_app-c6451915644ecb53.js
faces.wtf/_next/static/chunks/pages/ 		59 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/chunks/pages/_app-c6451915644ecb53.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dcb09ae80de7e7caedae5f4332b41da70a46e1b3c4bb53349d45a4c4cb1ec826
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"14b218b5b1d9b47e55decbd64dd5aa0a"
age
3233
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DfH27XMu2Nza9ICQEyPhE7y%2BlRz8A3zDGQcDUg09gCjy8J2mO5RXOXfYJpu8YKE7teMqbfUbv8L9XCYbebMXEHfkXRIofva6E0LiZmeX2U8wgtS93cWJIRN3mLo%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
91fe657fd8258da2-MIA
access-control-allow-origin
*
server
cloudflare
index-67288d0062113b3c.js
faces.wtf/_next/static/chunks/pages/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/chunks/pages/index-67288d0062113b3c.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6fe0ae51dfe4d80e94ef1ea3dde00e548c78b402b40397b32bc646b10d9dfd5b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"41ca88040c5de33fc8b798bd4f1ae877"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F%2BR7hLI9UXaA3lLDLa1cdULAB6EL6YU9%2BkLL6CYsHH9VecIqyS%2FNQz4MSkufZ8kbPtnHs4dQLgDNQAceSTky9Z19tK3WUGSCL4b5gItpxUZdpNrlmqS0vPnaEgG%2BpMeyj3jzSNBPgnQ%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
cf-ray
91fe657fd8288da2-MIA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
_buildManifest.js
faces.wtf/_next/static/5vg9asV2_8dZM2wr1V7at/ 		498 B
776 B 		Script
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/5vg9asV2_8dZM2wr1V7at/_buildManifest.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1cf54d45dc80a95ecb70ebe257ce705ce36803740322d4af813a5b71d50a08b4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
REVALIDATED
etag
W/"485819af109449a1faa83162677e802f"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F751HlDioOVIXGvH2zPDXs6rw7299Q0CfrStPccs4t7swGbM5Za5ysujOJ4yYEFx4TvqOCEv9WRbcETIv%2Bzaj%2FfMvtvbNzlD70GQKGgxpm5d7mNUIfbRbK4Sdb4%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
cf-ray
91fe657fd8278da2-MIA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
_ssgManifest.js
faces.wtf/_next/static/5vg9asV2_8dZM2wr1V7at/ 		77 B
555 B 		Script
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/5vg9asV2_8dZM2wr1V7at/_ssgManifest.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"99dfad1d4dc538d0f87b1326c3f89efb"
age
5839
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XYdFFEikrN5towGOQuvVX769UbOKbyKWZJKaG0%2FHRX39e8zYZomNdcZgj6yMvu9ltyJXc8wV78xNE9LCyQcDDgSZI3BrDsxuw2cEyM74mhnnJjMMJxJf%2FtiQgCA%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
91fe657fd8268da2-MIA
access-control-allow-origin
*
server
cloudflare
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Origin
https://faces.wtf
Referer
https://faces.wtf/

Response headers

cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"2024.6.1"
cross-origin-resource-policy
cross-origin
cf-ray
91fe658069712593-MIA
access-control-allow-origin
*
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
vary
Accept-Encoding
server
cloudflare
faces.svg
faces.wtf/icons/ 		61 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://faces.wtf/icons/faces.svg
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14c8551b6f1c25913ce2952529d09525ff11f69d5a1d6aae89b7a3b92efb3d1d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"ae4c29dc7bf08658cc27aa2c69d62dc9"
age
3395
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YOFoy0J1WHIuGC4g%2FrB0m1FZ3PJL2fIJCOzruhxLINe92FyjD39%2FGLJL1iYesJ%2B6xwFPIzRlxwD0Pxjf1EHMDq1bzrKv9PM%2BjN2MpvtZL2oxkHRpqTP7K8gw5bs%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
91fe6580882d8da2-MIA
access-control-allow-origin
*
server
cloudflare
g.txt
hb-vntsm-com.global.ssl.fastly.net/v4/srv/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb-vntsm-com.global.ssl.fastly.net/v4/srv/g.txt
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/sites/faces.wtf/index.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.194 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

Access-Control-Expose-Headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
ETag
"d41d8cd98f00b204e9800998ecf8427e"
x-amz-version-id
null
Age
7000
Access-Control-Allow-Methods
GET, OPTIONS
X-Cache
HIT, HIT
Date
Thu, 13 Mar 2025 20:49:11 GMT
Last-Modified
Tue, 02 Apr 2024 15:20:36 GMT
Content-Type
text/plain
X-Served-By
cache-dub4365-DUB, cache-mia-kmia1760089-MIA
X-Cache-Hits
13, 506
x-amz-id-2
dzi855gnllp9x1dVt9aU5QqZODEpEhnY71LXX83ISOVv/38pmEP5KIigL7EpORqP7aH46uypYvA=
Access-Control-Allow-Headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
Strict-Transport-Security
max-age=300
Vary
Accept-Encoding
X-Timer
S1741898952.874660,VS0,VE0
X-IP
38.132.118.75
Connection
keep-alive
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
0
Geo-Sub
TX
X-Geo
US
Venatus-CDN-HB-Rule-Version
1.1
x-amz-server-side-encryption
AES256
193.js
hb.vntsm.com/v4/live/vms/sites/faces.wtf/ 		36 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/sites/faces.wtf/193.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/sites/faces.wtf/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1899063be01b9f03b7437ba60cd270e42fcbfcfe8555e94fe7f474817e8dd613
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"35c06ea7054c53a0b7993c50b3a23cd6"
x-amz-version-id
NWyrlHXkSm2uN4BMmd2t.rTQ_GttTZB8
age
3177
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:11 GMT
last-modified
Fri, 07 Mar 2025 16:51:07 GMT
vary
Accept-Encoding
x-served-by
cache-dub4333-DUB, cache-mia-kmia1760048-MIA
content-type
text/javascript
x-amz-id-2
x2yjASKMCmtNYzcTTnSzmrcqImdj7ln9mAFX4FzveseyRQELDfYW2qBxNfi4u7WtWzcYwKYGc2s=
x-cache-hits
31, 1
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.790785,VS0,VE2
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
15633
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
562.js
hb.vntsm.com/v4/live/vms/sites/faces.wtf/ 		91 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/sites/faces.wtf/562.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/sites/faces.wtf/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b415c8f07e849c1c305b3635e92f740c88664411d34053a61db4a090cecf1c95
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"ce111d09451fa5fd4f5a49f6c1dc850a"
x-amz-version-id
k5P2db5Od.oprdFhjQfEM5lmk86sdDUe
age
3232
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:11 GMT
last-modified
Fri, 07 Mar 2025 16:51:07 GMT
vary
Accept-Encoding
x-served-by
cache-dub4347-DUB, cache-mia-kmia1760048-MIA
content-type
text/javascript
x-amz-id-2
Got/7LuDJsF9ur1GqGu6VXDpLqv1qHoDQMr3But7YGewVlmduwWMFT2cuYWFl5C0x9fFm1V7Fo925NJ+OWruwA==
x-cache-hits
31, 1
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.791032,VS0,VE1
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
23890
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
386.f307369513257742.js
faces.wtf/_next/static/chunks/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/chunks/386.f307369513257742.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/_next/static/chunks/webpack-7d287dd906ad6643.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c260ac31960304a2080a48e058e3a2ef4898a014d9b65da184106dfdcfee5a1b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"2ca59ae715c9bb5ae05d9681f485bae5"
age
3233
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G2y7NhzOh1kjw1sAYHY0WZzkxdyIPc6wUCwPKwJtubJsZGDH3LGaAQWzupGmdBIAJpjvG%2BJY9B9zkc%2BjOagXmz5nc%2F0Otqdxopcf0BsFtgn24GVCaXiK68Xkvbk%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
91fe6581182f8da2-MIA
access-control-allow-origin
*
server
cloudflare
151.babf8273a53360a9.js
faces.wtf/_next/static/chunks/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/chunks/151.babf8273a53360a9.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/_next/static/chunks/webpack-7d287dd906ad6643.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88154214d3aa3e8ead752c3d5b086aeabb2020c8e36d7beecf18578e44232f5d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
REVALIDATED
etag
W/"cc3a14db9831a5c318e1ca4b595960aa"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ekFPvQ0OHoP%2BbUvs5Tqr5HsAJfkiHfVAPIJdoCQFhAqT35Csc84JEztAanbB8kpYCL%2BvJE8FBqi7sH2KE8Y4BssWvzwYLkSXawtp3Ia9NMLtWvb01OLGON%2BaSsbcVzdCLv6SBl8Cy%2BM%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
cf-ray
91fe658118308da2-MIA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
ad-manager.js
hb.vntsm.com/v4/live/vms/ 		1011 KB
284 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/ad-manager.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/sites/faces.wtf/562.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
46ac059d57c99bb49518de997eff048e09b3573a596cb7b697432a44e5f922b1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"8bf976890df3b633ea9e01bc0296a12b"
x-amz-version-id
geAHYRXH3Lv2x20Br_vFYyg8ahC3KqzW
age
3442
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:11 GMT
last-modified
Thu, 13 Mar 2025 08:41:33 GMT
vary
Accept-Encoding
x-served-by
cache-dub4344-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
353XRMnyGq/H0f0LYMVb0MnXzD4n0TdJyEzsBozQ6TCNpA/680abPkY2sbpodEBmKCmxJjCBfMXofxrUx9kALR6TM75Su0nWEbDSvGJzQlM=
x-cache-hits
18, 19
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.904631,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
290100
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
stats-11233bba15a55e6d.js
faces.wtf/_next/static/chunks/pages/ 		0
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/chunks/pages/stats-11233bba15a55e6d.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/_next/static/chunks/main-e6e07284ec5dd648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"ff1fafa38e5caa39f91a3a264f9ee2ef"
age
3395
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hPP1uNoi0XomgjO7f%2Fkj3xwvQ4idY2yYlv6qOfb6nY4Z9uIySgfM2q8ZRTz62op2j1sdJckFJK8rvYbAxKRIHqRpfNXHkbU0e5L24c5z59M%2BmgUol52GNr%2Fuj2kfUsXBKjfT4AgDvog%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfCacheStatus;desc="HIT"
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
91fe658168338da2-MIA
access-control-allow-origin
*
server
cloudflare
archive-e746f025eb28d3b4.js
faces.wtf/_next/static/chunks/pages/ 		0
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/chunks/pages/archive-e746f025eb28d3b4.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/_next/static/chunks/main-e6e07284ec5dd648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"c0a621974aa154f19a61c6404098f06e"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KX6Uy6ByhU%2F2ex1tOlg86GxEENbayJA7lq%2BTcuc6T%2FFzwUprku%2Fvt7q1Ak4IDgN%2B8gPnjFCOWbFRAJ%2Fc5pXH05jIb29tgddkMc%2FmT8O%2FzcAFpHhti7REhsuzHq%2BzXKwdZVpdv%2BnFxT8%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfCacheStatus;desc="REVALIDATED"
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
91fe658168328da2-MIA
access-control-allow-origin
*
server
cloudflare
54.json
faces.wtf/stars/ 		163 B
622 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/stars/54.json
Requested by
Host: faces.wtf
URL: https://faces.wtf/_next/static/chunks/151.babf8273a53360a9.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
107bc1ec8160d92c0c0fda452f742fd178e47762c61065395452c42da7810ecb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
public, max-age=0, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"0305ff68c11ee2fa88689f3ab05c15b9"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oo%2F515dJgmqLiTORTHKfYoxCHfjTH%2BOGwexHddYZ4kOFE7YJ2PUSiuGbJQD1DaCoL7CqJyhRNKoituLi%2BjAN%2Flv8HehaBeg3glSNlEFTMo8eyO%2FQ9IdA0nJSy9U%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
cf-ray
91fe658188348da2-MIA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
88.json
faces.wtf/stars/ 		154 B
619 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/stars/88.json
Requested by
Host: faces.wtf
URL: https://faces.wtf/_next/static/chunks/151.babf8273a53360a9.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44416ba430f0b726c5a88aee0a21f0abe2fb711eca5d1a2ee4baa868d2830fc0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
public, max-age=0, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"e81d8b517a047393ad1ff9e88d21edc1"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6oMdKdkZbOC9%2BxSMsDsWI1RpvFagOfQCgEtYDzfE5sZod%2FKfuYkaW3dVL9VPij%2BeY3Xx1%2Fmx%2F%2BhwKUtUahhZuk0cA9aW6%2Fb37WG1qMXXPY7hqrkqmI8gaxWPefs%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
cf-ray
91fe658188358da2-MIA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
placeholder.png
faces.wtf/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://faces.wtf/placeholder.png
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91a058ff4adb16c84496769d82a047e77af8bf4d9e1e573d569040b41fad95ae
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
REVALIDATED
etag
"ce6afa887de628a9206e4b6e153ae753"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hJwrYTrif%2Bi1pLKb4fBg1FBT5rOTaoLzpCVGgMeZqdf6JzzCJZbEIo%2FXwJZzrlsK1B6PXu63kRb6%2Flen7oA2lTBD4NgPVO6pGsk82xQ70k7cZKW0PotPF%2BHvTR9B3sWlNLIREJdr7Ec%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
cf-ray
91fe6581c8378da2-MIA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
11657
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
image/png
vary
Accept-Encoding
server
cloudflare
54-88.png
faces.wtf/challenges/images/ 		361 KB
362 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://faces.wtf/challenges/images/54-88.png
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
002648cda33beef730fc1dc5e62b0bf2be60c3635a48d828c0ff2ce053da280b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
REVALIDATED
etag
"5a222c29364c0d182c73903e61ef4991"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AzOlkBEbO113XhEp2U89vrVXPWKPyeqnKL9O8AxMJ9mGeLuJcdlIvFfGNMsT0ej95MpubEW0ewUhPCWUGC5eXMEiOoLWalVbdcTXRCk2gh9yl0E0dgX2m6Dw%2FSA%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
cf-ray
91fe6581c8388da2-MIA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
369764
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
image/png
vary
Accept-Encoding
server
cloudflare
stats-11233bba15a55e6d.js
faces.wtf/_next/static/chunks/pages/ 		10 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/chunks/pages/stats-11233bba15a55e6d.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/_next/static/chunks/main-e6e07284ec5dd648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d658423fb50e913c70d082a763f76c7667437353f7a047e2a6bae306f405ac9f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"ff1fafa38e5caa39f91a3a264f9ee2ef"
age
3395
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hPP1uNoi0XomgjO7f%2Fkj3xwvQ4idY2yYlv6qOfb6nY4Z9uIySgfM2q8ZRTz62op2j1sdJckFJK8rvYbAxKRIHqRpfNXHkbU0e5L24c5z59M%2BmgUol52GNr%2Fuj2kfUsXBKjfT4AgDvog%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfCacheStatus;desc="HIT"
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
91fe658168338da2-MIA
access-control-allow-origin
*
server
cloudflare
archive-e746f025eb28d3b4.js
faces.wtf/_next/static/chunks/pages/ 		9 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://faces.wtf/_next/static/chunks/pages/archive-e746f025eb28d3b4.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/_next/static/chunks/main-e6e07284ec5dd648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23f6c09f238319b3a2f1dec8ad29e66cc0e98765a049c5bc3ef3d8a3cb5ac9b6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"c0a621974aa154f19a61c6404098f06e"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KX6Uy6ByhU%2F2ex1tOlg86GxEENbayJA7lq%2BTcuc6T%2FFzwUprku%2Fvt7q1Ak4IDgN%2B8gPnjFCOWbFRAJ%2Fc5pXH05jIb29tgddkMc%2FmT8O%2FzcAFpHhti7REhsuzHq%2BzXKwdZVpdv%2BnFxT8%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfCacheStatus;desc="REVALIDATED"
alt-svc
h3=":443"; ma=86400
date
Thu, 13 Mar 2025 20:49:11 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
91fe658168328da2-MIA
access-control-allow-origin
*
server
cloudflare
31805.js
hb.vntsm.com/v4/live/vms/ 		1 KB
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/31805.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6e9a6b334cb9810f7d25fafab61725edf522f8b7372ac65f1274db79867a6537
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"31d0f8f91192471adb37d7b87a9e52c9"
x-amz-version-id
X3WcPR5xoY.GjVAJE.etEZrNbk2USV9x
age
3439
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4331-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
nxPDVm/1HNcBvx76VYNF6faWd8/0m8hKHNDT/Bfsay1g17yR48YZNxSyk6ij2c7Xc/ZEUG6ZXt4=
x-cache-hits
58, 473
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.112055,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
453
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
26946.js
hb.vntsm.com/v4/live/vms/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/26946.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ae47d60da5641260e58328d755e9e1e2897451f21a72da17a3c2cf03a2063f02
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"79007e78e1a1f2e7e947670515692e9d"
x-amz-version-id
U.lDR1uoVAoXdUB4lKr_GVzXD1KfCCgq
age
3444
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4352-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
ojRVuhyib5rdZTR6CUgrq1+z53FXvU1x5KQyTvz4v2gU0IwVtORrdZQleKkiwvDEavvIb5StiRE=
x-cache-hits
46, 28
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.259943,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
6778
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
51926.js
hb.vntsm.com/v4/live/vms/ 		28 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/51926.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
387043db1afdd90b46ff0cd040941eda1474c14f8ed5105bd95d13320a892e4f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"5a4d148fb64ce0f037834b18fd0e12f4"
x-amz-version-id
aJbCJxhFuT7i5OpbOl5Q465WlIgMyIK8
age
3444
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4347-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
mT1k2GjaUy/r+6ZCxql+OhHE7L0hqJUhuYGDARYTTaDmqA7IFSO0hPHLcfxGoCfSovUEC3TNMhdpc1svH9uRpA==
x-cache-hits
37, 26
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.259926,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
4705
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
script.js
cadmus.script.ac/d1oykxszdrgjgl/ 		202 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:291e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
194acd38c64c830c909fbf5b909ba7fd7fb2c5a8efac9593a1d854caee21c2b6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
public,max-age=600,stale-while-revalidate=3600,stale-if-error=86400
content-encoding
gzip
etag
W/"7892082db6e7d085222997634e87ff4cf0818476"
age
0
cf-ray
91fe65846856da33-MIA
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
last-modified
Thu, 13 Mar 2025 20:18:56 GMT
px.gif
ad-delivery.net/ 		43 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/px.gif?ch=2
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

x-goog-metageneration
5
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status
HIT
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
age
205381
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jt1TTcyenw9fmwzM3%2BLTi7%2B%2Bn2doZxJoiGbZxWMcvQGgU7dtPmgQZF2tskhURdZuw2r1ueeG23Wjn7p6n2CRWzZDV2uiwRAaR4zydybwtlF2QpS5cTVDg3PHu3aE8bFFsAZruRWWAB9ZNvb9dQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding
identity
expires
Fri, 14 Mar 2025 20:49:12 GMT
server-timing
cfL4;desc="?proto=TCP&rtt=30011&min_rtt=29837&rtt_var=6556&sent=6&recv=10&lost=0&retrans=0&sent_bytes=4358&recv_bytes=2260&delivery_rate=128119&cwnd=252&unsent_bytes=0&cid=92aa3064c89704be&ts=59&x=0"
x-goog-stored-content-length
43
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
image/gif
last-modified
Wed, 05 May 2021 19:25:32 GMT
vary
Accept-Encoding
x-guploader-uploadid
AHMx-iEgwdpW2Zv2M1962Zh5MJ7rhdVPxZO5Rp268HHq0WiNbq472uwIgMnjyaC3CNVfmiU
cache-control
public, max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class
MULTI_REGIONAL
cf-ray
91fe658468abd9c5-MIA
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1620242732037093
content-length
43
server
cloudflare
content.html
hb.vntsm.io/ 		32 B
467 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.io/content.html
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:2f8e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce8368e5b8e9f2f066acc6284578c00021aea742c4c7c7ec2836c232a5f8b1f8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

geo-subdivision
US-FL
access-control-expose-headers
*
cf-cache-status
HIT
etag
"2f58b9ff601fd509249a9e7628a21c33"
age
2139
geo
US
access-control-allow-methods
GET
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
text/html
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Thu, 14 Oct 2021 10:47:47 GMT
x-amz-id-2
P10QoXrQZELAMrDcNQ8qoRL+rlJdiI+jlOWRIpd/kaRr80oPPtBAYCKk6sTme5HjC7tPJeoPXOI=
cache-control
max-age=14400
x-amz-request-id
M3WCZ5SHV4FMHH7M
cf-ray
91fe6584eac131d7-MIA
accept-ranges
bytes
access-control-allow-origin
*
content-length
32
server
cloudflare
px.js
p.cpx.to/p/13058/ 		6 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p.cpx.to/p/13058/px.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.210.9.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-9-111.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b723ed8de08c39e892986b54a30cfab7f2b83a0d5d12d1b16fca72e65e008f49

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
public, max-age=7200
content-length
6549
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
application/javascript; charset=UTF-8
11613.js
hb.vntsm.com/v4/live/vms/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/11613.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9de64b2d72bc9fca370d00a26f0633b1d3411bc94e8bc8096d45d938b5e838b6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"afafd76a018506c353fd0f606f8228b2"
x-amz-version-id
rXcDxyIXK0GiV3oUJPnOrseZ3jkTTe3M
age
3443
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:30 GMT
vary
Accept-Encoding
x-served-by
cache-dub4347-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
H7NfXdmtk1LemWLCFB7i2g4MX0EeAkX4emST/3fJSSMIoFdGFuF99Hg/aVcKJoTogNbmSdqAInJ9lDsPGMp499pUm7ffTQda
x-cache-hits
41, 26
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.317814,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
1472
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
73469.js
hb.vntsm.com/v4/live/vms/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/73469.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5c093bb50c00c044ae820c2e717a2ec1f7df2f1f527807fa68077aa933344557
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"0f531f1d52dc8c8eb3bfcf92ebddb831"
x-amz-version-id
rWKoun3qZtXbw7H9D4qpN7lWfa_yV7Us
age
3444
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:32 GMT
vary
Accept-Encoding
x-served-by
cache-dub4362-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
acXY2w30A/0j6sQiyvAZYXH8sA+4gjMp1x2Sng3LpqTHJ2gJJg9VzwkOU5zLDMDSYQVXKrfePZCx1dr5+nknlZthe/vxU/svPysiTZF+b0Y=
x-cache-hits
52, 28
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.317693,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
6574
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
50678.js
hb.vntsm.com/v4/live/vms/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/50678.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c4e5b0e14a271b2355a631bd239bfbbe4e5b0ade9fc20e6cd5d1613f1538fab7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"bd244897ba3fdf6d0a8a85ee3c87736c"
x-amz-version-id
VBBaj7MzhSVBPft2c38qXMZmQH6A5AXh
age
3440
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4366-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
c6v1fClxmCHYpi9qgFhbAW4yNOlArFsQbP2UT1kj7zP6UCCofk/jccOicg5IdDukqnal8r9glpQKaW/vhkurwenPjjOq8A0l
x-cache-hits
11, 29
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.317656,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
3040
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
33693.js
hb.vntsm.com/v4/live/vms/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/33693.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e48101da015562ac4f710e08ec7d28acc8ea6fd0d951944608457b621d171fac
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"5f60a7cfd0e34cec58c01aeeceaec35d"
x-amz-version-id
YNdE5w.P9lPMfdHlExypuOHmRH.kTezs
age
3440
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4329-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
x2bkbKoGT6d3h8GmGIogMkgx0Y3bZSHO/RH+bnArwQBsg24VZ7ocWQoWdsMFzQ2DqjfvdRZFUIRPHC4uAYIokVCG3pqJcdUq
x-cache-hits
10, 30
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.318170,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
4622
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
25369.js
hb.vntsm.com/v4/live/vms/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/25369.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
615e88a3e9c0c150e5e79987a7e292b7f6c67354ead8af49d40eb4879012b425
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"b4da19f34dfa762187b6fecafaa7aace"
x-amz-version-id
l1MYRGT4hClP1BcrR9.NdmljoVclee7X
age
3444
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:30 GMT
vary
Accept-Encoding
x-served-by
cache-dub4328-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
HFjFV2apbKtsaBenhVfSkANDh3/NiYaLdWG+cwRp8RnZCE10FHDYIaw+UyHsUerIuG5Ymnxto0c=
x-cache-hits
55, 29
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.317848,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
3443
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
44599.js
hb.vntsm.com/v4/live/vms/ 		25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/44599.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cbaa5e4276b74c4024b17de1d091e6cbc32a4cbdfca0e51c035150529b3c4bce
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"2fe38967862ad1b4d4bf3c9dc627497d"
x-amz-version-id
8paAh5NyDq70yshQix.aQ.rEvBIF_xKZ
age
3441
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4343-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
PHg2GzwJEqNunPVXJa0L5hRHEv7QyNwV/i9MOpFyBgqTJcdKKfTxTXoBY8HcYpP16ZPz5kL3+YZzYoeLqDGoUQo0tedfAu9dkyx9F/cyY/k=
x-cache-hits
22, 28
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.318092,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
9268
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
53170.js
hb.vntsm.com/v4/live/vms/ 		29 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/53170.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8cc803cdc58a64d30a94037b116eed0135cde82f18b89cb07a21ce7776dfb2f0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"700c469e2cbf10813750bbf65addd1b5"
x-amz-version-id
EfJ4249vGNVpLqhplY4HBVHfnKaRcUfc
age
3444
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4326-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
FoSTsfudv1+N+Y0BmpEKzgx+476LXx8ziFNQ4AykO9NA0h7+tQmEvRuCy853dJ2CWHW/b3+lBbVHEs39LTh+vieGW3Fh/WN7
x-cache-hits
60, 29
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.318392,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
10130
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
63206.js
hb.vntsm.com/v4/live/vms/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/63206.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5183b7b325e4a151d7e5c04520848756fc66c4669a5a8c34156df9710e71bbaf
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"081cffdd015b3b0e0e51d43dd9e44954"
x-amz-version-id
gJLBywLuOsEY0YfWAxorJTwxnoZPhVvV
age
3443
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4324-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
42c8XJxJYQu0/va6gPNRjbutwGazMwFGbRX3wvM/cp+zvys8GCVtPsUgZfASVF/5GM0g0mk4iiBkN5P8Enlq7j7MZ5mNIdQG
x-cache-hits
34, 28
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.317464,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
9935
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
41252.js
hb.vntsm.com/v4/live/vms/ 		25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/41252.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0f3007ea195c4a8e642b81af2e6bb8cf9434c07dbcbcb8ed5401839ebf960da5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"b72e67309bfaefe127c346d58220e5ff"
x-amz-version-id
HXPFZ68vxcXavSY5_MTZqdXUcJyvh50b
age
3444
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4326-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
ZFMkBYLSdsfUJzwktJv9UNC0FlkOKG0c37hmLT3zbZgPmbYkoxK5Mh5SEJNfP9PfHF8DBzQ+7RQ=
x-cache-hits
60, 29
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.317439,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
9029
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
74012.js
hb.vntsm.com/v4/live/vms/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/74012.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
708fd7958cb1523354b05c0741e0d32bd47c82503fe33efa920604155f5ab7ef
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"1d0058f3d7bb1a245a04625447d89cff"
x-amz-version-id
YzyqwS9AJuX0IMta16F9KmCth2IgT8yR
age
3442
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4353-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
+Bpc3CzVUzQx3N06aIKcTmor4RvOD/OG/v5a1rYHwbBsRZMDuK1CEkpvqalpf3pfUzW6vwX3fkCOY6ZUZUYZoIV4eGURkZgC8vmRGju+iKo=
x-cache-hits
36, 30
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.317419,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
3185
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
62711.js
hb.vntsm.com/v4/live/vms/ 		27 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/62711.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4877a611406cd0c8b8e67ff8c8f3741fc91f068d4fb0939b1e5d8773c95d3214
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"10a543209df5e382f9cddec0c0405054"
x-amz-version-id
P9Pa71RVjJfwr4QYFDfd0P15IjHUYhkh
age
3442
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4335-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
uAYi3SUOFW0iGDm1mWd9DaduyavuBlBUvyWZfos+CdmfebGTvLcZMaEYyOGLoBgRyG4RBTBhIZMUCR2larigicLkzDKlavP7EXIMJijAttU=
x-cache-hits
30, 28
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.341277,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
9889
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
90089.js
hb.vntsm.com/v4/live/vms/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/90089.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3d715953d8607d3141b793c1de7088ab96190f77b04116f7140f8ef934fac815
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"fe48c8a637365fbdee8590d124676444"
x-amz-version-id
7zB9auxqTs3AJmT.d4jEzBl1dJE9E7i4
age
3443
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:32 GMT
vary
Accept-Encoding
x-served-by
cache-dub4358-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
alyunCLrAcqwhAopHA0u+ROe5+wO4SeUgYWR/Ypq435sDQRS/QSVo/lzwVUzBNw+LvGKlgQ9vDZ+4ZNDIN7D0g==
x-cache-hits
60, 29
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.341094,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
2725
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
19761.js
hb.vntsm.com/v4/live/vms/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/19761.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f47dea1ff59cbb5781cad41a36be6df7123d9068dd7160e99f41c94deeb63390
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"a3c35ff8a14dea91cee79ec98d7650f4"
x-amz-version-id
gUcxw_zM4TvMIxgZX.Hovz3c.SQfEP4o
age
3439
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:30 GMT
vary
Accept-Encoding
x-served-by
cache-dub4345-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
QThMbWN0TcmVGi/EY/+64hty6TSrhMPRAa2SXJ9wajs4ScSnOF4mX3MGLIhSBC9SLcuOXuOTb+3fsfNLDjoHTA==
x-cache-hits
10, 30
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.340778,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
3826
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
68723.js
hb.vntsm.com/v4/live/vms/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/68723.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b5846768b2a34f804191adbda61e2b8ce7d5da42a968c53d2c6a21858f1badb1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"15f8570501266dd4a252cb4e9b7b4433"
x-amz-version-id
52IgALZ9wX4QrrYBFSIx2rUleFpE2aDv
age
3444
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4336-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
C4QZL2+m6MonbxItUy5zYXh6cLcHkzNaX43mZ2FOpgXsfBVap9bahPWe9lBLm/af6YVnz/sg/hD3RQVeJRyMS8JvVvSJ2vrg
x-cache-hits
53, 27
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.340568,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
3172
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
98282.js
hb.vntsm.com/v4/live/vms/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/98282.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
47c5e6a7c70dbb6ce3c8598f21ad899c42391ad0dce003ebc27f4cadf4a8fd7e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"ffd940b475838bd1666e69e641ff4f6b"
x-amz-version-id
suBogAPD0cP_0DQt3BK6g6nGMIMNuZM_
age
3442
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:32 GMT
vary
Accept-Encoding
x-served-by
cache-dub4337-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
xilrqpVhbPzJMUEkz4sjdG5t5eGFKd17rb34e/yv6BNsx4ocwPfDzxFPOaD94noWGuNeaCPLXXL6RqHiMro1CqaRVZglOYx5
x-cache-hits
29, 28
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.340571,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
2546
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
20404.js
hb.vntsm.com/v4/live/vms/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/20404.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fb626a05fd1c1ec386a9ad7f2fbdd6ddb36a012b730312fe7fa67dc73f6666a8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"85d15ad761f666c401b8b83b14f79fce"
x-amz-version-id
_ARmgJXC0dwESnBmh6ZbnaSlPFvxb0Dk
age
3443
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:30 GMT
vary
Accept-Encoding
x-served-by
cache-dub4347-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
372ATagptnWrR1kO4WSUd6Kr5nqUVAmnXdF72lCTtAJl0P9Mj+IKjpw31FwkAgd3i1+uSxg/ug8=
x-cache-hits
12, 28
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.373949,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
3315
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
apstag.js
c.amazon-adsystem.com/aax2/ Frame 79AD 		383 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.112.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-112-90.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
95e54d63eaa4361292503a9111b9768f854d7ca5f6e973123a2d2153294ae936

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

vary
Accept-Encoding
cache-control
max-age=3600
content-encoding
gzip
etag
W/"0acf80d8b6fad1e690a58cfd244ab257"
age
1194
via
1.1 f6d7fdc57860c8c79f694e99b07ead5a.cloudfront.net (CloudFront), 1.1 2301ef513d768666e30ce282b9045098.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
SC8tUmMxJ4VNHK1azLgLCzGjzsuc_RL-I0T5Ge-klHENdekbEm127Q==
date
Thu, 13 Mar 2025 20:29:18 GMT
content-type
application/javascript
last-modified
Tue, 11 Mar 2025 19:55:55 GMT
server
AmazonS3
x-amz-cf-pop
IAD55-P7, JFK50-P3
x-amz-server-side-encryption
AES256
70931.js
hb.vntsm.com/v4/live/vms/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/70931.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6f71aa0c67cfc824ca1ff2afbe9e2b0f4e3ce145fb774533faf532ffeca79b3a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"9e7fb4d06025ae014b338876bbd0725e"
x-amz-version-id
Apei1RQADt8pIFfH4J9dY3PpFNYQPSkS
age
7040
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4366-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
mlrmLLS7egwIoyDBAfaFo8MlFni9bDiTcG7+Y9WhZBjCNOQV1hgp3BLFfHMfcGapEyeFZ/Ua9FKliHEOX59mdg==
x-cache-hits
10, 51
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.387659,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
1618
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
96047.js
hb.vntsm.com/v4/live/vms/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/96047.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e1fbaed711a15d37ad237843b3ad78da31d818c6193e8927d7e01ff2f9286f8d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"a7d4e05c4af0c4ea0c366681b121a977"
x-amz-version-id
bR34iRzdUl4D9ZnXgOiwqGALrYAA7Opf
age
7042
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:32 GMT
vary
Accept-Encoding
x-served-by
cache-dub4356-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
rP4jL3o9thGO0NYWWPLzvmWbYTLaYCsSTlBdibKX1vhadAanBnpCSh2jg94lb3sfP74+oEkvCDk=
x-cache-hits
9, 52
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.388838,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
1091
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
26497.js
hb.vntsm.com/v4/live/vms/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/26497.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e104e214fb25a71091783a9fbd2b872191d7d94610684cb8257efbdc861898c0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"935075cf4f0be57ec9796c1918c5f7b6"
x-amz-version-id
9o4lqBxAMG_opb2LDyIBykVLQ4QJfXzr
age
7042
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4363-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
goEP6qX7aFOCFX5PzgranyzUR7aBFdKV724trAOKUPSEb09Sjnp5NfmYYRzZtWZcyC5AcgrDoAE=
x-cache-hits
10, 51
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.388078,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
5998
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
55153.js
hb.vntsm.com/v4/live/vms/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/55153.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ee096a851d8d6abd4eb044eb7463de39bb6b6b09716693b8ffc645d5353ffdf7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"a6dad4e715762024d27620ea448015eb"
x-amz-version-id
_xYGIP3qlIaFkTe2Hj8K_1pIOurDvmWY
age
7042
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4356-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
mTTFVbo+OdT+04zqrgYj67FsShv+smvlfzIyeearRLi35qia0mNAFevaO+Jux6b5xVBXb7oovrw6PMz5NPJRXg==
x-cache-hits
10, 50
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.388331,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
1134
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
45496.js
hb.vntsm.com/v4/live/vms/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/45496.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
288bfb5a2bea5904baf3c1e1203069ab2eee7d65a8dfbe25ecca6dc0e48a08b3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"ee13570644c9584acb367fc1b7de8b02"
x-amz-version-id
wkvKXevskbyljxzmUrUk_j5qE2_9BbQD
age
3444
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4348-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
TmQIEmvJxnUF2Zu721vTXK4Ht+n9pM0kAS188/+c5LKKCrZ/UbSkzJBWym1/jgo+PgJZtSKx8/8=
x-cache-hits
10, 28
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.388047,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
1301
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
10891.js
hb.vntsm.com/v4/live/vms/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/10891.js
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
503b67852f8ba1a8fa41f50039a65613a5aefdc6a04ec8ffe64bfcb692f3e1d7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"683b2eb69842ba06d6df27efcc339f8c"
x-amz-version-id
0kQUObWx7swxfBIwPleYEifOTjAYuFK9
age
3444
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:30 GMT
vary
Accept-Encoding
x-served-by
cache-dub4358-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
8O1m7nw+ZaK7VzN0/VKN9aIoPggQ5KOGuoj7B4c/lCqQYuQoDEDbM9tp46zFLcTuZFjHaMfAyHjNk7QcLQUI6aakseBMQ4UuzwNBUim4i+0=
x-cache-hits
9, 27
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898952.388128,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
923
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Ffaces.wtf%2F&domain=faces.wtf&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://faces.wtf
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://faces.wtf
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Thu, 13 Mar 2025 20:49:11 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
214142
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
envelope
api.rlcdn.com/api/identity/ 		0
0
rid
match.adsrvr.org/track/ 		109 B
576 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=zwqtqe4&fmt=json
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
ae1171937a1f9a7fbbbae8bf06a2e5475c0dabfa8274b73144f500db1720acdf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://faces.wtf/

Response headers

cache-control
private
content-encoding
gzip
access-control-allow-credentials
true
expires
Sat, 12 Apr 2025 20:49:12 GMT
access-control-allow-origin
https://faces.wtf
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
application/json
vary
Origin, Accept-Encoding
server
Kestrel
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept, x-integration-type
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Ffaces.wtf%2F&domain=faces.wtf&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=cQFzT3w4bGpzdFAxMDE0UXVjbkhZYStFVUM1dno5R0ZybEpNVENqWXU1Z01jYzNGYjU3T2NycmROVjU1cjBNbzhrclFPdWsxMzA1RmhVYnFJMTB5R2k2L1l4akE5SERPcjZOZnc3NmlWeXZKMHdqcU9NaVRwSWVvRVpoYk...
370 B
924 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=cQFzT3w4bGpzdFAxMDE0UXVjbkhZYStFVUM1dno5R0ZybEpNVENqWXU1Z01jYzNGYjU3T2NycmROVjU1cjBNbzhrclFPdWsxMzA1RmhVYnFJMTB5R2k2L1l4akE5SERPcjZOZnc3NmlWeXZKMHdqcU9NaVRwSWVvRVpoYktBQ0xxeWlhODNkSnNyWE9jOVREL2pzbEpQNURxakRFaDdWWDBDQU5KWTc4Uk81aGJhaGRMU0hXMExta0RyRHlPQXJZdDVEVEJnOS85d0F1QWV4ZndiVHdNeS9mUm9YcWEzZHhkK29Pa0RjUnY4bFJsYmxFUGZpdGRNN202N0lheFNWcHBCUmxnfA&cppv=2
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
74.119.117.17 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
2883ccebcb28a6b9138988fe1cf282b1ef60ab7e508f7b8777fe410733b76d9a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
504847
expires
0
access-control-allow-origin
null
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
Kestrel

Redirect headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-cache, no-store, must-revalidate
location
https://mug.criteo.com/sid?cpp=cQFzT3w4bGpzdFAxMDE0UXVjbkhZYStFVUM1dno5R0ZybEpNVENqWXU1Z01jYzNGYjU3T2NycmROVjU1cjBNbzhrclFPdWsxMzA1RmhVYnFJMTB5R2k2L1l4akE5SERPcjZOZnc3NmlWeXZKMHdqcU9NaVRwSWVvRVpoYktBQ0xxeWlhODNkSnNyWE9jOVREL2pzbEpQNURxakRFaDdWWDBDQU5KWTc4Uk81aGJhaGRMU0hXMExta0RyRHlPQXJZdDVEVEJnOS85d0F1QWV4ZndiVHdNeS9mUm9YcWEzZHhkK29Pa0RjUnY4bFJsYmxFUGZpdGRNN202N0lheFNWcHBCUmxnfA&cppv=2
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
254768
expires
0
access-control-allow-origin
https://faces.wtf
content-length
0
date
Thu, 13 Mar 2025 20:49:12 GMT
server
Kestrel
pbhid
id.hadron.ad.gt/api/v1/ 		227 B
362 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id.hadron.ad.gt/api/v1/pbhid?partner_id=288&_it=prebid&t=1&src=id&domain=faces.wtf
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c415e0eb17ead2fb65fed0185e557cc902c67b7b8430678b8a78d86ee9e0b54

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://faces.wtf/

Response headers

content-encoding
br
access-control-allow-methods
GET, POST, OPTIONS
allow
POST, OPTIONS, GET
cf-ray
91fe65856a118757-MIA
access-control-allow-origin
*
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, *
prebid
id5-sync.com/api/config/ 		194 B
658 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Amsterdam, Netherlands, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
8117b37f1f694726caf04df8f33c28516d792d5fb9e9d4a40d97c9966f3b9ca8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://faces.wtf/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-origin
https://faces.wtf
p3p
CP="CAO PSA OUR"
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
application/json;charset=UTF-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials
true
1a
i.clean.gg/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://faces.wtf
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=utf-8
date
Thu, 13 Mar 2025 20:49:12 GMT
server
nginx/1.21.6
via
1.1 google
1a
i.clean.gg/ 		0
104 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
Content-Length,Content-Range
access-control-allow-methods
GET, POST, OPTIONS
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
application/octet-stream
server
nginx/1.21.6
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		107 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
db21a396338aeb2d9285f2cfd434dadc2944a2eb81b35ff4d2d2f72eba6b5e3e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Origin
https://faces.wtf
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
437 / 20160 / m202503100101 / config-hash: 18273209738217555236
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:49:12 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
33660
x-xss-protection
0
server
cafe
97966.js
hb.vntsm.com/v4/live/vms/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/97966.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9d0509ae91143462a6f75eda85ff5fb92e3619d8146d10803def413092c40b45
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"49ae82bebba6c6890676a7ba639fd9db"
x-amz-version-id
P1rxi9F5ip6hQWghkE2H9BlM_NW_om0n
age
3439
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:32 GMT
vary
Accept-Encoding
x-served-by
cache-dub4342-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
MobwYAG3HCo56AD4cJZXXmqiZMjnamelV9PEdzfjWacNJxJ6eoY0ERyM4XkQGAI9xhxOB9vYl8/NiI83wY8n0MPkHCtev4LRuu9fsosapdI=
x-cache-hits
2, 24
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898953.579954,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
5250
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
61665.js
hb.vntsm.com/v4/live/vms/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/61665.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
af38029add5f0a61cf23e73db972184076dcbde7c9b49cbf2691aacb5f2f941b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"8778e140ccd9ef418378d8cf62a5263f"
x-amz-version-id
WtAp9d7w7wsGAy3vNXPRP9.TqnQezdIM
age
3438
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4350-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
O1IncMfWNrycJFpP7BSG9bNlt63OqVOOU98Bet5u96aQLNhACtnUlr03MdackRvh+wSdnXJxrB4MCYwe+g9KGladf6rHKxil
x-cache-hits
40, 19
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898953.580088,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
3983
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
63619.js
hb.vntsm.com/v4/live/vms/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/63619.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1b98f736eb84c033d808669c5c44480fe622bb66b7690645acc3ffd3b4f06a21
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"2a5f042f87b65e29062ddf3e308f76b4"
x-amz-version-id
zPrNnRdQaz_jK0yTlyIkvBblA3Wqk8hJ
age
3441
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4358-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
FQ3oT89r5K0q1gmIr+praQOsEkQgwZeR/h59SIAqoqsCeXw1kBvB44S/bqYo7sG2IvkwnROS0Aki9ooAoh6wZw==
x-cache-hits
34, 6
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898953.581073,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
1845
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
53206.js
hb.vntsm.com/v4/live/vms/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.vntsm.com/v4/live/vms/53206.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.42 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0dc17345df0672de389ebd22545a6c47e3e934ec6913ba3d685025449f55715d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
content-encoding
gzip
etag
"a04595231c2bd4e99e11fc17e12226b7"
x-amz-version-id
rNTM1hbc3qDnCrzFodaIwbYmm6i16kUT
age
3441
access-control-allow-methods
GET, OPTIONS
x-cache
HIT, HIT
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Thu, 13 Mar 2025 08:41:31 GMT
vary
Accept-Encoding
x-served-by
cache-dub4365-DUB, cache-mia-kmia1760048-MIA
content-type
application/javascript
x-amz-id-2
HainGkVfKnwuStE+JWmprslX3CFDt2FCkn5gjPxLiKNGowb/Y2LDNKZ3cPhDz8E+RDpWL6n96KOfbWr4V6GQJA==
x-cache-hits
9, 14
strict-transport-security
max-age=300
access-control-allow-headers
X-Geo,Content-Type,x-bl,x-geo-subdivision,Geo-Sub,Geo
x-timer
S1741898953.583075,VS0,VE0
x-ip
38.132.118.75
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
3722
geo-sub
TX
x-geo
US
venatus-cdn-hb-rule-version
1.1
x-amz-server-side-encryption
AES256
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 79AD 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.112.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-112-90.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-max-age
3000
content-encoding
gzip
x-amz-version-id
r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE
etag
W/"a4d296427fc806b21335359e398c025c"
age
63668
access-control-allow-methods
GET
x-cache
Hit from cloudfront
x-amz-cf-id
-V1GG5bNcUFbyrcB-muVPNdfWFBjOwTtMd-nOx6Wkc6zJljRtD7MAg==
date
Thu, 13 Mar 2025 03:08:05 GMT
content-type
application/javascript
vary
Origin,accept-encoding
last-modified
Thu, 29 Feb 2024 02:13:08 GMT
cache-control
public, max-age=86400
via
1.1 16fbe6f2baa3fcc1563be742e6d45f20.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
JFK50-P3
server
AmazonS3
x-amz-server-side-encryption
AES256
70247b00-ff8f-4016-b3ab-8344daf96e09
config.aps.amazon-adsystem.com/configs/ Frame 79AD 		563 B
829 B 		Script
General
Check archive.org
Download Go to
Full URL
https://config.aps.amazon-adsystem.com/configs/70247b00-ff8f-4016-b3ab-8344daf96e09
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-108.jfk50.r.cloudfront.net
Software
CloudFront /
Resource Hash
abce51476c992eaaacd53b9b0f4ef97b8d9ceaacad89e706a3bde801ed30e6e4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
max-age=3600
age
706
via
1.1 01b6e75b22243ae76d6d282c014927c6.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
content-length
563
x-amz-cf-id
HtFsIf1bvfbLGfrykPgd9UFXvx4pLypTt57l75-aJqevhpVyuRotYA==
date
Thu, 13 Mar 2025 20:37:26 GMT
content-type
application/javascript
x-amz-cf-pop
JFK50-P3
server
CloudFront
config
c.amazon-adsystem.com/cdn/prod/ Frame 79AD 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Ffaces.wtf&pubid=70247b00-ff8f-4016-b3ab-8344daf96e09
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.112.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-112-90.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
4b56c73fc679df3678714fc5f2b472950c698f4ddcc76de9f67be729cd4e14e5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
max-age=21550, s-maxage=21600
age
19534
access-control-allow-credentials
true
via
1.1 2301ef513d768666e30ce282b9045098.cloudfront.net (CloudFront)
access-control-allow-origin
https://faces.wtf
x-cache
Hit from cloudfront
content-length
2353
x-amz-cf-id
zlxSWmkT_HYt5w6wcGEvf6DYWeH_8yv4zqqF65z57ajs6Zc1UY6VqQ==
date
Thu, 13 Mar 2025 15:23:38 GMT
content-type
application/json;charset=UTF-8
x-amz-cf-pop
JFK50-P3
server
Server
getuidj
ib.adnxs.com/ 		11 B
695 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.164 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
38.132.118.75; 38.132.118.75; 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; *.adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
https://faces.wtf
an-x-request-uuid
510d2b75-8185-4c8c-baa6-89649a0c071b
content-length
11
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Thu, 13 Mar 2025 20:49:12 GMT
x-xss-protection
0
content-type
application/json; charset=utf-8
server
nginx/1.23.4
rid
match.adsrvr.org/track/ 		108 B
574 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=0fkciot&fmt=json
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
ab47d4ae1440cba8e5a6dde47341146bcea3b8c1defad57cd90d1313159072a5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
private
content-encoding
gzip
access-control-allow-credentials
true
expires
Sat, 12 Apr 2025 20:49:12 GMT
access-control-allow-origin
https://faces.wtf
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
application/json
vary
Origin, Accept-Encoding
server
Kestrel
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept, x-integration-type
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=cQFzT3w4bGpzdFAxMDE0UXVjbkhZYStFVUM1dno5R0ZybEpNVENqWXU1Z01jYzNGYjU3T2NycmROVjU1cjBNbzhrclFPdWsxMzA1RmhVYnFJMTB5R2k2L1l4akE5SERPcjZOZnc3NmlWeXZKMHdqcU9NaVRwSWVvRVpoYktBQ0xxeWlhODNkSnNyWE9jOVREL2pzbEpQNURxakRFaDdWWDBDQU5KWTc4Uk81aGJhaGRMU0hXMExta0RyRHlPQXJZdDVEVEJnOS85d0F1QWV4ZndiVHdNeS9mUm9YcWEzZHhkK29Pa0RjUnY4bFJsYmxFUGZpdGRNN202N0lheFNWcHBCUmxnfA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.117.17 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Thu, 13 Mar 2025 20:49:12 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
213833
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
pubcid.min.js
secure.cdn.fastclick.net/js/pubcid/latest/ Frame 79AD 		54 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.174.84 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-174-84.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
max-age=900
content-encoding
gzip
etag
"d734-5f2f3919e751f-gzip"
expires
Thu, 13 Mar 2025 21:04:12 GMT
accept-ranges
bytes
content-length
17407
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Mon, 23 Jan 2023 19:40:17 GMT
content-type
application/javascript
server
Apache
vary
Accept-Encoding
hadron.js
cdn.hadronid.net/ Frame 79AD 		58 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Ffaces.wtf%2F&ref=https%3A%2F%2Ffaces.wtf%2F&_it=amazon&partner_id=288
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:35ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8fc7b65c78d42b3f74d3bcd0c4457de39becd0b510a78e7cbd4315ca641e389

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
public, max-age=432000
content-encoding
br
cf-cache-status
HIT
etag
W/"b0d172903a4e7356d3c5f52cc45d679c"
age
20
x-amz-request-id
30EKW3CXSWT5N57D
expires
Tue, 18 Mar 2025 20:49:12 GMT
cf-ray
91fe6587bc3e220f-MIA
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
text/javascript
last-modified
Thu, 13 Mar 2025 11:48:41 GMT
vary
Accept-Encoding
server
cloudflare
x-amz-id-2
4RIrFaaxfD+TDcC6uYxWpX9IaghtYatCwZOUwila/c0bkzhiT5xDAXkdzqEBgOl600iRD9MSwqA=
id5-api.js
cdn.id5-sync.com/api/1.0/ Frame 79AD 		104 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
643bdbfce74f2c46324a77d29a7f34aceb5856c3f0ea8201e5dffb627279c134
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"659d9d85e232f2f80b85d77e657c0aa4"
age
12
expires
Thu, 13 Mar 2025 21:49:12 GMT
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
text/javascript;charset=utf-8
last-modified
Tue, 11 Mar 2025 13:03:59 GMT
vary
Accept-Encoding
x-amz-id-2
GamGNNEfQFjj1refma9BDnsXfInljQ+QUK2A0D7IIEkxuEAbuvWuySVOE9ejqYmLeduc5iGnBIY=
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
public, max-age=3600
x-amz-request-id
75JYBGAC4XM0HFZJ
cf-ray
91fe65878f55a4f7-MIA
server
cloudflare
x-amz-server-side-encryption
AES256
launcher-stub.min.js
secure.cdn.fastclick.net/js/cnvr-launcher/latest/ Frame 79AD 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher-stub.min.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.174.84 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-174-84.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d3c286558922ca8c2c69167698cd61a8280cb03b81bb41d9bd633f80f18c274f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
max-age=900
content-encoding
gzip
etag
"38c0-5e92054540ea5-gzip"
expires
Thu, 13 Mar 2025 21:04:12 GMT
accept-ranges
bytes
content-length
5252
date
Thu, 13 Mar 2025 20:49:12 GMT
last-modified
Tue, 20 Sep 2022 18:52:26 GMT
content-type
application/javascript
server
Apache
vary
Accept-Encoding
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503100101/ 		522 KB
163 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503100101/pubads_impl.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
05e416474709940bc8116e62879dc6cd4c1791bdb3546e518513f0a6232b1103
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Origin
https://faces.wtf
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
8981837882490365656
age
35151
x-content-type-options
nosniff
expires
Fri, 13 Mar 2026 11:03:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Thu, 13 Mar 2025 11:03:21 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
167338
x-xss-protection
0
server
cafe
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202503130101/ 		64 KB
23 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202503130101/gpt
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
68897cb69ed53880c7557c4868d4f52b684a4d7d9d4b3a0d65785c9e583e3b21
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
etag
6441526524416466779
age
24475
x-content-type-options
nosniff
expires
Thu, 20 Mar 2025 14:01:17 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Thu, 13 Mar 2025 14:01:17 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23381
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202503130101"
v1
lb.eu-1-id5-sync.com/lb/ 		45 B
281 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Amsterdam, Netherlands, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
6a5fc4740483c3412454907f8a44666f5c7534ddd722a1e06901f093ec459118
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-origin
https://faces.wtf
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
application/json;charset=UTF-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
fire.js
s.cpx.to/ 		64 B
246 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.cpx.to/fire.js?pid=13058&url=https%3A%2F%2Ffaces.wtf%2F&hn_ver=95&fid=b9ccaa25-5024-4d90-a77c-f32c7ca17d5a&cdl=1391&dsp=TTD&dsp_uid=f7f272c4-ba58-4f19-bcf7-2852999b8cd8
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.207.0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-207-0.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
96b4878df8e1604830e9201e0de0bbdcf234c21b22e81c85f935ec1f7aeeee8c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://faces.wtf/

Response headers

expires
Thu, 13 Mar 2025 20:49:13 GMT
access-control-allow-origin
https://faces.wtf
content-length
64
p3p
CP="NOI DEV ADM"
date
Thu, 13 Mar 2025 20:49:13 GMT
vary
Origin
access-control-allow-credentials
true
21726375739
fundingchoicesmessages.google.com/i/ 		194 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/21726375739?ers=3
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6c9b897895ad86f6562870903e43bc500437d54ad026197e183bd57b3423c07a
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-4zbDdGH0WoMJTfBHEMibIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmLw0JBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDhOdp7dxyZw4ceedkYljaT8wvjk_LySosyk0pL8orTktNTi1KKy1KJ4IwMjUwNjQyM9A5P4AgMAGOMsHA"
content-security-policy
script-src 'report-sample' 'nonce-4zbDdGH0WoMJTfBHEMibIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
launcher.min.js
secure.cdn.fastclick.net/js/cnvr-launcher/latest/ Frame 79AD 		49 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js
Requested by
Host: secure.cdn.fastclick.net
URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher-stub.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.174.84 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-174-84.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
938c64115ce60b98ee8151d7eb28208567753f3d4ebbe0aa0f56618c555a18fb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
max-age=900
content-encoding
gzip
etag
"c4b6-5e920545406d3-gzip"
expires
Thu, 13 Mar 2025 21:04:13 GMT
accept-ranges
bytes
content-length
17042
date
Thu, 13 Mar 2025 20:49:13 GMT
last-modified
Tue, 20 Sep 2022 18:52:26 GMT
content-type
application/javascript
server
Apache
vary
Accept-Encoding
288
a.ad.gt/api/v1/u/matches/ Frame 79AD 		9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.ad.gt/api/v1/u/matches/288?_it=amazon
Requested by
Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Ffaces.wtf%2F&ref=https%3A%2F%2Ffaces.wtf%2F&_it=amazon&partner_id=288
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98a574e1a285f126faf372e7d17ed4f63e4b4912f4b12fb9a03559530c834aa8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
HIT
age
258
cross-origin-resource-policy
cross-origin
cf-ray
91fe65899bd309de-MIA
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/javascript
vary
accept-encoding
server
cloudflare
last-modified
Thu, 13 Mar 2025 20:40:07 GMT
hadron.json
id.hadron.ad.gt/v1/ Frame 79AD 		123 B
242 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=288&sync=0&domain=faces.wtf&url=https://faces.wtf/&v=06
Requested by
Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Ffaces.wtf%2F&ref=https%3A%2F%2Ffaces.wtf%2F&_it=amazon&partner_id=288
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31c018bb99912bcde508183bcb37997fb63e4ec9b9d6f1116276dea8cff8ea90

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://faces.wtf/

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
access-control-allow-methods
HEAD,GET,POST,PUT,DELETE,OPTIONS
cf-ray
91fe658968158757-MIA
access-control-allow-origin
*
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/json
server
cloudflare
access-control-allow-headers
authorization,content-type
hadron.json
id.hadron.ad.gt/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=288&sync=0&domain=faces.wtf&url=https://faces.wtf/&v=06
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://faces.wtf
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST, OPTIONS, GET
cache-control
max-age=31536000 public, no-transform
cf-cache-status
DYNAMIC
cf-ray
91fe6588ff828757-MIA
content-length
0
content-type
text/plain
date
Thu, 13 Mar 2025 20:49:13 GMT
expires
Fri, 13 Mar 2026 20:49:13 GMT
server
cloudflare
auction
tlx.3lift.com/header/ 		19 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=9.29.0&referrer=https%3A%2F%2Ffaces.wtf%2F&tmax=6000
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.233.167.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-233-167-98.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
accept-ch
sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent
access-control-allow-credentials
true
observe-browsing-topics
?1
expires
Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin
https://faces.wtf
x-auction-status
12, 12, 12
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
x-xss-protection
0
content-type
application/json; charset=utf-8
vary
Accept-Encoding
auction
elb.the-ozone-project.com/openrtb2/ 		124 B
986 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://elb.the-ozone-project.com/openrtb2/auction
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.34.190 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
debcc64e97c8a0e9241eecb25305b5b09f582c1904ed22e91e0d06ce8c975d4d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
cf-cache-status
DYNAMIC
pragma
no-cache
access-control-allow-credentials
true
cf-ray
91fe6589ad0f6dcb-MIA
expires
0
access-control-allow-origin
https://faces.wtf
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/json
vary
Origin, Accept-Encoding
server
cloudflare
prebid
mp.4dex.io/ 		51 KB
18 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66b168b2faf4d6daaac849c73e427bc9c82a27c991ed652ae5c2c3072cf5ded7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://faces.wtf/

Response headers

x-version
3.0.0-gcp-las
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
cf-cache-status
DYNAMIC
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
cf-ray
91fe6589b8c37454-MIA
expires
0
access-control-allow-origin
https://faces.wtf
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/json; charset=utf-8
vary
Origin, Accept-Encoding
server
cloudflare
fastlane.json
fastlane.rubiconproject.com/a/api/ 		25 KB
11 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13762&site_id=564650&zone_id=3686286&size_id=2%3B15%3B15&alt_size_ids=%3B8%2C10%3B8%2C10&rp_schain=1.0,1!venatus.com,6791021ba46b3a35d265db16,1,,,&eid_pubcid.org=aed0aebb-d34e-4d33-824f-53231927c1cc%5E1%5E%5E%5E%5E%5E&eid_adserver.org=f7f272c4-ba58-4f19-bcf7-2852999b8cd8%5E1%5E%5E%5E%5E%5ETDID&eid_audigent.com=0001yum0eabkba98bciae6gibddj96ldclf786khdaabackkc2jl%5E1%5E%5E%5E%5E%5E&rf=https%3A%2F%2Ffaces.wtf%2F&tg_i.domain=faces.wtf&tg_i.page=https%3A%2F%2Ffaces.wtf%2F&tg_i.pbadslot=%2F21726375739%2Ffaces.wtf_1098%2Fhorizontalsticky_6652%23c6652_p0_0_0%3B%2F21726375739%2Ffaces.wtf_1098%2Fdoublempu_6654%23c6654_p3_0_0%3B%2F21726375739%2Ffaces.wtf_1098%2Fdoublempu_6654%23c6654_p4_0_0&tk_flint=pbjs_lite_v9.29.0&x_source.tid=0&l_pb_bid_id=15f37326fcb71fb%3B16ac2425a6b91a%3B1755949c1587619&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=dfbf2200-636a-420e-9ce8-7935208af9f9%3Be4921144-e649-4194-8f18-66ef9d6aa293%3B94e4781a-4b79-4216-b4d9-d722c2962acb&rp_maxbids=1&p_gpid=%2F21726375739%2Ffaces.wtf_1098%2Fhorizontalsticky_6652%23c6652_p0_0_0%3B%2F21726375739%2Ffaces.wtf_1098%2Fdoublempu_6654%23c6654_p3_0_0%3B%2F21726375739%2Ffaces.wtf_1098%2Fdoublempu_6654%23c6654_p4_0_0&m_ch_mobile=%3F0&slots=3&rand=0.19769454687440424
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
04467d03fa439c06f6239cad9cbb0d99ceaf06baf17d99054e34e3ca142ca90e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://faces.wtf
date
Thu, 13 Mar 2025 20:49:14 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
bid
aax.amazon-adsystem.com/e/dtb/ Frame 79AD 		187 B
506 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Ffaces.wtf%2F&pid=SRO5URZ1GqRh3&cb=0&ws=0x0&v=25.310.1952&t=6000&slots=%5B%7B%22sd%22%3A%22c6652_p0_0_0%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2Ffaces.wtf_1098%2Fhorizontalsticky_6652%21pid%3A6652%21ab%3Afalse%22%7D%2C%7B%22sd%22%3A%22c6654_p3_0_0%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2Ffaces.wtf_1098%2Fdoublempu_6654%21pid%3A6654%21ab%3Afalse%22%7D%2C%7B%22sd%22%3A%22c6654_p4_0_0%22%2C%22s%22%3A%5B%22120x600%22%2C%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2Ffaces.wtf_1098%2Fdoublempu_6654%21pid%3A6654%21ab%3Afalse%22%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22source%22%3A2%2C%22platform%22%3A%7B%22brand%22%3A%22%22%2C%22version%22%3A%5B%22%22%5D%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&schain=1.0%2C1%21venatus.com%2C6791021ba46b3a35d265db16%2C1%2C%2C%2C&sm=c295d10d-b039-4ed9-b4c3-ad45160d97fa&pubid=70247b00-ff8f-4016-b3ab-8344daf96e09&gdprl=%7B%22status%22%3A%22no-cmp%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%220001yum0eabkba98bciae6gibddj96ldclf786khdaabackkc2jl%22%2C%22pubcommon%22%3A%220aabf766-a6f1-4cce-95fa-3557985d34c3%22%7D%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.63.180 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-63-180.jfk52.r.cloudfront.net
Software
Server /
Resource Hash
e33a68179dc0a04fe7c40755e6ae9af5df1bad48eb19e168f09b8ccfaf92b5fd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
access-control-allow-credentials
true
via
1.1 8df8d5dfeb782c83ceeb5679f78a9e4e.cloudfront.net (CloudFront)
access-control-allow-origin
https://faces.wtf
x-cache
Miss from cloudfront
content-length
177
x-amz-cf-id
yj1nJAtRqydDTe8AYkaSIZnI2qhqZmgteY_JEtSgE464oRRMuRjqkA==
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
text/javascript;charset=UTF-8
x-amz-cf-pop
JFK52-P4
server
Server
c
prebid.a-mo.net/a/ 		830 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.65.199 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
omni-ny5-kmsweo
Software
envoy /
Resource Hash
5b3fa65cab2a594ffe6e5c78e709bfe5aca419dc159a55ae2fc9289f845b0a73

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://faces.wtf/

Response headers

cache-control
max-age=0, private, must-revalidate
content-encoding
gzip
x-envoy-upstream-service-time
32
access-control-allow-credentials
true
access-control-allow-origin
https://faces.wtf
content-length
440
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/json; charset=utf-8
vary
origin, accept-encoding
server
envoy
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		536 B
707 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Ffaces.wtf%2F&PageUrl=https%3A%2F%2Ffaces.wtf%2F&PageReferrer=https%3A%2F%2Ffaces.wtf%2F
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.212.18.61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
61.18.212.35.bc.googleusercontent.com
Software
fasthttp /
Resource Hash
b507c301121d1c7c7adfeacca7bdb7e29532b2951e6ea29c0d27715a4e1b6cbb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://faces.wtf/

Response headers

access-control-max-age
3600
content-encoding
gzip
access-control-allow-methods
OPTIONS, POST
x-kong-proxy-latency
0
p3p
CP="CAO PSA OUR"
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
x-kong-request-id
a9b1052c02928e35bc42df032bf6a263
access-control-allow-credentials
true
via
kong/3.6.1
x-kong-upstream-latency
129
access-control-allow-origin
https://faces.wtf
content-length
202
server
fasthttp
bidder
pbs.optidigital.com/ 		0
248 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.optidigital.com/bidder
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.72.119 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
119.72.160.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
observe-browsing-topics
?1
via
1.1 google
expires
0
access-control-allow-origin
https://faces.wtf
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:49:13 GMT
x-prebid
pbs-go/33.6.3
content-type
application/json
vary
Accept-Encoding,Origin
67a4896ec9e7b6fa3e59147c
exchange.kueezrtb.com/prebid/multi/ 		0
804 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/67a4896ec9e7b6fa3e59147c
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
152.42.155.191 New York, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://faces.wtf/

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
access-control-allow-origin
https://faces.wtf
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
date
Thu, 13 Mar 2025 20:49:14 GMT
vary
Accept-Encoding
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
67a4896ec9e7b6fa3e59147c
exchange.kueezrtb.com/prebid/multi/ 		0
874 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/67a4896ec9e7b6fa3e59147c
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
152.42.155.191 New York, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://faces.wtf/

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
access-control-allow-origin
https://faces.wtf
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
date
Thu, 13 Mar 2025 20:49:13 GMT
vary
Accept-Encoding
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
67a4896ec9e7b6fa3e59147c
exchange.kueezrtb.com/prebid/multi/ 		0
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/67a4896ec9e7b6fa3e59147c
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
152.42.155.191 New York, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://faces.wtf/

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
access-control-allow-origin
https://faces.wtf
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
date
Thu, 13 Mar 2025 20:49:13 GMT
vary
Accept-Encoding
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
hb-multi
hb.yellowblue.io/ 		83 B
622 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.yellowblue.io/hb-multi
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.102.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-102-9.jfk52.r.cloudfront.net
Software
istio-envoy /
Resource Hash
d7ce1f47a8ac0f54005a4e057ed5dfb88eed87e648d29e3a69ec24b9b79e2d77

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
x-envoy-upstream-service-time
1
access-control-allow-credentials
true
access-control-allow-methods
GET, OPTIONS
via
1.1 484143b810d1d7dffb3cb751b952d57a.cloudfront.net (CloudFront)
access-control-allow-origin
https://faces.wtf
x-cache
Miss from cloudfront
content-length
108
x-amz-cf-id
TijvVJJMacoW7DvrhFKMh_Wmp49hN62StO_AspzVtC1KDTEea9LSfg==
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/json
x-amz-cf-pop
JFK52-P6
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
launcher
proc.ad.cpe.dotomi.com/cvx/client/direct/ Frame 79AD 		190 B
458 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://proc.ad.cpe.dotomi.com/cvx/client/direct/launcher?version=1.1.1&lid=681
Requested by
Host: secure.cdn.fastclick.net
URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:ae80:1471:1b::1780 , United States, ASN26762 (CNVR-US-EAST, US),
Reverse DNS
Software
nginx /
Resource Hash
71f0c958e33905cb028dfd76ff7fcffa9d57a260845594e84d116530e3f80a36

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
max-age=1800
accept-ch
Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials
true
expires
Thu, 13 Mar 2025 21:19:13 GMT
access-control-allow-origin
https://faces.wtf
content-length
190
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/json
vary
Origin
server
nginx
258.json
id5-sync.com/g/v2/ 		853 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/258.json
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Amsterdam, Netherlands, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
9ae506154e8165dd7bbef817a4e7546f040c99ea84d03ed556a0ae8a991f33cb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://faces.wtf/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
expires
Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin
https://faces.wtf
p3p
CP="CAO PSA OUR"
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/json
vary
Origin
288
p.ad.gt/api/v1/p/ Frame 79AD 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p.ad.gt/api/v1/p/288
Requested by
Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/288?_it=amazon
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad5c8c3bdc03a133b100130b6973dcb72acfc5eabcd057be87c9ea9e68cbf4ab

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
HIT
age
84
cf-ray
91fe658b9b8c334f-MIA
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/javascript
vary
accept-encoding
server
cloudflare
last-modified
Thu, 13 Mar 2025 20:46:32 GMT
halo_match
ids.ad.gt/api/v1/ Frame 79AD 		43 B
170 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/halo_match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&halo_id=060ixebju6a65biadi88iccakgkk6hgfhk8uomgwi0e0ygueku44uiieyqyy0sqos
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cf-ray
91fe658bdafda69b-MIA
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
image/gif
server
cloudflare
ip_match
ids4.ad.gt/api/v1/ Frame 79AD 		0
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids4.ad.gt/api/v1/ip_match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.191.70.79 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-191-70-79.us-west-2.compute.amazonaws.com
Software
timberwolf /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-length
0
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
text/html; charset=utf-8
server
timberwolf
match
ids.ad.gt/api/v1/ Frame 79AD
Redirect Chain
  • https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&adnxs_id=$UID&gdpr=0
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3DAU1D-0100-001741898953-EIBAPF3G-CJXT%26adnxs_id%3D%24UID%26gdpr%3D0
  • https://ids.ad.gt/api/v1/match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&adnxs_id=4240468663692882447&gdpr=0
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&adnxs_id=4240468663692882447&gdpr=0
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cf-ray
91fe658d5cdda69b-MIA
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
image/gif
server
cloudflare

Redirect headers

cache-control
no-store, no-cache, private
location
https://ids.ad.gt/api/v1/match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&adnxs_id=4240468663692882447&gdpr=0
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
38.132.118.75; 38.132.118.75; 1040.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; *.adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
c6c087e2-545a-4f41-8cb1-57c0c00a823d
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Thu, 13 Mar 2025 20:49:13 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
openx
ids.ad.gt/api/v1/ Frame 79AD
Redirect Chain
  • https://u.openx.net/w/1.0/cm?id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3DAU1D-0100-001741898953-EIBAPF3G-CJXT%26auid%3DAU...
  • https://u.openx.net/w/1.0/cm?cc=1&id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3DAU1D-0100-001741898953-EIBAPF3G-CJXT%26auid...
  • https://ids.ad.gt/api/v1/openx?openx_id=65dbebb1-3a93-4537-b529-cabaa4485c66&id=AU1D-0100-001741898953-EIBAPF3G-CJXT&auid=AU1D-0100-001741898953-EIBAPF3G-CJXT
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/openx?openx_id=65dbebb1-3a93-4537-b529-cabaa4485c66&id=AU1D-0100-001741898953-EIBAPF3G-CJXT&auid=AU1D-0100-001741898953-EIBAPF3G-CJXT
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cf-ray
91fe658c2b83a69b-MIA
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
image/gif
server
cloudflare

Redirect headers

cache-control
private, max-age=0, no-cache
location
https://ids.ad.gt/api/v1/openx?openx_id=65dbebb1-3a93-4537-b529-cabaa4485c66&id=AU1D-0100-001741898953-EIBAPF3G-CJXT&auid=AU1D-0100-001741898953-EIBAPF3G-CJXT
pragma
no-cache
x-forwarded-for
38.132.118.75
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 13 Mar 2025 20:49:12 GMT
content-type
image/gif
vary
Accept, Accept-Encoding
pbm_match
ids.ad.gt/api/v1/ Frame 79AD
Redirect Chain
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001741898953-EIBAPF3G-CJXT
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001741898953-EIBAPF3G-CJXT
  • https://ids.ad.gt/api/v1/pbm_match?pbm=8255A0EB-E98C-4BA0-AD19-90E39EB92532&id=AU1D-0100-001741898953-EIBAPF3G-CJXT
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/pbm_match?pbm=8255A0EB-E98C-4BA0-AD19-90E39EB92532&id=AU1D-0100-001741898953-EIBAPF3G-CJXT
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cf-ray
91fe658cdc30a69b-MIA
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
image/gif
server
cloudflare

Redirect headers

cache-control
no-store, no-cache, private
location
https://ids.ad.gt/api/v1/pbm_match?pbm=8255A0EB-E98C-4BA0-AD19-90E39EB92532&id=AU1D-0100-001741898953-EIBAPF3G-CJXT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Thu, 13 Mar 2025 20:49:11 GMT
server
nginx
token
token.rubiconproject.com/ Frame 79AD 		0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/token?pid=50242&puid=AU1D-0100-001741898953-EIBAPF3G-CJXT&gdpr=0
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.146.5 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
1e5551a43c15a2a2988f4ec71599119f
Pragma
no-cache
t_match
ids.ad.gt/api/v1/ Frame 79AD
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001741898953-EIBAPF3G-CJXT&gdpr=0
  • https://ids.ad.gt/api/v1/t_match?tdid=f7f272c4-ba58-4f19-bcf7-2852999b8cd8&id=AU1D-0100-001741898953-EIBAPF3G-CJXT
43 B
94 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/t_match?tdid=f7f272c4-ba58-4f19-bcf7-2852999b8cd8&id=AU1D-0100-001741898953-EIBAPF3G-CJXT
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cf-ray
91fe658bdb01a69b-MIA
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
image/gif
server
cloudflare

Redirect headers

location
https://ids.ad.gt/api/v1/t_match?tdid=f7f272c4-ba58-4f19-bcf7-2852999b8cd8&id=AU1D-0100-001741898953-EIBAPF3G-CJXT
content-length
259
date
Thu, 13 Mar 2025 20:49:13 GMT
server
Kestrel
tapad_match
ids.ad.gt/api/v1/ Frame 79AD
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3185&partner_device_id=AU1D-0100-001741898953-EIBAPF3G-CJXT&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001741898953...
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3185&partner_device_id=AU1D-0100-001741898953-EIBAPF3G-CJXT&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001741...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=7b808386-ded4-4fa0-9901-37f48422813b%252Chttps%25253A%25252F%25252Fids.ad.gt%25252Fapi%25252Fv1%25252Ftapad_match%25253Fi...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=f7f272c4-ba58-4f19-bcf7-2852999b8cd8&ttd_puid=7b808386-ded4-4fa0-9901-37f48422813b%2Chttps%253A%252F%252Fids.ad.gt%252Fap...
  • https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&tapad_id=7b808386-ded4-4fa0-9901-37f48422813b
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&tapad_id=7b808386-ded4-4fa0-9901-37f48422813b
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cf-ray
91fe658d4cb2a69b-MIA
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
image/gif
server
cloudflare

Redirect headers

strict-transport-security
max-age=31536000
location
https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&tapad_id=7b808386-ded4-4fa0-9901-37f48422813b
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
0
date
Thu, 13 Mar 2025 20:49:13 GMT
server
Jetty(11.0.24)
pixel
cm.g.doubleclick.net/ Frame 79AD 		170 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001741898953-EIBAPF3G-CJXT
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.165.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lax30s03-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Thu, 13 Mar 2025 20:49:13 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)
amo_match
ids.ad.gt/api/v1/ Frame 79AD
Redirect Chain
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODI0MTY1OC90LzA/url/https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Famo_match%3Fturn_id%3D%24!%7BTURN_UUID%7D%26id%3DAU1D-0100-001741898953-EIBAPF3G-CJXT
  • https://ids.ad.gt/api/v1/amo_match?turn_id=7017034605181824636&id=AU1D-0100-001741898953-EIBAPF3G-CJXT
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/amo_match?turn_id=7017034605181824636&id=AU1D-0100-001741898953-EIBAPF3G-CJXT
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cf-ray
91fe658c6bc1a69b-MIA
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
image/gif
server
cloudflare

Redirect headers

cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
location
https://ids.ad.gt/api/v1/amo_match?turn_id=7017034605181824636&id=AU1D-0100-001741898953-EIBAPF3G-CJXT
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
content-length
0
pragma
no-cache
date
Thu, 13 Mar 2025 20:49:08 GMT
son_match
ids.ad.gt/api/v1/ Frame 79AD
Redirect Chain
  • https://sync.go.sonobi.com/us?https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&uid=[UID]&gdpr=0
  • https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&uid=e4c0b503-d2ff-4105-b499-91ca4139a2d6&gdpr=0
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&uid=e4c0b503-d2ff-4105-b499-91ca4139a2d6&gdpr=0
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cf-ray
91fe658dad38a69b-MIA
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
image/gif
server
cloudflare

Redirect headers

cache-control
no-cache, no-store, private
location
https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001741898953-EIBAPF3G-CJXT&uid=e4c0b503-d2ff-4105-b499-91ca4139a2d6&gdpr=0
pragma
no-cache
expires
Sat, 26 Jul 1997 05:00:00 GMT
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date
Thu, 13 Mar 2025 20:49:13 GMT
tcn
Choice
content-type
text/plain; charset=utf8
vary
negotiate,Accept-Encoding
server
sonobi-go
x-go-server
go-iad-2-6-202
x-xss-protection
0
pixel
cm.g.doubleclick.net/ Frame 79AD
Redirect Chain
  • https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001741898953-EIBAPF3G-CJXT
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTc0MTg5ODk1My1FSUJBUEYzRy1DSlhU
170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTc0MTg5ODk1My1FSUJBUEYzRy1DSlhU
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
172.217.165.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lax30s03-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Thu, 13 Mar 2025 20:49:13 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

cf-ray
91fe658beb1aa69b-MIA
location
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTc0MTg5ODk1My1FSUJBUEYzRy1DSlhU
cf-cache-status
DYNAMIC
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
text/html; charset=utf-8
vary
accept-encoding
server
cloudflare
sync
s.cpx.to/
Redirect Chain
  • https://pixel.rubiconproject.com/token?pid=34010&customParamenters
  • https://s.cpx.to/sync?dsp=rubicon&dsp_uid=M87TNUK5-15-JGCE&customParamenters=
0
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp=rubicon&dsp_uid=M87TNUK5-15-JGCE&customParamenters=
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
52.18.207.0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-207-0.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

date
Thu, 13 Mar 2025 20:49:13 GMT
expires
Thu, 13 Mar 2025 20:49:13 GMT
p3p
CP="NOI DEV ADM"

Redirect headers

Expires
0
Cache-Control
no-cache,no-store,must-revalidate
Location
https://s.cpx.to/sync?dsp=rubicon&dsp_uid=M87TNUK5-15-JGCE&customParamenters=
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
1e5551a43c15a2a2988f4ec71599119f
Pragma
no-cache
content-length
0
sync
s.cpx.to/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&google_tc=
  • https://s.cpx.to/sync?dsp_uid=CAESEC04iH2Lg5h0oWMSxSUVAZo&dsp=dbm&google_cver=1
0
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp_uid=CAESEC04iH2Lg5h0oWMSxSUVAZo&dsp=dbm&google_cver=1
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
52.18.207.0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-207-0.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

date
Thu, 13 Mar 2025 20:49:13 GMT
expires
Thu, 13 Mar 2025 20:49:13 GMT
p3p
CP="NOI DEV ADM"

Redirect headers

cache-control
no-cache, must-revalidate
location
https://s.cpx.to/sync?dsp_uid=CAESEC04iH2Lg5h0oWMSxSUVAZo&dsp=dbm&google_cver=1
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
284
date
Thu, 13 Mar 2025 20:49:13 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
sync
s.cpx.to/
Redirect Chain
  • https://u.openx.net/w/1.0/cm?id=f0f39a70-2c21-4d5d-af4b-7350637edcd5&r=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3DOPENX%26dsp_uid%3D%7BOPENX_ID%7D
  • https://s.cpx.to/sync?dsp=OPENX&dsp_uid=0ca6dec7-8fb7-46c4-8444-2646b2a08ce0
0
212 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp=OPENX&dsp_uid=0ca6dec7-8fb7-46c4-8444-2646b2a08ce0
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
52.18.207.0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-207-0.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

date
Thu, 13 Mar 2025 20:49:13 GMT
expires
Thu, 13 Mar 2025 20:49:13 GMT
p3p
CP="NOI DEV ADM"

Redirect headers

cache-control
private, max-age=0, no-cache
location
https://s.cpx.to/sync?dsp=OPENX&dsp_uid=0ca6dec7-8fb7-46c4-8444-2646b2a08ce0
pragma
no-cache
x-forwarded-for
38.132.118.75
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
image/gif
vary
Accept, Accept-Encoding
fire.js
s.cpx.to/
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Ffire.js%3Fdsp%3Dapp_nexus%26dsp_uid%3D%24UID%26pid%3D13058%26url%3Dhttps%253A%252F%252Ffaces.wtf%252F%26hn_ver%3D95%26fid%3Db9ccaa25-5024-4d...
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Ffire.js%253Fdsp%253Dapp_nexus%2526dsp_uid%253D%2524UID%2526pid%253D13058%2526url%253Dhttps%25253A%25252F%25252Ffaces.wtf...
  • https://s.cpx.to/fire.js?dsp=app_nexus&dsp_uid=4240468663692882447&pid=13058&url=https%3A%2F%2Ffaces.wtf%2F&hn_ver=95&fid=b9ccaa25-5024-4d90-a77c-f32c7ca17d5a&cdl=1391&dsp=TTD&dsp_uid=f7f272c4-ba58...
48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/fire.js?dsp=app_nexus&dsp_uid=4240468663692882447&pid=13058&url=https%3A%2F%2Ffaces.wtf%2F&hn_ver=95&fid=b9ccaa25-5024-4d90-a77c-f32c7ca17d5a&cdl=1391&dsp=TTD&dsp_uid=f7f272c4-ba58-4f19-bcf7-2852999b8cd8
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
52.18.207.0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-207-0.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

expires
Thu, 13 Mar 2025 20:49:13 GMT
p3p
CP="NOI DEV ADM"
content-length
48
date
Thu, 13 Mar 2025 20:49:13 GMT

Redirect headers

cache-control
no-store, no-cache, private
location
https://s.cpx.to/fire.js?dsp=app_nexus&dsp_uid=4240468663692882447&pid=13058&url=https%3A%2F%2Ffaces.wtf%2F&hn_ver=95&fid=b9ccaa25-5024-4d90-a77c-f32c7ca17d5a&cdl=1391&dsp=TTD&dsp_uid=f7f272c4-ba58-4f19-bcf7-2852999b8cd8
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
38.132.118.75; 38.132.118.75; 1040.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; *.adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
dc8ab5a8-a461-42d0-9fa0-b050911fbf7f
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Thu, 13 Mar 2025 20:49:13 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
sync
s.cpx.to/
Redirect Chain
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID
  • https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=8255A0EB-E98C-4BA0-AD19-90E39EB92532
0
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=8255A0EB-E98C-4BA0-AD19-90E39EB92532
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
52.18.207.0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-207-0.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

date
Thu, 13 Mar 2025 20:49:13 GMT
expires
Thu, 13 Mar 2025 20:49:13 GMT
p3p
CP="NOI DEV ADM"

Redirect headers

cache-control
no-store, no-cache, private
location
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=8255A0EB-E98C-4BA0-AD19-90E39EB92532
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Thu, 13 Mar 2025 16:29:22 GMT
server
nginx
bounce
id5-sync.com/ Frame 79AD 		30 B
227 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/bounce
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Amsterdam, Netherlands, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
b04cd869cfd41a48c006458f71969a0eb26f33fec12f3cfe00408f8b73bf3ff8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-origin
https://faces.wtf
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
text/plain;charset=utf-8
vary
Origin
access-control-allow-credentials
true
v1
lb.eu-1-id5-sync.com/lb/ Frame 79AD 		45 B
280 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Amsterdam, Netherlands, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
d08cf478a319bf5771a4439d90bc124afa889c987f07649b3624a8c1a5771d98
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-origin
https://faces.wtf
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/json;charset=UTF-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
AGSKWxV1746pb0KrnSq4-pGicmX7lp7OkiR3YRcqftaWN0gJcjHdj1QI38EzGtl7di_ARXpTOYEcixLuZKQhFP0JKAqvDN3wmb_B00DwXWM9Jke9QgbCBykvHwBUMGUG6-R17ziqRyrOqw==
fundingchoicesmessages.google.com/f/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxV1746pb0KrnSq4-pGicmX7lp7OkiR3YRcqftaWN0gJcjHdj1QI38EzGtl7di_ARXpTOYEcixLuZKQhFP0JKAqvDN3wmb_B00DwXWM9Jke9QgbCBykvHwBUMGUG6-R17ziqRyrOqw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQxODk4OTUzLDUxMDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9mYWNlcy53dGYvIixudWxsLFtbOCwibk1sZEhQa09SdG8iXSxbOSwiZW4tVVMiXSxbMTksIjIiXSxbMTcsIlswXSJdLFsyNCwiIl1dXQ
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
345341a4cd0e74bf33c98c4008e6a30d09d80a3df16297491372509782e1eddb
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-lEjW37cRopdQQdPKsyPW-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw1pBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDhOdp7dxyYw49PCmUxKGkn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUXxRgZGpgbGhkZ6BibxBQYACe8r0Q"
content-security-policy
script-src 'report-sample' 'nonce-lEjW37cRopdQQdPKsyPW-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 33ED 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
487
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
28645
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 13 Mar 2025 20:41:06 GMT
expires
Thu, 13 Mar 2025 21:31:06 GMT
last-modified
Mon, 10 Mar 2025 19:43:53 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		1 KB
652 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2251639934806154&correlator=3966955434843958&eid=31086815%2C31089438%2C31090849%2C31090921%2C31090457%2C83321072&output=ldjh&gdfp_req=1&vrg=202503100101&ptt=17&impl=fifs&gdpr=0&iu_parts=21726375739%3A22803128949%2Cfaces.wtf_1098%2Cinterstitial_6655&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=1&dids=gpt_unit_%2F21726375739%2C22803128&sfv=1-0-41&ists=1&fas=8&fsapi=1&sc=1&cookie_enabled=1&abxe=1&dt=1741898953533&lmt=1741898953&adxs=-9&adys=-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Ffaces.wtf%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1741898951593&idt=1412&prev_scp=is_ta%3Dtrue&adks=2760306691&frm=20&eoidce=1&td=1&egid=9797&tan=a4a20710-45a8-4a5a-8543-4cc41e620392&tdf=2
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
a93870aedbdd3ce72ce30cdd5e609e7ad8800410064affdbf35f4bb6d927d469
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
dcb
google-lineitem-id
-2
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
-2
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://faces.wtf
content-length
621
x-xss-protection
0
server
cafe
container.html
49df8c7b726f1f5265a4f8982841a893.safeframe.googlesyndication.com/safeframe/1-0-41/html/ Frame 81CB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://49df8c7b726f1f5265a4f8982841a893.safeframe.googlesyndication.com/safeframe/1-0-41/html/container.html
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.161 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f1.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3024
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 13 Mar 2025 20:49:13 GMT
expires
Thu, 13 Mar 2025 20:49:13 GMT
last-modified
Thu, 30 Jan 2025 19:28:58 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pubads_impl_page_level_ads.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503100101/ 		54 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202503100101/pubads_impl_page_level_ads.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
dc27178575bb6b33ccbc865ecb1e2d8a016632a15ad89c56f1fe5e5805958684
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
8374412641689180609
age
34245
x-content-type-options
nosniff
expires
Fri, 13 Mar 2026 11:18:28 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Thu, 13 Mar 2025 11:18:28 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
16843
x-xss-protection
0
server
cafe
coreid.min.js
secure.cdn.fastclick.net/js/cnvr-coreid/latest/ Frame 79AD 		229 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.cdn.fastclick.net/js/cnvr-coreid/latest/coreid.min.js
Requested by
Host: secure.cdn.fastclick.net
URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.174.84 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-174-84.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
eb87c0447bd19366919bdb8913f775caca732ac31cbc5e5d42e4db5df39437ce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
max-age=900
content-encoding
gzip
etag
"394d0-60864a57eaadc-gzip"
expires
Thu, 13 Mar 2025 21:04:13 GMT
accept-ranges
bytes
content-length
67550
date
Thu, 13 Mar 2025 20:49:13 GMT
last-modified
Mon, 23 Oct 2023 16:23:46 GMT
content-type
application/javascript
server
Apache
vary
Accept-Encoding
js
www.googletagmanager.com/gtag/ Frame 79AD 		302 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-FVWZ0RM4DH&l=audDataLayer
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/288
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
171b605037ea845a6dc974023208cb4ec1b6677044bae8b8ee7fe63883465a98
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
expires
Thu, 13 Mar 2025 20:49:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1020:0
content-length
108185
x-xss-protection
0
server
Google Tag Manager
match
seg.ad.gt/api/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://seg.ad.gt/api/v2/match
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://faces.wtf
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
*
access-control-allow-origin
*
allow
POST
cf-cache-status
DYNAMIC
cf-ray
91fe658d5f7909ba-MIA
date
Thu, 13 Mar 2025 20:49:13 GMT
server
cloudflare
vary
origin, access-control-request-method, access-control-request-headers
collect
a.ad.gt/api/v1/ Frame 79AD 		0
88 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.ad.gt/api/v1/collect
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/288
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-type
text/plain
Referer
https://faces.wtf/

Response headers

cf-ray
91fe658bff1b09de-MIA
access-control-allow-origin
https://faces.wtf
cf-cache-status
DYNAMIC
date
Thu, 13 Mar 2025 20:49:13 GMT
vary
Origin
server
cloudflare
access-control-allow-credentials
true
getpixels
pixels.ad.gt/api/v1/ Frame 79AD 		0
88 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pixels.ad.gt/api/v1/getpixels?tagger_id=6cd7e8787c26399ffd0e58d50b69abdc&url=https%3A%2F%2Ffaces.wtf%2F&code=%27none%27
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/288
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cf-ray
91fe658d5f0c0861-MIA
cf-cache-status
DYNAMIC
date
Thu, 13 Mar 2025 20:49:13 GMT
server
cloudflare
match
seg.ad.gt/api/v2/ Frame 79AD 		408 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://seg.ad.gt/api/v2/match
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/288
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f58a6097516f39ed272a6d5f69a98558189343883722abe060227c85cf32ca4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://faces.wtf/

Response headers

access-control-expose-headers
*
content-encoding
br
cf-cache-status
DYNAMIC
cf-ray
91fe658e590809ba-MIA
access-control-allow-origin
*
date
Thu, 13 Mar 2025 20:49:14 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers, accept-encoding
server
cloudflare
v3
id5-sync.com/gm/ Frame 79AD 		921 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/gm/v3
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Amsterdam, Netherlands, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
eed4abf92c55010a8ecf6c603acc1c4979e1bf8c5326e1c5875c58beea263827
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://faces.wtf/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
expires
Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin
https://faces.wtf
p3p
CP="CAO PSA OUR"
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/json
vary
Origin
iu3
s.amazon-adsystem.com/ Frame 86DD
Redirect Chain
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-mediagrid_n-Ogury_rx_snb_n-MediaNet_smrt_n-inmobi_n-adYouLike_n-smaato_rbd_an-db5_3lift
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-mediagrid_n-Ogury_rx_snb_n-MediaNet_smrt_n-inmobi_n-adYouLike_n-smaato_rbd_an-db5_3lift&dcc=t
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-mediagrid_n-Ogury_rx_snb_n-MediaNet_smrt_n-inmobi_n-adYouLike_n-smaato_rbd_an-db5_3lift&dcc=t
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
98.82.156.207 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-98-82-156-207.compute-1.amazonaws.com
Software
Server /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
357
Content-Type
text/html;charset=ISO-8859-1
Date
Thu, 13 Mar 2025 20:49:13 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
7B76043RDCB0YP0735Z9

Redirect headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Date
Thu, 13 Mar 2025 20:49:13 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-mediagrid_n-Ogury_rx_snb_n-MediaNet_smrt_n-inmobi_n-adYouLike_n-smaato_rbd_an-db5_3lift&dcc=t
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
BSYJGY0X6B76DGRDDEMN
AGSKWxXiOehIZmkrjrVsv2bAJZNySKvilZUOvZ3mO3fm2_lhcuPCcc7DA9AI15Zvdw8j0HYjbHsP6ciIRwqordWC4-1gz3tnrmgxqYJZhZtoxGPZoB_02HUYhTlIpwYvIAoV1B4RRjGGaA==
fundingchoicesmessages.google.com/f/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXiOehIZmkrjrVsv2bAJZNySKvilZUOvZ3mO3fm2_lhcuPCcc7DA9AI15Zvdw8j0HYjbHsP6ciIRwqordWC4-1gz3tnrmgxqYJZhZtoxGPZoB_02HUYhTlIpwYvIAoV1B4RRjGGaA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQxODk4OTUzLDYzOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuLUdCIl0sImh0dHBzOi8vZmFjZXMud3RmLyIsbnVsbCxbWzgsIm5NbGRIUGtPUnRvIl0sWzksImVuLVVTIl0sWzE5LCIyIl0sWzE3LCJbMF0iXSxbMjQsIiJdXV0
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.174 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f14.1e100.net
Software
ESF /
Resource Hash
3fc92d4454cbec48155e127c71cdbc3223dd186c1cf92faf9ceac9c0ce339c0b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-YkCddCahPU1TytCMlktoWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:49:13 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw0pBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDhOdp7dxyaw48TxM0xKGkn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUXxRgZGpgbGhkZ6BibxBQYAF0ksHw"
content-security-policy
script-src 'report-sample' 'nonce-YkCddCahPU1TytCMlktoWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
264.gif
id5-sync.com/k/ Frame 79AD
Redirect Chain
  • https://id5-sync.com/i/258/8.gif?o=api&id5id=ID5*konx_AiLKoSEYHOrxPwIv_V5Gu7rAq6EWfo_VZ86izwCreGa_Xu9Ebw3stIV9iSz&gdpr_consent=undefined&gdpr=false
  • https://match.prod.bidr.io/cookie-sync/id5?us_privacy=
  • https://match.prod.bidr.io/cookie-sync/id5?us_privacy=&_bee_ppp=1
  • https://id5-sync.com/k/155.gif?puid=AACwp07PpooAABvauAIGtw&id5AccountNum=155&numCascadesAllowed=9
  • https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F258%2F203%2F6%2F3.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D0%26gdpr_consent%3D
  • https://id5-sync.com/c/258/203/6/3.gif?puid=402f6467-b4f1-400e-b69a-0ea59db406ce&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F258%2F108%2F5%2F4.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_con...
  • https://id5-sync.com/c/258/108/5/4.gif?puid=7b808386-ded4-4fa0-9901-37f48422813b&gdpr=0&gdpr_consent=
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fid5-sync.com%2Fc%2F258%2F434%2F4%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&consent=
  • https://id5-sync.com/c/258/434/4/5.gif?puid=e4c0b503-d2ff-4105-b499-91ca4139a2d6&gdpr=0&gdpr_consent=
  • https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-5c01r2HrSSOKsmZjFslyUpPbI0zob0n-EP6YONBK8Q&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F258%2F124%2F3%2F6.gif%3Fpuid%3...
  • https://ice.360yield.com/ul_cb/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-5c01r2HrSSOKsmZjFslyUpPbI0zob0n-EP6YONBK8Q&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F258%2F124%2F3%2F6.gif%3F...
  • https://id5-sync.com/cq/258/124/3/6.gif?puid=f4892ac6-d577-4372-9a12-2ac1476d9397&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=85&3pid=AACwp07PpooAABvauAIGtw&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F258%2F1241%2F2%2F7.gif%3Fpuid%3D%5BSOVRNID%5D%26gdpr%3D0%26g...
  • https://id5-sync.com/c/258/1241/2/7.gif?puid=KUihALZHgTw-C69LTc-pkxE4&gdpr=0&gdpr_consent=
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=id5&cspid=18&cb=&redirect=https%3A%2F%2Fid5-sync.com%2Fc%2F258%2F796%2F1%2F8.gif%3Fpuid%3D%24%7BADELPHIC_CUID%7D%26gdpr%3D0%26gdpr_consent...
  • https://id5-sync.com/c/258/796/1/8.gif?puid=519b468e-5426-4604-b143-04047cdb1286&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://id5-sync.com/k/264.gif?puid=f7f272c4-ba58-4f19-bcf7-2852999b8cd8&ttl=%%TTL%%
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/k/264.gif?puid=f7f272c4-ba58-4f19-bcf7-2852999b8cd8&ttl=%%TTL%%
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
162.19.138.120 Amsterdam, Netherlands, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
p3p
CP="CAO PSA OUR"
date
Thu, 13 Mar 2025 20:49:17 GMT
content-type
image/gif;charset=UTF-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers

Redirect headers

location
https://id5-sync.com/k/264.gif?puid=f7f272c4-ba58-4f19-bcf7-2852999b8cd8&ttl=%%TTL%%
content-length
199
date
Thu, 13 Mar 2025 20:49:17 GMT
server
Kestrel
placementscape
edge.venatusmedia.com/ 		0
208 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://edge.venatusmedia.com/placementscape?u=603987fb-10c7-4a79-ab1a-2f2d52f9a11c
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.42.134.208 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
208.134.42.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-allow-origin
https://faces.wtf
date
Thu, 13 Mar 2025 20:49:13 GMT
x-envoy-upstream-service-time
0
content-type
application/json
server
istio-envoy
access-control-allow-credentials
true
join-ad-interest-groups.html
proton.ad.gt/ Frame C107 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://proton.ad.gt/join-ad-interest-groups.html
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/288
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
ad-auction-allowed
true
age
3024
apigw-requestid
HYPpaiDXPHcEJ4g=
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
91fe6590db72749f-MIA
content-encoding
br
content-type
text/html
date
Thu, 13 Mar 2025 20:49:14 GMT
last-modified
Thu, 13 Mar 2025 19:06:10 GMT
server
cloudflare
supports-loading-mode
fenced-frame
vary
Accept-Encoding
ads
securepubads.g.doubleclick.net/gampad/ 		175 KB
33 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2251639934806154&correlator=3966955434843958&eid=31086815%2C31089438%2C31090849%2C31090921%2C31090457%2C83321072&output=ldjh&gdfp_req=1&vrg=202503100101&ptt=17&impl=fifs&gdpr=0&iu_parts=21726375739%3A22803128949%2Cfaces.wtf_1098%2Chorizontalsticky_6652%2Cdoublempu_6654&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F3&prev_iu_szs=728x90%2C300x250%7C300x600%7C120x600%2C300x250%7C300x600%7C120x600&ifi=2&dids=GlTidfaF5bdC_1741898954253_973~ZpwRExDR9d7G_1741898954257_168~PBGDzFADSy98_1741898954263_865&adfs=2209083428~1957947093~1233607674&sfv=1-0-41&sc=1&cookie=ID%3D6c41f73dfb6ae9d4%3AT%3D1741898953%3ART%3D1741898953%3AS%3DALNI_MbWCFFbIOTl4kdtc1bxCg6vNHSDwQ&gpic=UID%3D0000106c83356116%3AT%3D1741898953%3ART%3D1741898953%3AS%3DALNI_Maq2YpJD5wNWcJHUT5_hgLZ-_Q3pg&abxe=1&dt=1741898954289&lmt=1741898954&adxs=-12245933%2C45%2C1255&adys=-12245933%2C56%2C56&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C0%7C0&ucis=2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Ffaces.wtf%2F&vis=1&psz=0x-1%7C0x0%7C0x0&msz=0x-1%7C0x0%7C0x0&fws=644%2C4%2C4&ohw=1600%2C1600%2C1600&topics=3&tps=3&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1741898951593&idt=1412&ppid=aed0aebb-d34e-4d33-824f-53231927c1cc&prev_scp=pb_has_winner%3D1%26pb_cpm%3D181%26pb_bidders%3Dadagio%26pb_size%3D728x90%26pb_above_floor%3D1%26hb_bidder%3Dadagio%26pb_r2_cpm%3D30%26pb_r2_bidders%3Drubicon%26pb_r2_size%3D728x90%26pb_r2_above_floor%3D1%26pb_r2_cpmDiff%3D151%26is_ta%3Dtrue%7Cpb_has_winner%3D1%26pb_cpm%3D62%26pb_bidders%3Dadagio%26pb_size%3D300x600%26pb_above_floor%3D1%26hb_bidder%3Dadagio%26is_ta%3Dtrue%7Cpb_has_winner%3D1%26pb_cpm%3D62%26pb_bidders%3Dadagio%26pb_size%3D300x600%26pb_above_floor%3D1%26hb_bidder%3Dadagio%26pb_r2_cpm%3D25%26pb_r2_bidders%3Drubicon%26pb_r2_size%3D300x600%26pb_r2_above_floor%3D1%26pb_r2_cpmDiff%3D37%26is_ta%3Dtrue&adks=3991525916%2C623423141%2C2593077440&frm=20&eo_id_str=ID%3Daace88faa3f54968%3AT%3D1741898953%3ART%3D1741898953%3AS%3DAA-AfjYiURh4mh5WS8ZzCVzqPu40&td=1&egid=9797&tan=a4a20710-45a8-4a5a-8543-4cc41e620393%2Ca4a20710-45a8-4a5a-8543-4cc41e620394%2Ca4a20710-45a8-4a5a-8543-4cc41e620395&tdf=2
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
c4015e55d5ebfb6fd53525c2916d85f8edafd9dd703e03c51d84e16ad6c8046b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
dcb
google-lineitem-id
6414850968,6417742535,6417742535
observe-browsing-topics
?1
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2,-2,-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Thu, 13 Mar 2025 20:49:14 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
138455492701,138454963625,138455492641
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://faces.wtf
content-length
33394
x-xss-protection
0
server
cafe
adsweb.
fundingchoicesmessages.google.com/f/AGSKWxXOmerW_94f-ktQisihROhAt-DELuV3VPuthS9LDAlbwItuRCojGseTRoAYSQIBrZ1pvqdTpuXN_5ZYnZjutMWWLn5J1DAeaPH6ygM8BEd3oa9ptDQtceR3KcIINVdqd6MxrhhKmwsfveEIOTcF6nbJgc8LN... 		54 B
109 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXOmerW_94f-ktQisihROhAt-DELuV3VPuthS9LDAlbwItuRCojGseTRoAYSQIBrZ1pvqdTpuXN_5ZYnZjutMWWLn5J1DAeaPH6ygM8BEd3oa9ptDQtceR3KcIINVdqd6MxrhhKmwsfveEIOTcF6nbJgc8LNEq1QayI-ZE5irVLlLp4qNMVANsekKec/_/add728./burt/adv_/retrad./natad./adsweb.
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.174 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f14.1e100.net
Software
ESF /
Resource Hash
1043ab7f9e8cd3b2c3a3ccf24be0b18664fb05855d82996bf3fdc0ec2d304cac
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-sKTRiMfgI99YXDeEck_xQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:49:14 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjctDikmLw15BiOHHrNtMFIG69eY51OhAbrT3P6gLEhgqXWJ2B-P66S6zPgfhD_WXWH0BcJHGFtQWIhXg4TnWe3ccmsOL_4heMShpJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalF8UYGRqYGxoZGegYm8QUGAFKLMVk"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-sKTRiMfgI99YXDeEck_xQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		154 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
06f380176f0d945d7fbeb5cae237875b4cbea4e5c27df1e679635ac53cf72834
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
10798338828045259158
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:49:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 20:49:14 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
53090
x-xss-protection
0
server
cafe
AGSKWxXlxY6wHb0ZrNQqwwwXTDStzPlgeRyeEOZW-8qqAiCtQHgvxzoTQk5l5L5B2M2gksOWyEDjw4-McPlAh1ROG6khH0pnviPaMn4cbt2701zf-M7D3gRyv6k6yGI9cU1kVQQTbKpJvg==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXlxY6wHb0ZrNQqwwwXTDStzPlgeRyeEOZW-8qqAiCtQHgvxzoTQk5l5L5B2M2gksOWyEDjw4-McPlAh1ROG6khH0pnviPaMn4cbt2701zf-M7D3gRyv6k6yGI9cU1kVQQTbKpJvg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.nMldHPkORto.es5.O/d=1/rs=AJlcJMxbucsRBMZZB1MGOVdkoHUPpvqhtA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.174 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-al9SABoa04cXJuBjz1d1bQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://faces.wtf/

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:49:14 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw05Bi-FB_mfUHEAvxcJzqPLuPTeDFycnTmJRckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqYGxoZGegXl8gQEAcdkkoQ"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-al9SABoa04cXJuBjz1d1bQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://faces.wtf
content-length
0
x-xss-protection
0
server
ESF
event
p.ad.gt/api/v1/ Frame 79AD 		0
34 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://p.ad.gt/api/v1/event
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/288
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://faces.wtf/

Response headers

cf-ray
91fe659309841670-MIA
access-control-allow-origin
https://faces.wtf
cf-cache-status
DYNAMIC
date
Thu, 13 Mar 2025 20:49:14 GMT
vary
Origin
server
cloudflare
access-control-allow-credentials
true
event
p.ad.gt/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://p.ad.gt/api/v1/event
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://faces.wtf
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin
https://faces.wtf
allow
OPTIONS, POST
cf-cache-status
DYNAMIC
cf-ray
91fe6591fbfa1670-MIA
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 13 Mar 2025 20:49:14 GMT
server
cloudflare
vary
Origin
AGSKWxXlxY6wHb0ZrNQqwwwXTDStzPlgeRyeEOZW-8qqAiCtQHgvxzoTQk5l5L5B2M2gksOWyEDjw4-McPlAh1ROG6khH0pnviPaMn4cbt2701zf-M7D3gRyv6k6yGI9cU1kVQQTbKpJvg==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXlxY6wHb0ZrNQqwwwXTDStzPlgeRyeEOZW-8qqAiCtQHgvxzoTQk5l5L5B2M2gksOWyEDjw4-McPlAh1ROG6khH0pnviPaMn4cbt2701zf-M7D3gRyv6k6yGI9cU1kVQQTbKpJvg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.nMldHPkORto.es5.O/d=1/rs=AJlcJMxbucsRBMZZB1MGOVdkoHUPpvqhtA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.174 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-3_fzTVyv9IQJAXhpvSW_uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://faces.wtf/

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:49:14 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmII1JBi-FB_mfUHEAvxcJzqPLuPTaBj04HZTEouSfmF8cn5eSWpeSW6iSnFuiB2UWZSaUl-EQo7tQykIic_PT0zLz3eyMDI1MDY0EjPwDy-wAAAXnAkXw"
content-security-policy
script-src 'report-sample' 'nonce-3_fzTVyv9IQJAXhpvSW_uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://faces.wtf
content-length
0
x-xss-protection
0
server
ESF
AGSKWxXlxY6wHb0ZrNQqwwwXTDStzPlgeRyeEOZW-8qqAiCtQHgvxzoTQk5l5L5B2M2gksOWyEDjw4-McPlAh1ROG6khH0pnviPaMn4cbt2701zf-M7D3gRyv6k6yGI9cU1kVQQTbKpJvg==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXlxY6wHb0ZrNQqwwwXTDStzPlgeRyeEOZW-8qqAiCtQHgvxzoTQk5l5L5B2M2gksOWyEDjw4-McPlAh1ROG6khH0pnviPaMn4cbt2701zf-M7D3gRyv6k6yGI9cU1kVQQTbKpJvg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.nMldHPkORto.es5.O/d=1/rs=AJlcJMxbucsRBMZZB1MGOVdkoHUPpvqhtA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.174 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-zLhV_6cnvqwO_S3EyCFlmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://faces.wtf/

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:49:14 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmII0JBi-FB_mfUHEAvxcJzqPLuPTWDDxv9_mZRckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqYGxoZGegXl8gQEAlwUlJg"
content-security-policy
script-src 'report-sample' 'nonce-zLhV_6cnvqwO_S3EyCFlmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://faces.wtf
content-length
0
x-xss-protection
0
server
ESF
AGSKWxXlxY6wHb0ZrNQqwwwXTDStzPlgeRyeEOZW-8qqAiCtQHgvxzoTQk5l5L5B2M2gksOWyEDjw4-McPlAh1ROG6khH0pnviPaMn4cbt2701zf-M7D3gRyv6k6yGI9cU1kVQQTbKpJvg==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXlxY6wHb0ZrNQqwwwXTDStzPlgeRyeEOZW-8qqAiCtQHgvxzoTQk5l5L5B2M2gksOWyEDjw4-McPlAh1ROG6khH0pnviPaMn4cbt2701zf-M7D3gRyv6k6yGI9cU1kVQQTbKpJvg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.nMldHPkORto.es5.O/d=1/rs=AJlcJMxbucsRBMZZB1MGOVdkoHUPpvqhtA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.174 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-LCUvj85nQiOJKBQ_hYzJTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://faces.wtf/

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:49:14 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmII0pBi-FB_mfUHEAvxcJzqPLuPTeDAnAX_mJRckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqYGxoZGegXl8gQEAe5QkxQ"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-LCUvj85nQiOJKBQ_hYzJTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://faces.wtf
content-length
0
x-xss-protection
0
server
ESF
AGSKWxUGFJvzcmRkZRNxccdjXF3wDCKca4VezOO05irxTsFRuN2H0GV9OUFMgCzokT1T075lYruPKnWEIaXN6Su3o10F3zuhVlEUwrglqH-7sz5SJ865ISLEt5lIf5uwgZNpAk3rToSaCA==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUGFJvzcmRkZRNxccdjXF3wDCKca4VezOO05irxTsFRuN2H0GV9OUFMgCzokT1T075lYruPKnWEIaXN6Su3o10F3zuhVlEUwrglqH-7sz5SJ865ISLEt5lIf5uwgZNpAk3rToSaCA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQxODk4OTU0LDc1ODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4tR0IiLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9mYWNlcy53dGYvIixudWxsLFtbOCwibk1sZEhQa09SdG8iXSxbOSwiZW4tVVMiXSxbMTksIjIiXSxbMTcsIlswXSJdLFsyNCwiIl1dXQ
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.174 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f14.1e100.net
Software
ESF /
Resource Hash
32a818ed067aedbbdb973816c57e47c712d67a4200a457961e79d75e49a2b4da
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-SM-zzB9nXixzxgIJhxLl6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:49:14 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjstDikmJw0JBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYiFeDhOdZ7dxybQMelKO7OSRlJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalG8kYGRqYGxoZGegUl8gQEA-qsrgQ"
content-security-policy
script-src 'report-sample' 'nonce-SM-zzB9nXixzxgIJhxLl6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
AGSKWxWy9rNVfk_qF7ZPw5o53KeVIcAetTtUNdP_plmQ_Qp8Svo80RvztIzv-C4-YPhacnbC5XWdpxpCsiLovGNkBATtVPYHEju1lFIUKPsudfIB-Ery0PQt3Zozs9quXZgp9d-n-UGyhQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWy9rNVfk_qF7ZPw5o53KeVIcAetTtUNdP_plmQ_Qp8Svo80RvztIzv-C4-YPhacnbC5XWdpxpCsiLovGNkBATtVPYHEju1lFIUKPsudfIB-Ery0PQt3Zozs9quXZgp9d-n-UGyhQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.nMldHPkORto.es5.O/d=1/rs=AJlcJMxbucsRBMZZB1MGOVdkoHUPpvqhtA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.174 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-mP8MX2bBEWXMj3efDH3Itg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://faces.wtf/

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:49:14 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw0ZBi-FB_mfUHEAvxcJzqPLuPTeDEl4ObmZVckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRqYGxoZGegXl8gQEAibQk9g"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-mP8MX2bBEWXMj3efDH3Itg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://faces.wtf
content-length
0
x-xss-protection
0
server
ESF
view
securepubads.g.doubleclick.net/pcs/ Frame C743 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv7NJDl_oOY1sCabR9J2fm38zPCAhZXdZmxBHT6u2xXwcdNkknRAeaUZtnBNctw7ePNf0kvSpJ8_LpHAEweYKEwES_VFMsyCphqoniUQbypHb9Zc51TIkwTcwLSykxdwMP0oTTkkrGuzDxuEx0lwIwFzvnxlTHk0sof_lbPD69vfimY4uAyl1bDR3e3CAkoNsYiaKNCEaMrOmM-YBS27udX_28OI3bwe6VfPMbQDS9ABTW2VkfDGWoe4H481DTtmfVGwQzVGpW97CTOZ5eDP9VWIRU_rWyuXJG2cklZOZWHjftbBXLByHKIRz_A7bBScS7U73uV58kasXSlFzLAkt9MPrccRtc1Qs2E41bhTka4et2PuC-UCGZnix0b49bYXVtiSuUj7zMGoR4C6W9S-PzCQMlzXm-qBK870PRfSYNeQqU1ZBnALSCB_KZzxg&sai=AMfl-YQlqaY8vc8jusP7DWAcQQzlysu2HGiTKbfyK0sndQ-7f71sIOs9NLamnD5r_hMRg7P8A2YK2K2TPlL7VeUKD-ANFi2orWpbuhMgzZzoHlXYrhdF7lCaU--pCsxyzuOPE4iHE56ocOgSRvMgbSw&sig=Cg0ArKJSzHx5dpHRvs5JEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20250312/r20110914/ Frame C743 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20250312/r20110914/abg_lite_fy2021.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
551a85842016f5b8c5cb552aeab3ac32931eacad58d9b2ab583daa42b28d4b00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
16740572879928611
age
8881
x-content-type-options
nosniff
expires
Thu, 27 Mar 2025 18:21:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 18:21:14 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
8346
x-xss-protection
0
server
cafe
pixel
googleads.g.doubleclick.net/xbbe/ Frame C590 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPaoDBCdjaSiBRjO2pqyAjAB&v=APEucNUPo8puXjO_xPe8tlRUbHo5JsjAq-uGPYO9V96gAc0lfv0DXwOv8CbbzcEiMRGiYIx9Rzx1-t54NeoCyjcfBY47ervXGyBSEb7VVNhqqxClCSKSKDo
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
180
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 13 Mar 2025 20:49:15 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame C743 		107 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
c3bed41608ea0d94be4c15c95f13134357f5ccb700c0ac0f474bce0d78fb5130
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
6220131615918511209
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:49:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 20:49:15 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
37264
x-xss-protection
0
server
cafe
register
token.rubiconproject.com/ Frame C743 		0
890 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/register?khaos=M87TNUCL-I-FOES
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.146.5 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
1e5551a43c15a2a2988f4ec71599119f
Pragma
no-cache
68b56ce0-64b2-431c-a7d4-9791832e3624
beacon-sjc2.rubiconproject.com/beacon/d/ Frame C743 		43 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon-sjc2.rubiconproject.com/beacon/d/68b56ce0-64b2-431c-a7d4-9791832e3624?oo=0&accountId=19116&siteId=284872&zoneId=1431476&sizeId=10&e=6A1E40E384DA563B9476DCFA2CD7CB61A1C83D8C74D36943CAA77D64496DB78604522A0692C6DAD2024C8F501808A076BF1ACDB2D8DC48DDC0B2293179DD7D2B8D7A189A01C960809F9EF5853E51678C9A64E2616EF94F24FFEAE857529C3C4ED1C575D57B76AA15734750B9325DAF020B4CF2EAB0EE8D660EE5979C43C99093178C325449AA7A0B1FE99B977D3F86DD154BD0B8CE81140BE6C16D4BADEF4F87454086B36BA7F6283C4213D8BFFE807FCAD7F76D29C96F64E82A954C1004678A
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c001::200:164 San Jose, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

Cache-Control
private, max-age=0, no-cache
Pragma
no-cache
Connection
keep-alive
X-Content-Type-Options
nosniff
Expires
01 Jan 1970 10:00:00 GMT
Content-Length
43
Keep-Alive
timeout=60
X-XSS-Protection
1; mode=block
Date
Thu, 13 Mar 2025 20:49:15 GMT
Content-Type
image/avif
X-Frame-Options
DENY
imp.gif
c.4dex.io/ Frame C743 		43 B
316 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.4dex.io/imp.gif?adg_com=0.2&adu_code=c6654_p3_0_0&auction_id=d39bbd60-e7e2-4405-8eac-e7ae0ea72e72&bid_id=14&bid_ts=1741898953&bidder=rubicon&breq_id=d4cde4eb-39d4-4993-8703-0449317772dd&browser=chrome&bttl=360&buid=0&buids=0&cpm=0.8217&crea_id=2249%3A642166094&ctry=USA&curr=USD&discrp_adjst=0.01&domn=faces.wtf&dvc=2&environment=desktop&h=600&it=adg-pb-clt&ivt_adjst=0&lzy=0&mt=ban&net_cpm=0.65736&optcid=1469&optid=663&org_id=1090&os=linux&partid=2025031320&plcmt=faces.wtf_adagio_display_prebidclient&pltfrm=web&pn=1&pv_id=9242797e-584d-4696-9013-50cb65ff456a&rpmadc_smpl=1&rule_id=1015&seat_id=8&seattyp=shared&site=faces-wtf&spr_id=163&sspv=3.0.0-gcp-las&tiv=-1&url=https%3A%2F%2Ffaces.wtf%2F&ve=organic&vr=-1&w=300
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.34.106 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
106.34.241.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
access-control-allow-methods
GET, POST, OPTIONS
via
1.1 google
expires
-1
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
date
Thu, 13 Mar 2025 20:49:15 GMT
content-type
image/gif
server
nginx
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
gen_204
pagead2.googlesyndication.com/pagead/ Frame C743 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B-cjceuzqELDDL42r7Yqhh3L1-YewouvH75-97AREID1Nt6VEy-p3QCF4pDfR2ta-XGaZ5qXtCuRbFLTEzJ8kLJsWTVaSMS1DHbLmNmIg9BpdXmmg
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame C743 		218 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ff2b0187d0c36b98f0f9ad514d1847d532fca35baacea186060a53d145d0abe8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
13704936925994429
age
3420
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:52:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 19:52:14 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=ISO-8859-1
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68836
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame FD9B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstAblWXKJnQgDsTbv8tlfOPS8XKJmwd-uncZTDGiLnERfdlfL3osDXekF7MOb7nZGJ82j0ghpPDTaKk4_RNjgwWhx6NqK22ubYoivIM1F-IrrForGyVy9uP9gjnKBTKVJWuqKc3c3j0qZyXMhV9FbKhmWMfkYevhctW8cvGwN31rMepCOpT9r7wxOdfKGmrXQGTz4_3FXoyRmFqiUmaEOfTTS3fzRh0vZqI3DuDMFtsVHei2MRwvUll3q2DfRjxpLZP1i-WiZYE9Xfd1zWDKwuxMgW37yWnJTphiI91SCkhm51IEaLcFWmD8IekHrkO5fCIMZ30m7QB-nLAPdLsgNDP82jZo-agJZ_a1FGjfqe2xHDo5Q1VgkH0vnImG1hg7qINT8wxhfQNLkRV6QwbYTSPrDJCW8Z6CA6PMROejYaO76XvZMJJc_hfOmQ3Dw&sai=AMfl-YRjLrBI1KpI7EKbTKeWbsWPF8nnx6OSmurXie6046Z0ZBTGFvfvKpuWxQxG6Od7sTvc5cinQ9hBXWB15J7pNhjNwLSMc-uwA0xVtSjiByjEXEV2oYAs1cEaBp7yYKIOBDboQJphOhTs-VGDgLU&sig=Cg0ArKJSzLGfYElv6WHcEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20250312/r20110914/ Frame FD9B 		21 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20250312/r20110914/abg_lite_fy2021.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
551a85842016f5b8c5cb552aeab3ac32931eacad58d9b2ab583daa42b28d4b00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
16740572879928611
age
8881
x-content-type-options
nosniff
expires
Thu, 27 Mar 2025 18:21:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 18:21:14 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
8346
x-xss-protection
0
server
cafe
pixel
googleads.g.doubleclick.net/xbbe/ Frame 4DA5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPaoDBCdjaSiBRjO2pqyAjAB&v=APEucNXqEBIyzRneuYwf6MX37u7gz1_0MGFnxNEscyVgDW-bTnp06bG34JbJrcFHaiXAuIVvDWwwq3FBCL58Bc9ZCyof7v6BguKgBQAjQrOKMJUmZPiMvOI
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
180
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 13 Mar 2025 20:49:15 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame FD9B 		107 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
c3bed41608ea0d94be4c15c95f13134357f5ccb700c0ac0f474bce0d78fb5130
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
6220131615918511209
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:49:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 20:49:15 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
37264
x-xss-protection
0
server
cafe
register
token.rubiconproject.com/ Frame FD9B 		0
890 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/register?khaos=M87TNUHP-19-I4ZG
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.146.5 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
1e5551a43c15a2a2988f4ec71599119f
Pragma
no-cache
73beb923-f188-4284-8db4-041577144d9b
beacon-sjc2.rubiconproject.com/beacon/d/ Frame FD9B 		43 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon-sjc2.rubiconproject.com/beacon/d/73beb923-f188-4284-8db4-041577144d9b?oo=0&accountId=19116&siteId=284872&zoneId=1431476&sizeId=10&e=6A1E40E384DA563B731FC3F127EC5EFE76F27F0A4DF0121E8A5A0CABC29E4999B7AA0B5E42F25415D64AB647872307FC4405402B30778420DC3923BB6B8E34148D7A189A01C960809F9EF5853E51678C9A64E2616EF94F24FFEAE857529C3C4ED1C575D57B76AA15734750B9325DAF027C0B120E043AD15A60E50D8A63C1FAF96BC1BB86CE88B29C2D92D84F64535BA52AFA1C71A52851EFD0CA68BC5851ED3D67290910789144BF89D38E814B0D116BCACAD32580CAC8A4CDA10306204D320B
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c001::200:164 San Jose, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

Cache-Control
private, max-age=0, no-cache
Pragma
no-cache
Connection
keep-alive
X-Content-Type-Options
nosniff
Expires
01 Jan 1970 10:00:00 GMT
Content-Length
43
Keep-Alive
timeout=60
X-XSS-Protection
1; mode=block
Date
Thu, 13 Mar 2025 20:49:14 GMT
Content-Type
image/avif
X-Frame-Options
DENY
imp.gif
c.4dex.io/ Frame FD9B 		43 B
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.4dex.io/imp.gif?adg_com=0.2&adu_code=c6654_p4_0_0&auction_id=d39bbd60-e7e2-4405-8eac-e7ae0ea72e72&bid_id=9&bid_ts=1741898953&bidder=rubicon&breq_id=a0bba6de-4c18-4a06-85e4-ea37f4161259&browser=chrome&bttl=360&buid=0&buids=0&cpm=0.8217&crea_id=2249%3A642166094&ctry=USA&curr=USD&discrp_adjst=0.01&domn=faces.wtf&dvc=2&environment=desktop&h=600&it=adg-pb-clt&ivt_adjst=0&lzy=0&mt=ban&net_cpm=0.65736&optcid=1469&optid=663&org_id=1090&os=linux&partid=2025031320&plcmt=faces.wtf_adagio_display_prebidclient&pltfrm=web&pn=1&pv_id=9242797e-584d-4696-9013-50cb65ff456a&rpmadc_smpl=1&rule_id=1015&seat_id=8&seattyp=shared&site=faces-wtf&spr_id=163&sspv=3.0.0-gcp-las&tiv=-1&url=https%3A%2F%2Ffaces.wtf%2F&ve=organic&vr=-1&w=300
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.34.106 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
106.34.241.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
access-control-allow-methods
GET, POST, OPTIONS
via
1.1 google
expires
-1
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
date
Thu, 13 Mar 2025 20:49:15 GMT
content-type
image/gif
server
nginx
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
gen_204
pagead2.googlesyndication.com/pagead/ Frame FD9B 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bc6_3gt6Xw4K36Yii1OjteuVa34upYQfTtJWh71BZkFH-z_a9slOeZ_-3w3X5gvHLwbLiCZ939qxacKJUAoDUB8CfvQ9CBPu4UtoRKOfMDKh4ivGw
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame FD9B 		218 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ff2b0187d0c36b98f0f9ad514d1847d532fca35baacea186060a53d145d0abe8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
13704936925994429
age
3420
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:52:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 19:52:14 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=ISO-8859-1
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68836
x-xss-protection
0
server
cafe
bidscape
edge.venatusmedia.com/ 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edge.venatusmedia.com/bidscape?tenantId=1&accountId=368&siteId=1098&configId=6654&instanceId=3&executionCount=1&renderCount=1&pageSessionId=36b31a30-e4c0-42dd-94a0-5bb4bf46ca1f&cpm=0.65736&bidder=adagio&auctionId=0&size=300x600&source=auction&route=Adserver&aid=60b91ae8879c90f&cid=2249:642166094&responseTime=657&u=603987fb-10c7-4a79-ab1a-2f2d52f9a11c&cb=77ece75e-95b7-405a-aa96-29ae78090335
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.42.134.208 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
208.134.42.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-allow-origin
*
date
Thu, 13 Mar 2025 20:49:14 GMT
x-envoy-upstream-service-time
1
content-type
application/json
server
istio-envoy
access-control-allow-credentials
true
bidscape
edge.venatusmedia.com/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edge.venatusmedia.com/bidscape?tenantId=1&accountId=368&siteId=1098&configId=6654&instanceId=4&executionCount=1&renderCount=1&pageSessionId=36b31a30-e4c0-42dd-94a0-5bb4bf46ca1f&cpm=0.65736&bidder=adagio&auctionId=0&size=300x600&source=auction&route=Adserver&aid=592b2187e9a07c5&cid=2249:642166094&responseTime=653&u=603987fb-10c7-4a79-ab1a-2f2d52f9a11c&cb=a58db866-29cc-46d5-af9d-9c273be12800
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.42.134.208 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
208.134.42.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-allow-origin
*
date
Thu, 13 Mar 2025 20:49:14 GMT
x-envoy-upstream-service-time
1
content-type
application/json
server
istio-envoy
access-control-allow-credentials
true
auctionwinner
googleads.g.doubleclick.net/td/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/td/auctionwinner?status=nowinner&isContextualWinner=1&hasXfpAds=1&winner_qid=CNjlqKP3h4wDFVyNWgUd6XsZoA&xfpQid=CNrapqP3h4wDFVyNWgUd6XsZoA&ecrs=AdVVZGPY_wU76_Fovb9Peyqt4yLywLFtEZ_D_c96Xx_0y-CosJ6vXkyLLxOFV2-qaMKvY8RGMl-UpYOQF-tpFgXCqSbP-CL8t7SnfHQlHx_3A0o5HeGPwRwl3LfssWHBDqf6NnZBYEysoQ79UX-MzF9XYin7kMy69xCsqkzSBpNWZdWJ6DJm2ycssq32Mvu6T-fOkvPcG4sAslLYHV5u7KYWvNLmqI1FahmwEERSGGeCzzSgER6RZhlAqRlJyv7VylShz-TzJmm6lavN_HPc3ijNTFQwHAM3oBwh6xqSiL6b6_qC_Tbx3EyrKYrzaNDSEMAujdK2xqsQF1dzwVAHYS7mjo897GBtMd3HyeFoE-lrZL8EICIbXRx88HTK8TAQ0taj1FE3d4JD6XPiOgbYCN1BKftH4RJek2fJ17xMFdifHzLzUj2jgaz5M20eG6ab6X_iO4uN45ngcHm5s8YNd5kpUSmhu3j-blHr4J6ln1KqYmCJUZk1PPx3wpDd52dPB6TS5apuGjCrS8o-qQdbuZFZX39l329L9rYdyh9BXsHINTR3uRqA9gufadItNUbQyhcaR-eXC5rb-rw1CJKBQz5CUoB3LvVteARWP_XyrkFyYrxVMuLZ0BqKI59kp1Z__P3zKkuoHDo20-u0sHdhwSrMZ-IJwr53rsKqNL86M4zOEdhJUkj1fj7vIbIyLkx0SALyGYWqc34hxN9_QCNEAxFChI3zH40CyJ84qq8u1IztCWIctQ3q4GN0oID8SKiErItKlc_sqLkql1xAZqw7OEFBc5jUxTSHCb_GEXZQmYTG-Ym8fB-7ze-ijbAG5bcju3vDzoCtEuHb9PJhglFjUBN3e4rfkP4g3id343Jbsi8zqx6F3To4K8WFB2eYdokOep3f_SmLuyLLAHfOkx4LZKseX1l70Nj8LzW9uNUn9Lr59YbEyU5bb13sUPGCeHvUfHaN0XJcgmNhwPDwRj2CkQnGLNiTp4Ap9cxbm2xfGK60beTnFZZcN7Ckycuwqbnyua3xAlOFqZfMk97CYhDrBXyUyiOAGxuAXPVepwT538R9eF826baVO7HY2fKaskWZuoyF6mvmtGLNrLj6A34fluWqjr7gheklEWkLWctl7EnRtm8VCYyOUm0gB-2qwSK9II36fC-15A69nPfaZ5RnD4pUx4NKGT36B-L5B4O6bjW7jhXiYgfNSygb34DGcO-LicBjNz3eUuFJHx7eocq0tcwLVp5ID8J-KZwG7QFOTctdmA229AvnoSLpWVjO8lZcsSUyD33pPrqDXuE-EPvCN0kj-dQk7w_5r2vIFKeXs4IMsMOykZd9-PIRt4q6jSBCDWlXnVT3OryUG4GLUBhxEssiSLER_KKNRZpHlc_HpbcedBcHwPNvvN5ZFj_uz11gWQ3NL8QbBwttgHdhPRMuAbb-hQEKyZmBuRs&cid=CAQSTQCjtLzMzl_XdIJVhwwNosT4THJWRE3x1-KiU2vvi287JqyGxI1TqFnQtsBz4j4Bt-BnxFHxn5g9_sYbDLUJqNRPO6ebefmom-o7y1qhGAE&applied_timeout_ms=0&duration_ms=144
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=run_ad_auction_stats&pvsid=2251639934806154&vrg=202503100101&nw_id=21726375739%5C%2C22803128949&nslots=4&eid=31086815%2C31089438%2C31090849%2C31090921%2C31090457%2C83321072&pub_url=https%3A%2F%2Ffaces.wtf%2F&duration_ms=145&applied_timeout_ms=5000&timed_out=0&error=0&auction_skipped=0&auction_winner=0&winner_qid=CNjlqKP3h4wDFVyNWgUd6XsZoA&xfpQid=CNrapqP3h4wDFVyNWgUd6XsZoA&publisher_tag=gpt&nc=1
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame 4659 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvqOOAxrIkYNUAcaj10Bnn0SBsk1MCbP3qiNdraossNfGhYF__psFajbdkThrGUdd-YDoJSvpWy9Ngj274XFa7RCwhNXpLOMHnsWwzD-C1d0H_YrUECXfqSNWFot_aHTEk06Lo40WiKl2iockYa0d-QS3ta314OrlEuOFMt_q-z7TeQcqjqH5XGFbBEACjJFe0N7_4fMp1VTKIF0K0RqCikgEzmjzllA4Y_aXfPKfQojsGISCnoKVkRk51rMaHNf_3kN_I88Pv2xI9qa_b_h2bm2iXi6NCR2hzRpbsGlawkFf3rfuUsrdWgq0dUFs0w3qCQZy7jN2PZA8tDmBvD039KtM84f9zQQS0j9RtA7hICmfqslpe2aiW3_uSvjs2BPZ2DLq_9Rh9LWVQf2ED4U8wObEVRYG9TfRQm4P8W68kssnkfr_JHS03lxkVcxPIZU3HesO2tRQ&sai=AMfl-YSCG3PFwsK8KUtK4hJ7oTPih0IbPg2uHZtiAe83O2AY7vJxBtunMhpaoLWwm2XESbk0vn6QX-HfsVYaOkDSgee6znnU7ygWlMCwWqCRXWhZzQRQpjwYiMwTT-0g3nXFAo-Z8CfAHOGBhfN3704&sig=Cg0ArKJSzNgmuFhJ0SpwEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20250312/r20110914/ Frame 4659 		21 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20250312/r20110914/abg_lite_fy2021.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
551a85842016f5b8c5cb552aeab3ac32931eacad58d9b2ab583daa42b28d4b00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
16740572879928611
age
8881
x-content-type-options
nosniff
expires
Thu, 27 Mar 2025 18:21:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 18:21:14 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
8346
x-xss-protection
0
server
cafe
pixel
googleads.g.doubleclick.net/xbbe/ Frame C7F0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARi7j9OzAjAB&v=APEucNXC5_S5U8m9Xby8PRpexjNLFjsAHaClAGxKW9iiDT2MqF2Nhs5KMztx9-hqscyUdFofVHz9gVke8ibBYbhWXTYRdK6tOreRyRAvnvcTRrAvuP3wgzo
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
242
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 13 Mar 2025 20:49:15 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 4659 		107 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
c3bed41608ea0d94be4c15c95f13134357f5ccb700c0ac0f474bce0d78fb5130
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
6220131615918511209
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:49:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 20:49:15 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
37264
x-xss-protection
0
server
cafe
register
token.rubiconproject.com/ Frame 4659 		0
890 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/register?khaos=M87TNUCF-W-T37
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.146.5 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
1e5551a43c15a2a2988f4ec71599119f
Pragma
no-cache
9ad697ff-9962-43f6-80cf-fdaabf42fc0c
beacon-sjc2.rubiconproject.com/beacon/d/ Frame 4659 		43 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon-sjc2.rubiconproject.com/beacon/d/9ad697ff-9962-43f6-80cf-fdaabf42fc0c?oo=0&accountId=19116&siteId=284872&zoneId=1431476&sizeId=2&e=6A1E40E384DA563B54DFDE0D926AC505BEBFC258245F6EAC61CC285C77C00B583C65CCEC41074BB156F77FCC490D38B1671ECC9F3C2BEAA48E5090B73659C5448D7A189A01C960809F9EF5853E51678CEA889E507EB7321E35DD0916B926B0DA1D91C93C85527607391BCA9A24548539F5A05AD72C95A591184CD4382CE12E30DB36492CD3B0E63582E2A1BD8AB655F00CAE027AC7F031A3B824D3A20A0F062A1584D6ABE5F37BBF767A70507B29A10388C14AC2B9FF379E
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c001::200:164 San Jose, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

Cache-Control
private, max-age=0, no-cache
Pragma
no-cache
Connection
keep-alive
X-Content-Type-Options
nosniff
Expires
01 Jan 1970 10:00:00 GMT
Content-Length
43
Keep-Alive
timeout=60
X-XSS-Protection
1; mode=block
Date
Thu, 13 Mar 2025 20:49:14 GMT
Content-Type
image/avif
X-Frame-Options
DENY
imp.gif
c.4dex.io/ Frame 4659 		43 B
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.4dex.io/imp.gif?adg_com=0.2&adu_code=c6652_p0_0_0&auction_id=d39bbd60-e7e2-4405-8eac-e7ae0ea72e72&bid_id=5&bid_ts=1741898953&bidder=rubicon&breq_id=cacbd111-0eb8-4140-955f-65df1d685f0a&browser=chrome&bttl=360&buid=0&buids=0&cpm=2.376&crea_id=2249%3A645187515&ctry=USA&curr=USD&discrp_adjst=0.01&domn=faces.wtf&dvc=2&environment=desktop&h=90&it=adg-pb-clt&ivt_adjst=0&lzy=0&mt=ban&net_cpm=1.9008&optcid=1469&optid=663&org_id=1090&os=linux&partid=2025031320&plcmt=faces.wtf_adagio_display_prebidclient&pltfrm=web&pn=1&pv_id=9242797e-584d-4696-9013-50cb65ff456a&rpmadc_smpl=1&rule_id=1015&seat_id=8&seattyp=shared&site=faces-wtf&spr_id=163&sspv=3.0.0-gcp-las&tiv=-1&url=https%3A%2F%2Ffaces.wtf%2F&ve=organic&vr=-1&w=728
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.34.106 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
106.34.241.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
access-control-allow-methods
GET, POST, OPTIONS
via
1.1 google
expires
-1
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
date
Thu, 13 Mar 2025 20:49:15 GMT
content-type
image/gif
server
nginx
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4659 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DOzaLOVZ008mUkoUx2jvpbkRq8Q6GBv7-pCLjsQ3iCNYLG-Sq_TyYW-hN2YW7c8malUZbzvc5HSP3EfJRx8srrkAO1YU_XLektuL85JymIG5rDd3E
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 4659 		218 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ff2b0187d0c36b98f0f9ad514d1847d532fca35baacea186060a53d145d0abe8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
13704936925994429
age
3420
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:52:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 19:52:14 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=ISO-8859-1
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68836
x-xss-protection
0
server
cafe
bidscape
edge.venatusmedia.com/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edge.venatusmedia.com/bidscape?tenantId=1&accountId=368&siteId=1098&configId=6652&instanceId=0&executionCount=1&renderCount=1&pageSessionId=36b31a30-e4c0-42dd-94a0-5bb4bf46ca1f&cpm=1.9007999999999998&bidder=adagio&auctionId=0&size=728x90&source=auction&route=Adserver&aid=61b081fc37d9df&cid=2249:645187515&responseTime=657&u=603987fb-10c7-4a79-ab1a-2f2d52f9a11c&cb=b509bdfc-8553-4add-a5b9-0cb1792a2736
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.42.134.208 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
208.134.42.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-allow-origin
*
date
Thu, 13 Mar 2025 20:49:14 GMT
x-envoy-upstream-service-time
1
content-type
application/json
server
istio-envoy
access-control-allow-credentials
true
gen_204
pagead2.googlesyndication.com/pagead/ Frame FD9B 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6465077487194&version=m202503100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame FD9B 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6465077487194&version=m202503100101&ct=76&x=8&cor=2284170839634666800
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
ad
googleads.g.doubleclick.net/dbm/ Frame FD9B 		95 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BexiZ_TriRGjfXfMKvhQUQN80GypeJO5t3LMoXSNzmVYUH0-Um2GScVbUeFwDBK8JdvtuDKCihHR6Wc33EuPb_BC9nBMsI-dRYvHmDcMoAXI6GxDG2oXMjwOBCTRwK1CZlBgmghHR0ypmhyBO6CcRz94glJbu-1BkFgkEV4MQQ_2mANKGaIGGYWs29KOQZnMLPzJHdvXlqkbnkPJb4P-kfsnzeOosPwFkf6BdKjTTuTjc3reU&dbm_d=AKAmf-AWPmGr2FNsXOygQNtbSAN95_WwWTNlkrtRFDM2Nkjoz5jlbE98XBd2dMoJ0JlBEeXwnMTFgb16oX-gS2fjN11qm17sOHLsmeGsiV4eiSHU2s7I9WXPfpg0oLrifK9yQjfGDNf3ePttCt1WaXUiRR1Sr7ouO33d-2H98lAq5yuRmG4BYkbN8_xShJm94cG-Djlodv0c9rr4MDazIC__25aQsoQdqlk_SUo8BC5JGLZPApDDXi2DdozSTPmXDg9jsdkXbuwn7YdGTRASoBrqkbEOHMxprE5j2L81_4B07Zi4R3NRV5Xb6GCVdpwBMnuGU3cGFfQpCaclYk9I5Wa4YMf-ZAUXfSQ54mnTHPNM4DQ_2A9qs9y8J2nWuuGbgThV1gDlbjWqUzAJaeJLrHNPa7vYZ_7Mh44tiNWGhuuC8OhcxZ8kzLtfdWlMhE6f6Wm48nZPrXRrS7hWhPA5eGPNYv9IE16XOAJl59j5oaM74s1SHNwY4Ta27ILCR0oUgvecTeViOoiPODRzcSV8crGh2wGmDxYdmCebJBa7Et0sA_sRRITAyAiNd7gGUgiO2iMGZlgnRd6Ixr14hbH_2BPuakDoy5DfsatO1kgn-NXjyATW6c6qvwMZAF0n6IliBoBZGjei1Ws0oYQj2T7HhivRqg9n8gAaSsdYU-8NuVPeo4Qy6SvkiXpITDsbta_SD7CrGmYOyITbZhWzaiN_jMgqSOXdQEOdvP8rw91MQDnUM0e4tqgTJOuQ8ppIfHTp0rrf9gutt2zBCPndkiUzlxbqVKvYpCCTfQ1FEG5utBJruHDZXawZEL22-2RZgQm0fuVnb3AnAt5GKTdUWox-Q4YeO00OnPVmYYwT3DiJQhzuJsTy354yi1pZfQGE9rnX82gl-WA_5EyUHdNoi0jLMOmXt40uLiG9W76f8a8T_ElrnfE2XmJQS7xbSXWL-wRyv4Fua6hV9Atk1IOPzPZA635tjQsJvrRRKjKUcD20ghHZNTo5B13uyZVI7A9M5LpsN3MvKzl9GwjJrJG8yUVTMTrrf_VVPL308XlcxbI_4SEb164LyXlvOEOpwX1V-9D_IUKYZ1gCtrmD0HVKJYAS1IhncNLsAM06j3H4XAI3JsIQ4EXFlZrqt1vyPqrEcmIbr3cU5ziTrUDmhH9csuK9rQ-nQPd96IreeoXJnHyhBFvPJAyJQuILo009gptQnSUtaTmz9D_sMDSKxlI2hdtHOpgpmp5_lrBNWMCrtVpRbrFrkINLryfqx9SHDOvcFplCyNy3SToZTwS9msf7mW08x28dMaTYlh1FhEXqtcNQ-1KcztHe_dyDnSrJPU0OuJ94P_mrR5wbCNi207MVMBm0jay_UYtzCe9TkPQx_RNPciFuvX-QPfKCzl6cIZmbkdB24T5Mze12Q_T-5aiKTNXDZsea44gXVHo7eHpAzgaI2i3YqePiNFO1x71BrdIK5EKQtNPInu5AFQ_oACukXJF8MryJPyX5W6mYYCv6hsiKaGJbh3nAUimQzbEfgrvy6xMmxQ7VBsw5xwlm6QXHrmHDrSqgc1w54R6pcLZXB7DTSaFaFEIY0rV9Er7IwHqNZQTCyEVFkEUv1ylhb1Gq-43zh9x6X_kEnVlzN4VyAfQGn-8bf5eC1ju0oGgAlEtyqmUu7lZJzbSBeoUE4cA_oVva22bXkd2LV4hPC_F4-mlJgzySmHGrtWSf_g1Es_UYQidpAIA6sttnz1Xmclx3r4am5LrJW7QwQOcAcvC5_dwSuJ2_tlTsmyZcQ01kJfnals0xkS236Oy9kcuiYUD2bJHUGRZwUMX44HSkgZo6RWRPBtKTei5KHrBEKCng-xrqIuvf1Yjk1FqkHZEZuZZmw9GAFSOs6i19EH67T5Ge9snMC9FciPGf-rjze37UGlmbaqYq20L8z0dDXoHHAR-N63-xbFBmDrxEpRxT_J5DiPjm9kZ1oxWxUu-Mxdc4NBC97QovmfK6kHJyFj6qYKoMbSxurM-kZ5CJsjUUd1sK0cneBKvAzQGWiUMk1XbsUjG0QZt-vNd-_y9-rVhIV5nVsJiJrsimqBXFRkvdGJFro89Xv6b8UdJ3yaHH-v3E9-1s0orlBIwAH0V1sA8lQlqjCxGKZaeqpcOgNQeFBS0QaSX7T4pAH6385LFsrXKaqFxWdfjUWd3XPjTwZXiZjT98MC-wuq1RULefcGeGZI68_bHf0eY1XJzz2_CFFxunc2LOwS4cie_0hNEAmJD37-TjslD4RWZrkLjFIb744HPhHgAog6j8RGqSot2kvBbsV90RdPdP-n1-gelbjwSBYWrGpVu03UOmalA2FX2dsc5THlGSN49IaMvhIRlFffOIIcJPF-kLa7hFZkbiQg6xknvlBWtnRk6OchWRztWo0nvbYDzuo4aG-NOwTPZHTt6gHzlLmYHHqaQR4j7dq5HLGvnUBWXZtWVQyELm8-yteq49T8gf7DtUUQyz_qSNVkrhatj0idasLWpGiENIgcTFxq61TYDrzLHaCCXaYGKS2jajjpDyR_zV0SnWjLX8JbZtIDVWUMWVKRKpc8YNqZQ49PX6t92o4KeWhVsAx9xrlLPQ6nDgnhGeaXbjS7Ca-qkfVKdotkJqj9Dli57GRUSL7_WiE_dvERqa7ZZR3NOqWJXk8v1B7YWfIQkcPJQPVnYPCqOxUHGo1BcwXnCjLnL6hfz84U-_bMNMPSfqCtoRKZhb3qPvzbtMV8UWU9PclMI12TNNSrlNCo8s__gLSLyrVk9zjIUArDGc2v_jiH5XBtvViQ6a5rgWg9nCuxKWzqw7eosduNHw2rEiizlBB-3xgivPAcGFp90xLlh1z2bkizEc51VisorAelKaVouQVeIwNFitGTO10DulsJSCe37KnZ2akmrf9EM04nmsZNCzBz6Y1hhuKekTKKypnNtzQChyFE270FCxzbMZcXdcKo-6qETD0U4Tunpb-zQbCt-Qc2kEqTgwSf2G7-ACZbTH95cqqi5bKvVyMOwizJC9N6c1wgvGRllxTC9jC0A1RJd5A958ccTvM16SrFg7cLEeUZZHRafkom8xEZEMa50ax0zhLTkKIf9sQBev-gTW71KvaAg71S-awdaGh06YkyzMP1p39G6ydcHAUzf1kkMFaU_nYiLsgpYwNrbtRQAL9gecxVlrmk2qo0TTI7kx4SW2KhCQMNC7ZS6MInKqNUcTh-md4GZ2CU0mZKxGq8Md0K-stS12vG7RL3PnwHgHUkbfQVB9tLnd5mg4z2A9XAMBkxaA7galT7yxFBgOVRZ6kD2ptXXcrsPDtzAAeq1FeFxSsi0SMxBfkJsWFJlNbvHSsTf-j2EVvsz-SxrvZEn1cDPUqnvXWUvaakf1TyAFihfBjGrPUedhY0KazGQvrTluBDAjVMVPdi6gDZcy1U4FOqaOjhslYeQ2HmW94lqx1CJ9lwGUqWbq9uJnkpXioRb71KRhPh4ODea1GPweE_LU-hWN1KYVDPLAU-J3cnKCjY96BTYQn_2FeO942BZrMshxwNpE6ctIbd8oqRa-aDyZdum9EzDwsmWiuLsdxQhL3cG_KKnvxd31dmNhFediJN4LejdK847KcgaNLDhrT-HREuuF2rwddo5uR3Wwy2OaShXGW0MoHZaVMghpE-3yhmazOngJgGnWKuWWY3H2oLcXLXysunKsE-woLWC63QzqSU888ZuAci_rq6hdYfpcIpFKheNK4XreiBdPbUahIIfguonlh3oPKmi0no2JQQVuaDMMlNpoIOrzELK-8WFlgRCoB-WFGdutRvyTtNomrZbtS9vjnDTIP6RE14szoU2lWhdVuIOC8mjp8-uVLvNJQr1_qkLtj0_Qg8YHhdC9aXCI1T1pi01me2rZUzZ-yUbomJfGFG5yJPs98g9sLs_X547aiZw9TWYqjF4K-9BeOOLdVCBCrrgO4Pg4sF0Y-NizNNvPrcXtBESZFuopw7hx_9SC6zP5Fae95FlgplIsKG_YubseN9585JXEGXxMAqv7vK5hgX0aEjrhqW4dkiP2yS3sglXH&pr=8%3AB7C0FD9D8E4971EE&cid=CAQSdwCjtLzMewzNzLGqHZVUuMydGXjRYtpE4a_Oy1ytzFoCRA0OhqWSZtxI7xdJiausxfzH4vWD9-BAhUpDWgotz6xBJapN8EZROvcbHuCIYPeW1kKl9crz2us8gTjLIKgiiabABn1AEVqQtk9-HLDwe5ubwEEXIzvoGAE&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&dv3_ver=m202503100101&nel=1&rfl=https%3A%2F%2Ffaces.wtf%2F&ds=l&xdt=0&ct=76&iif=1&cor=2284170839634666800&adk=2491124952&idt=47&cac=1&dtd=80
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
ec57e030c77efb1752cc5db33bc5272476e69464443fd8451152112d012f789d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
43194
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame C743 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9046760296681&version=m202503100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame C743 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9046760296681&version=m202503100101&ct=76&x=8&cor=15876197263580099000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
ad
googleads.g.doubleclick.net/dbm/ Frame C743 		95 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bl1DMjV9WHYlQJEbYIpq1BUm1xe1EziECg-Dp-G6hbg-aGHjt_WzczC7lizsmh8qdTOv_AYAL13vpacuVypEodg5WS-kQwLO-DiDGgjCXwGqoejoxFJkI93Jod7LS09DBym4htLONRJDq3Va-Q5a1njmJ46JpS1NZu5WyCig5z4S7LQv1iMSStpalGdVwJDNRgRbOTyArmq95FnxMru-y9rIjVTtWa2tVGT3JULl2J8grBnlg&dbm_d=AKAmf-DNJ0mo6ikDRowGfQQryOLDVkq2SqhXxts2kacq4h1JfqsiXyKmf6WmxF8KICxbAn-GNYFdkAbn5pCfip3GLC9ysda1ZUAxJk5bRskazCKuCmCLwb-3Cv_ilz5wAHahRHSJO4GPRDEgW7rFz7BD2udNhlHI4Q_iB-06bHODv0AlI6x5W2Zok5r9Q0gcM-new97rOY8XSNEgjFJ62Xvw_HsNoiENHVlig2KliKEkNdxiafOoZr0isjtJ-xGrtMz5ptTSE3No_inngm6zz6ghcpbRcNRT1D3ObumZX6oDZ6N7VBuxnNjLLH7A4hkMMdLc6e_ep0Gt4JZ39p3X2V5A52VYYM-DQxrCjwHCjF5qOB6Vf2dnUqYcuxqD_5f2qq_IMuY5OO--k37QeXK0osMuS_GunbZSFs0AoIXh58E9pYpPxn8q7WFep3wsiQrldaqKfYgMkQrIGa2AdCFzyJWVAUuUW8B4Zuo8yIvcQtlDG_REt0ksn9_rpQtY9GTyHa201fdFjt-R3QjKkecOc1DqKmZDFqOssTXy8YvixLULaH_ay5DVuZimfpTB7MgDxwfSkh-t6d2b1qQujLqn30xUYRl4PhLee1oAU6CSMh7TVl68Prwh9yFaLbvQqIjdrTe5LGTWXJ50Fsx-hoAQCSBGsk-ttuPPbcBZV4WrP4bb4v82ct_oWIybnsg3UPSywwiTrY6sPo_Vkisjm-QsSZaV5eo8AnTSZ8IRfIN4AMuH60v7Wtqu4BuEMzx_iv8yDT_b7d90QijHYVfVIzxCa-iuwYvMpJE0XhwR0BYJSxUKhZqapbXdOWl92LaTDn2YCIDBfV6JBCBQx6yhLPJsM0lg3oyc7I5kKmIjAwJLAzHtYj3gt9J-8w50AeGSsz0IfrZJiWPQN4BenpCvJaaKubVZDK2DP8MnjD-sCAkfm6eA9MQiy04TUtCx048ZyEkGc80K9FpGYvrmBjSZsqmvYYG6QqOOtfcptswtxK43UgitSLjfFGZrp9VGM2JA3Al9W90cLXiHxy1SLXMcik7HR-6Jvpg1bAAPO5heoq_E1NWUuVjHfrQOEJbiImt1QpMTdWYlmjFX_w97cbAzGXB9OtcEFXl_qCZ_SFHYS-9VAWBrITUGUF1hVMn2hnP6WMoxjOdb0wV7xpmsHBUs1qH8XKxfM46MuioZkqCurgkm_xQg8AsOlRYiPKF-3KOMwunZ0RqYi5nUKVUUMAkC2FktdpayamH6NIV8_MVHhOw1-czznvB8BWSTYh7f1l-5k3XmAyyMLpkfUWwpoEt6acN47HgIEsuDQzgORmLWp3nk9zv33NjYklcoExMI5lzDnmXWwj6rasizFGtO5Pb9Als4FBLjAcvICAhTGYRqCPspn-EIFpDRkApVV_GnNeqMuH5C3O-e2BxGNRzBTU1xicFPbXRqcP_GSh6gjd0PpjcfKvN20BiAn8bELJOEdNtDMxoTCxME9V_DBX9_HrZo4FM6fiv99_8q14IR0BiTWAKVs-r1Me3C1PTPS1LznfogeeoozJzzyPnHJzGjAu8pW4HhdETGx2YABbQdsHKNBqKiAhoWkBrvbMzyxt4eut1dzSK6THqOGfGjzOZ6xCYuxUtFnRamg_uhR0OgIhWtC8pg-tmhUQVFH7Wd2QORwe4ZOBgN_UTANX27g6ekTRjls_5TI9vn39tMn2u8_fkabpr9IxQd6ERQJoOCHhkqwzk0Zw_yFiscekENV9glkM67vXhCfCQnvEm4AWJPeEGBzYBP-R6-ipfaChcAEAp1Lgacw9d68xH5Y7a6ozIIY6znXgC87IirrIdWhLh5_Vg93pRGIwHamMzMq-lMuh1OHDu2_JGZXBqlkNTb73aLs7iSqX2OLAzGsqn9gxWWpQgpVy5xXJe5R8XIrAg6SP0t6iLnaitSdLeUUrypvKWsOCj5RA4Xyfa72VZNFSObAgg6b-U11o8GE5ij6WnV0qWYSIAUsVBGbGpeaQFTXAAdg4yhxrD33Jhvnxq9DBJa5BvUfijcx80SvpXFpNrRJ7qJ9nxZX_Rr2Z1WI99uCYZj_kTxNDJ9BkW6JglWaNkfa6OdfnJHcHN74-YTdquyHRm4v45DxEDG1gcvGjsMVvHYRUfuOY8qpw3v4S4y8SPKJhQUb3QtLds7ZcjAdDbsQjMcuZY8RpFqCG7LO0o77BoA30EMahh4RqY2BF7UYEwZKphBx9LgiwYLOxhqspGlHm4zQHI_UkkmEkNgB8DUF_RG6Mz5zsIEGCuuasyUJ8tGka4ChUmXZbGzyhAZLbTRogqyB_C1_wQhJQ7vC5NfUtmiU65c6yuwtEQSnooMJGXU2X3PPuO5zSbWAcRMP7jvGXdJ3dTGFxW-H6WRUgSmFZkTNq3Nmx_drIelK9gRrQYdlz8bCWNycJ0uIumBNiWJvj7nWA8WfUQl7f2rXXWk0ol7aucqKdh9AzE3rgZMHW-3NH1AwNem51OnVtVHYn3CVcFyZDO23niAnrWcKBhmqiW4LpeqRyMc-5yguIB31YpSlAEJbXIufKIjKTTyE2f-hrtE-a57fi5cTtPGmwDI0rTbuM75-0vxpNN8-672HKqxr1EvjgP8uXgkhVBwO8MmeIl9wkL_bcD8TigAeEh7BLsVPJUNkJMNL1E1tarT2c_DQjztV0KomdYUAvBSHLuaLmzY872kmAKOg82kmt9tayPq93erbLf3kYon5t5kSZrHqgOj8VFCdZqiKgXY9_6FKkN4McMbeXXye9a5e5RAnbNqLhCN1EcQ3zTm_bS16y_5hYBvaHapuPoQ9dtif-Jq60nvt1X7Mj3_DFniRUC9YD2IK51uCW47trDbr9dAg1hhh_t4q0LB05ep1NFfrv12A5x9fg3sv31Ie61AHrWwSFLe8VDCIc_IVEXlO_axhcp0m-BSYcYtR8a85EvDSm2divM8Z2gfgGX1j_9WR-0M8QRnbr84n-BtX6ltYgmUBOJ7Pjmut5GQxy2x4xX-FzQaZmBTJxuPGtB6wpZMmijb4lUyusZK1YFRxmzeBy3ZSzHHr0QYnOipyo-YMTM8cX6Grdh8zbfg3VLZfb5H7dOD96EjPzBu6xJ0Qe7PD4oFH4K0g6d00gDyZBM9GUdl2v7o8UdI3t4dAtFRESfrNqOz0QRsm4EJgKi0sq-pcAgmt-G-RVaRxX0H6k7As2w48EOgmQS9p8XN-Ya0GfG5XSZYdIe7M6u4ROJXA-J9wFXJTtK2HeFzWkmjFjTIOR72xYrPTvvOESlunz-eVf1PR3rkXKTbL0T2OB7TJwv9PjdAUF84djjpbprR2XIRIr2Vg8CSLELYSxfVd2JXJt1zZzx776a4oyyoPvMvUQIwmUzZ6JfRzSTXBv56EneiW0wetL5LW6rWe0w1yAPoFuu-rJ6i-RKPPhQmFNvgFcnwjfZRcHdHRTRnWhJHCnRpdlL_AZcBQMPg2kWuHlIUVy-2VSxYmwUB3bYz325yLePPB_-wGHqL8YQT5w6o3ylfCMVYs9Wi9ITaCjHfvrE82BzI9GFTdhvKrzzEyZ-AuaBiGaoyaTQWZxI9S7AZJtBf595gDK8AAtMeP_h_NfB02gDbS4pJs1KWTQv4rXBtRCpBWRh0RgXrn9QKoxUWzLkY0FFYsi4QtBDRWYu9JdnXeTL0TocJtGMbSj4cEo8bbJLbL0G11vsg4S8RVfSDOGXDmhrMvBIkbOgiIBjGcjIN88zK3zegx7PfCm_tVcRBk3QhZGtBhxr8UWoc14MVaq_DlSzLrYRTdGruI4XOlCM79lzwVY5Fj4blU3MWRy2mECDlRqRGZt0kDa-B4t_iqaySExnFx5LYLy8-zRJzGYWdzKG20yaRMj9Wtw-qSwtmlLif-zeEEuCACiuYGPD10H8yv7rvduUp5rmzcEkX6YpymnEgFDpSgyk-WQaQaqh9bIeXbG59ud0wG6TZ3c7xjOtuc-ukYcybPk-IG5L98gm16yyxHpBzqJkLhl5SlQQBg286xc90RbbWhtbd7cVyWGCdOlyXu9JOZonwniWQQkfi6WawHBb9kcfV&pr=8%3AB7C0FD9D8E4971EE&cid=CAQSdwCjtLzMiIxrysDyEQU1_AYzJhhCbtTzplda516NiQqIZ10X26c4TG0slyVmzZ89FANyzepjP6gQYzIs0JFiHKLihN1JtQsEkaeIoLHC8BZSs5MBUqPxGkPIcF3W-TqjfmHn7fC2_H2t_vugGW-RWXOKdsf82HX8GAE&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&dv3_ver=m202503100101&nel=1&rfl=https%3A%2F%2Ffaces.wtf%2F&ds=l&xdt=0&ct=76&iif=1&cor=15876197263580099000&adk=3635642089&idt=100&cac=0&dtd=28
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
91b5f5acff2b7b91a2ac573a7f634f8fd66f2645263995902ce2b53cbc600289
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
43200
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4659 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8274178825948&version=m202503100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4659 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8274178825948&version=m202503100101&ct=77&x=8&cor=11895251376072990000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
ad
googleads.g.doubleclick.net/dbm/ Frame 4659 		39 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D51knpsnQ73bMiKr4vrhiYPSpxHP2GlCxpUBOHdoXCKtqrilGJWI9zdpfz2am3Ekh5Y19ZbGX6lsRplaQt1O1uyTI28dup91ijpaIdU9SuJ0_ctop-9MH0zbpJks5oiH8_OHCdiRuIBbZOuUbqWUmpdWhqtPP8JshZ7pMFW9_p-TE8fBYV9Gi8mkawEoIh6eU1p1GQW-qritnXtPFieaUQ_rnXEg4DeJ1RNlQHFzVia5XC5M8&cry=1&dbm_d=AKAmf-ANLw9IfVmHxSjwujQNZwqVRbFRPa08XWVhwi7YqSF_f64OkqNsQH7iXxQWe3UItIRGis4_BHdDSC-2ZnU-tZuFuGd2BVF1nvYJXP7NE_O7Ez0vLUAZtDBuOrr_00nXd7YYP_hWspt18UkdS8eqncPN7rajuVCqRu8oTdv7urkAJWxZPxrYruivdWt8bpofyI6I3HlvmnUDZLuNJ-ZaTvq2VZT_pOXpb4x4d3UdsZG55GkdZFMzLPvyW7ToIrSYAkgNxOUh0mLRxn8EftwNzwNlf1-eF9s8HzPnWwDllWf6IxjqGltPKJKK6Igmq1uB_CRBJJWQ9yR8zIeyiFaI87RjgI-SRRfEFtt5XlUeJSjZ0k9p_RGEjKsEreTjF9Vo1J3Npuotn9sz2PX5VTBL29dbLnEliDYwOcv6V0EaIXX8dj7W6uLafE2MM4zTSuSXI4FoQvahgEHDaGwcZgaUqPchLhowmahHH0n5ghgz-4w9_AZUJzYJmP-oXft6-CKmLGMf1avsebrdEja_yL9tWEzsEU3NvHfjH1R_BMBaZvTyfjdfxW-eUGrl1qLRs4fqkBf-4LewQftzsTytPBgFkHmDabeE-dE75qaY34lL-Py7-XMLevOfQF9PucGMXzdcPIqUOpDMcaSVsX-ZAwk6-3847XMyD-rSxoHIW7SBcC2RXfhfMB4w6BWupY9GBIffjopJ95LRp49zZxbpw8U7hCYoKQ0rtsE_7k50rWTi_HnumkC_H910AnJYNF2zvrNiLIgHTme0NOxek-LZ-ur6sgxasw_i6bmtLzxW_t5AZ5z5rx1CvGGPtC_hCJ0z4C9UExRMvgua1Y6FsOPSwmxqvi5F9FzyTRFSeVQcAq2F43aLRWf6wdpgzqoJimfLaTZDfgmyZtibghSoUrb_m3AIKMd_ArmotobCvJJ25dzu-9MTyH0gRmgCBKxaj8GktHAXAG7Ct7Cs2CfDS01vw00syQ4YCRsaDwyLX9uQrlqsKkYCUxybXnzCM5abWJJ9pDWXWvniorETYBxJgmJ012NpUCtKz_uCHjwcetTw1NARZWy48tJla8oEGia2mx5O02lvKDvrZ1rIRIpGbmlH5zd1qZKkMECVIi_MOe4_s8eGdXStheKbpc5gQEmyWwnfzxng2Yz4WTFMmIIupj1OS4xdFZhmFpDzIDIcGrtO2PF3csREdmBxW7eRvR9fH0j1yal4SNfL1_D5yZL5tZnlsCZUzdyBXv9U8cj8fDULLYx3FU4II9jFLW6mTMlUv_j0ZQVOntY-41KTL-w1pd0mYrS9DhScaa8BqKgS1yiGWJ4clW4rJOllQ9DKmQsP3JnpDWFcp6LZtTN5QBfcx3DG1d72Xeg8MYlc07p-SAHaQCWIEM9yR9KnkmJiNDtW8GvBzZhfkZBgHsvZPpmGEPXbJ4kF8HjbvCSPCfzPOzKG_hrkGrJ1ExVVVykpoOjb7YlonaKcVsAXyN7eqD7CSNDALfBmq83fLOIGMP_4QrqMTGL2z3a8Uaguy9dLYKkC1TqYDLjrLEFeDU0AW47wbKQwf-PjNFhcUWa4ujICqOcdfTzrDIA-tIV6XSnXkJVKHgx3pzQy_XxBBL5Uhdies3CKEnVBq7XDK_wrIRZtvw5U6G29dXWRWyUrc82_J4Qj6GFichgSzykWHs-XmM7ZQT5y-bt9WDeKJjWw7NBu7mo0OmCNhjqkur1r7oAbNu5KCJBKbC5g_PxueVggjz3Y7rVkD7Ux9KnzUchF1Q1DKgnCIvUwgu95wOhJn28iqZvVfsZQSEv3UisjNxw0mCd13ATRWnEPPGSJ6cRMLduZ8_X38fJ_4iMlFRpHIhOXjrJrAaMloyVxW0qkYYmZvLhaDTz2-kxlnbBXTjD3lCfOcFfhDL4rrPwwxF64Pw8U3T08WBcWkQTbSNqdMXllJPTy0QeK76ialTVade0O4ypzcXPFGZuxpgbvMmmzbbQsrkCs4_c2f2Hc5JV-CKhc1weWrE1Z1ShMIAtSOd2ol45MAuQmWiIsb7YGmmxUa06VzYJpaSn4ECpmZba0kp2c2mUnkCBxetcgD2ku7VwLBad_nN2u7O9aUYfWTzQK3EDcyUz4LRfSqGTALKnUnFHEvHBumQSN0NjL1CLN53ZF0aSlfzGp4gdlPo0-LSfU0WEtGcamWQtKpDYN6e_TlfdAhC0EIOO7FkQpWajUuZZCDQQkCaoDE9e2zD8JqRLgg2KmEaaRCs9aB8uqtYuff4WflEodRP3zbfJ9JQLH2UtTYeHoPgcg_wjrU6-PhwwSuxreSsr4eMPyEdDROjJ3IcUXeoSXaQOhyp3XNjfNVzZolLnbHAMlBCaWoW02MZP9TjLbJ51lPDgWD7RXNFRMXqk0cU1yTmClqgEkfx_FGCg1-piEpJAk4W_Q1uViJIYRzRAMr2FI4CbaYuHWOJARFe9QfWULEqVqNrSl0Z8cCHsTIuvTA7-B9T-TCsDcfIMt4wCPjzA_ECmp4SjHK6FrW3sO42sHMot_XaxSfWi-dhA8SMgZGD7wCbbagQaeEcColV5DvAAavsE3zoQXzJd4tU7BgZEl4qwDH2jB50Yiv5NaxYafW3BC9ErZ54tA7wl5Xu1IjliuqLSaZJDaDu8eALN-LG1Sm10KosQRHPRHjdFasOofiWHDFH4BcovPF-e4_PWsjCkobOLRymbpdxMFzHzQ0NhCvqwBC17z1fuxWGiWj9cwlxD9AnHwxd8DP3bQ5Vn7QASwtU7dx14pdZ-b2fWpoom-s_OX90BzE58hrzkhKvtlRziWCbWQRVIyBUwQpVk6POYupHrFUrs2UJqGqsGgWnC3XErgW4TKNfAc48BcVLiSvdaA0RMbln5B98lD5qTBKvqHsRo4WW6dlYj3lnrZZV4cl97WQwJrw_7JG_Yw7igZ2L1udfLtS1d7GmTDoOMDUXROjPJV7sSBO3-BHyE4foJYFEuAsQb4zjXzPAiNNY143QRpokA1IZ7mISD8zRf0k5FqYsuRf4CvIrlTXnO3-6btKIWbyPOGmSEjDiFnafzzMLnQUzUisC-rIv5fmxurmhiELaHLHF6dM76CtNeggpJuXmqPhDoW0OtdsqReTlgIhA77QjedNZI1vOVRHoi6Wkmh_iTUcGCXWEu2-nmNeN92I-IDezS_mVx5TzYeQ7JWF6YyO6yyL1HqrAdi9CAp2M3_MIe4HKJ1Yke8wiys4gGgJrH5qZKjt_xf0U36RILoEa3Vf7Y3MZy_FV755eEfckBUvLj8V8RVFB9mbFmInOJ1SSXN3LR8Jq-OBXtITT6aGZgHopUFQDwK25QThSdQM2U8FGJYBCV9GP3dthIRC_h9wnkjz4_SCG5LyGTpgwTsD0p8-3TvOz6AdqR5Kta6BCbiUbTU1cNziRttcaDKaXUvbxybRC1QS6hFVPRKEmGCDF-Gn0unetw8CywqCVNpJh4xHtEGh7ZC7IpRrAZFySGJnJxVNMDYrq9NVgE6h6uJWJSmArWUZb7Xsn_EK_zU0qcf29tvVLg9dntjHLBwul10ivG7gMEV8wTU5ExOFhKUU0S9428rAZTZZLdTRdaglkRjI4W4r6ZEOHzVUIgY180nlbuiQBKPKFhjaNo_3UdS603lGJICGNXQLP3nzAUkdkm_L3jOf5xfCn62dKycGNHrmaaZrEsWGm2GXZ-8os_zwiWWn_MQaQfdkqHjOokvs-QhcpDakCNQc6RcazdbIq4QXFnBFBabVSpU5lfnhf06OullAVd31VRUxIdbMnctCSqMGFtGPQnW7_NcP0k5ubbpm8mHGjaPGtW4HC6q2ivsw9FCb82KBcGaQI_MqLmDsg4cPcC3zJnZEsISdPxHJ4iRoqphtZIOqD44eqtBSvhgV_kBOyYhq2gM2IgcrxDpj07zvCSSNI2fSGpxU66r4hDp37wLE4NsvEsWaYwzuuLC-l9qy505mg4-l2XRaax7ByZozxY1vXSGvgGtjifhgwytk3xpnJLBmNrkszGa1e_VHZSu568vepX8v6P_kcemV0bnXnbmRljMSV2RiYsL0Mct9o971wN5ENUFxlf5Jj1ZtIGIr-HKbeFpmzd27nI&pr=8%3A1FC18E38CB249224&cid=CAQSdwCjtLzMbmTnEixV5Qi58FMhEFZPJba8SgxOaBIWPUrTbwagCGKGfSssLgJ0hYxHMFOZiRIj3149ttWaw2cH9AUSlBvy7XUDwT43GMcLrrpWyIYRwY98BqNfw77TUusRL5CQTLZOWi9E5ABqdHWV_36C2S67ub_RGAE&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&dv3_ver=m202503100101&nel=1&rfl=https%3A%2F%2Ffaces.wtf%2F&ds=l&xdt=0&ct=77&iif=1&cor=11895251376072990000&adk=577841541&idt=14&cac=1&dtd=29
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
c0e4be83a8ad1da161811c1ed91191d795be6df5205734f136f16b3696641df1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
22305
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
placementscape
edge.venatusmedia.com/ 		0
39 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://edge.venatusmedia.com/placementscape?u=603987fb-10c7-4a79-ab1a-2f2d52f9a11c
Requested by
Host: hb.vntsm.com
URL: https://hb.vntsm.com/v4/live/vms/ad-manager.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.42.134.208 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
208.134.42.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-allow-origin
https://faces.wtf
date
Thu, 13 Mar 2025 20:49:15 GMT
x-envoy-upstream-service-time
1
content-type
application/json
server
istio-envoy
access-control-allow-credentials
true
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20250312/r20110914/ Frame 4659 		27 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20250312/r20110914/abg_lite.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
6aa6a6d5baa7a5d25d88841a94b8bb45bfb62d676308007bff29ff8cb86eac8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
17083116147823517734
age
8845
x-content-type-options
nosniff
expires
Thu, 27 Mar 2025 18:21:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 18:21:50 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
10490
x-xss-protection
0
server
cafe
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 4659 		218 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=r20110914
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ff2b0187d0c36b98f0f9ad514d1847d532fca35baacea186060a53d145d0abe8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
13704936925994429
age
442
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 21:41:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 20:41:53 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68836
x-xss-protection
0
server
cafe
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 4659 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
age
2579
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:56:16 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:06:16 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=3000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
13937
x-xss-protection
0
server
sffe
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTc0MTg5ODk1NTM4MjM0OAogIHNlcnZlcl9pcDogMTQxMDM2MTkxCiAgcHJvY2Vzc19pZDogMTIwMjg4NTA3Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDkyMTIyNTIK...
ad.doubleclick.net/ddm/activity/ Frame 4659 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTc0MTg5ODk1NTM4MjM0OAogIHNlcnZlcl9pcDogMTQxMDM2MTkxCiAgcHJvY2Vzc19pZDogMTIwMjg4NTA3Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDkyMTIyNTIKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL2Fkb2JlLmNvbSIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxMzA4MjIwMDk4ODkxNjI5MzQ5NQpkZWJ1Z19rZXk6IDk5MzAyODc4ODQxODk0NjUwMjcKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDI1LTAzLTEzIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogOTIxMjI1MgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fTU9CSUxFX0JST1dTRVJfQ0xBU1MKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTY4NDk0NTcKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09PS0lFX0NPTlNFTlQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQwMDQ5MzEKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTkwNzk5MDUwODAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA2NDUxODc1MTUKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQpmbG9vZGxpZ2h0X2FjdGl2aXRpZXNfZm9yX2JpZGRpbmc6IDEyMjAzODk3CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9hZG9iZS5jb20iCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9mbGFzaHRhbGtpbmcuY29tIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vZGVidWdjb252ZXJzaW9uZG9tYWluMS5jb20iCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3ODA0NzYwODgzMgpkbWFfcHJvZHVjdF9pZDogMTIyNzE1ODM3CnhmYV9hdHRyaWJ1dGlvbl9hcGlfdHlwZTogWEZBX0FUVFJJQlVUSU9OX0FQSV9UWVBFX1dFQgplY2hvX3NlcnZlcl9hY3Rpb246IEVDSE9fU0VSVkVSX0FDVElPTl9VU0VfQkVTVF9BVkFJTEFCTEVfQVJBCmV2ZW50X3JlcG9ydGluZ193aW5kb3dzIHsKICBlbmRfdGltZXNfc2Vjb25kczogODY0MDAKICBlbmRfdGltZXNfc2Vjb25kczogMzQ1NjAwCn0KbWF4X2V2ZW50X2xldmVsX3JlcG9ydHM6IDIK
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.198 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
attribution-reporting-register-source
{"aggregation_keys":{"12":"0x591ef8e7ce6a94c10000000000000000","13":"0x4aee64ad422d84200000000000000000","14":"0x56573fb82a334d690000000000000000","15":"0xb17443bbb9e105520000000000000000"},"debug_key":"9930287884189465027","debug_reporting":true,"destination":["https://adobe.com","https://flashtalking.com","https://debugconversiondomain1.com"],"event_report_windows":{"end_times":[86400,345600]},"expiry":"2592000","filter_data":{"14":["12203897"],"21":[],"23":[],"24":[],"25":[],"26":[],"27":[],"28":[],"29":[],"8":["9212252"]},"max_event_level_reports":2,"priority":"0","source_event_id":"13082200988916293495"}
content-type
image/png
server
cafe
usync.html
eus.rubiconproject.com/ Frame 3B95 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&gdpr=0&geo=na&co=us
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.141 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-141.deploy.static.akamaitechnologies.com
Software
Apache/2.4.62 (Debian) /
Resource Hash

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
224
content-type
text/html
date
Thu, 13 Mar 2025 20:49:15 GMT
etag
"10d-629840acea280-gzip"
last-modified
Wed, 18 Dec 2024 04:42:34 GMT
server
Apache/2.4.62 (Debian)
vary
Accept-Encoding
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4659 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4659 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame 4659 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsujl3ynLvuRIKgRlf94tZxdWCmGcXvnAc3VnLKl86CB_Cv9Nuk9e9TSXj0bdBNs5_52cHuuiEdbXTb8bOJRL2X-OyNBsNLMuOT4v8gYrJx0Ds_FtihIPPsOWPJYewDCNYBbDZR4fW6H7HjGcCbXoyU4YZFoT9-PdxffhcFBGbf8zmnD4QmyieuxAi52PgN7vkCH7kBmhydKDXYxD26eT2isoF7mkBYdJUODxK2HL21muoPTyudv3t7ysFhTeQmdOt4mHzqEg5PUwKMt-Gx5-vc5cGtn_ZXmrOPWQbhtBdMClqCO08_dGGvWChCYOeIZCKFegXDK0Sn0kJwxQsKEraixShSbYPH3d_JeZE8iM49kmdRYieTT54bW8OOD6PhZoU7RhQuhtAC6PPLPv0NEpPS0sQLUc2_v4kL7iIbVy8QMQgKasjxNypufnhMkdyqxTi3ob2recXq7&sai=AMfl-YQTM-PIwhNwpZ2BD-lNnzHbA5Tvmqlm7xfO_dMmSfjTgLcIJYUUN7mBHFI4zqyzy_cgn-zZK8y8sJ6wKO2yD_X5TV-5Fc6OmXKGxP8ebzLBnb_2PpcX4d4zi4DmeJGTwXMsywQPgrMuFJ1F1LI&sig=Cg0ArKJSzJcSn4egWPJREAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:49:15 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame 4659 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d136112aa20334a0cd4b49681984bdd85ed74ff587def5f5a0bcf817be0ddfba

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
/
servedby.flashtalking.com/imp/8/225407;9356627;201;jsappend;DV360;DV360FY24AcrobatDemandGenLALAcrobatSiteVisitorsContractFeatureBAUUSDSKBAN728x90/ Frame 4659 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://servedby.flashtalking.com/imp/8/225407;9356627;201;jsappend;DV360;DV360FY24AcrobatDemandGenLALAcrobatSiteVisitorsContractFeatureBAUUSDSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https://faces.wtf/&gdpr=0&us_privacy=${US_PRIVACY}&ft_partnerimpid=ABAjH0isI1niQ33VQISvYv2jW-rz&ft_custom=ABAjH0isI1niQ33VQISvYv2jW-rz&site_url=https://faces.wtf/&pub_id=8&sup_platform=8&cachebuster=73224.862916623
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.200.197.55 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-200-197-55.deploy.static.akamaitechnologies.com
Software
prod-xre-app2.ash11 /
Resource Hash
8a9c2bbaedf13fea94a2c570720fc76f62b29bae26d665d63091eee19ac3749c
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

Strict-Transport-Security
max-age=86400
Cache-Control
max-age=0, no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 13 Mar 2025 20:49:15 GMT
Content-Length
957
Allow-Fenced-Frame-Automatic-Beacons
true
Date
Thu, 13 Mar 2025 20:49:15 GMT
Content-Type
text/javascript;charset=ISO-8859-1
Vary
Accept-Encoding
Server
prod-xre-app2.ash11
skeleton.js
fw.adsafeprotected.com/rjss/st/2388769/85746127/ Frame FD9B 		62 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/st/2388769/85746127/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1019977296&ias_pubId=19116&ias_chanId=8&ias_placementId=22224013572&bidurl=https://faces.wtf/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0hM5HuQTJ46FaPZm1e1-tBr
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.222.35.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-35-228.compute-1.amazonaws.com
Software
/
Resource Hash
e9c08fd037ef642e1df9c0be5435c423f4fec4e3455bf05b30f932e45014fd34

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
access-control-allow-origin
fw.adsafeprotected.com
date
Thu, 13 Mar 2025 20:49:15 GMT
content-type
application/javascript;charset=utf-8
vary
accept-encoding
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20250312/r20110914/ Frame FD9B 		27 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20250312/r20110914/abg_lite.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
6aa6a6d5baa7a5d25d88841a94b8bb45bfb62d676308007bff29ff8cb86eac8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
17083116147823517734
age
8845
x-content-type-options
nosniff
expires
Thu, 27 Mar 2025 18:21:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 18:21:50 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
10490
x-xss-protection
0
server
cafe
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame FD9B 		218 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=r20110914
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ff2b0187d0c36b98f0f9ad514d1847d532fca35baacea186060a53d145d0abe8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
13704936925994429
age
442
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 21:41:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 20:41:53 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68836
x-xss-protection
0
server
cafe
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20250312/r20110914/elements/html/ Frame FD9B 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20250312/r20110914/elements/html/omrhp.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
39761e2a7cb0e42a8b09fbbf0d2c4cd9fb0c1568c045b1c5e387177dda8ff064
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
5098607549323971572
age
8815
x-content-type-options
nosniff
expires
Thu, 27 Mar 2025 18:22:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 18:22:20 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
4393
x-xss-protection
0
server
cafe
view
ad.doubleclick.net/pcs/ Frame FD9B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjsvMQzmod6DJuWgBuYH0kZEkq4AsUdLJOQx1mW01P_2P0MMSpDCzrGx9igBrXuoHGAn1rA3RTWip-JqqDOg9VhzzbT0kkaVzWSSXFJLEkakre_x19aHodzZ1GTtgYVHt7JFtT6W3jOeFteP45omlaLoQ7UHoyU9qkzvW7uGcifRjmSEK_h5tsKtS5lyZW4SsW1UFdxuHMyw_WAS3MsH3Qwf4jZCviHNpA3_j0jKW7NKUe3nXuVi6LEEbkVzzsuYhcWb5AbPWNlR4OZniAcAEQBtFv00B6NIpVqqXYJ1QZf25CdZi_k1pLIVMWw8jV7GjKSPs6Hv7oyT96SHg2YSySSEh22Yn8jwsFxeETfbthknMk2j8LsHqnb-Bg3s8br4BpKaKWGCy74OgRBRFlMPmMinInoTdIDBqTwSynVJJMKzb2u2gXgNWO6PA0r8QRpqC_VOQVL7j_UNqJW7lVX-WkkUqOe67p9e9vpmZOLw6CfuGbJUPwB5QKeyDrlQsdFvZGeSCimBZ91KKFxSy_NQ66EMEpK8Ow0tfARq5tiHnc6VQxNMJ9jgHc8y4HdGNDFFT9qHjs06Y-z-cbPbr4SQF4aUjtVuZ6NuMmBPgAu6Ha2Ys4cl9rWn88SFSHdsBwXb0GP9pOw_v9-JYKxmNcMx2p9ue1qiKP6o03fjZe39psqPhSvDsfo0D88TddoLyDIJvY9rtXWic-DT-JzzcuOs9H8KTcFK0WbnCGx5MsQKkuJ8utOtm9_fuU1IEvKXt2ga0ko-8p3ZW8Cp7PiiAwpdAYtRikkw2BDzsZBKKq0pnTq8qUauC7qm29Vtzu8c4C7NYPPrLXgFjTuy84y9vLebRQMYOzdRjRINDnxQMhUYYHxirlnD6dzKYn7rnD3G6-qgCQlidOyKIFKN0Lhzshgrz-esXpW3eXQxjumUHcM94Y7B3YUvWdFYcnK0uPqby7xhVSiuIWg5P--n-bpB_ZdEN7yZwCet9jxd-L8_QpA16W6B7azcfp4LfomPn4ixUJYaf0OEIzKlRdq_3R3zo44dwgIk0iLmRMMXgW5Kt6Js8xKCdawKR5nVlQL3pYC2oJtfcgzlC3EXTcGbvWISZrLoIXYDdRY83k-54Ze9FP20dersGDtJun1SuWBd6WgQ6KhpREZlfQuDq_JU84AmKrSIaQXtSOSP77WRQPDWhd8vWCmfZoT9ctXdExO3ot3vYYdlGgcStlyA5yMwEN1FnuJqnaZX7HMQTiMas5_M1bU2TfQE799bqT7YlnPgu1RKVj0pjgTu6cfYq1Em4cFxkpLFPKxLuUEHWsO61fQKqpE1u51PbQ2cT5L4yVU8HbtV821BerxWnyKaQfD7Uvu9QJ0jU-Vzg4K0q2NZ4zIqcx7_c50e_vecOcFYjA9Y1sFNbM5BiLfJxqu2JSGkmJDr6SlnpzFZohvLnloZj7tp1uk9ClU5w5NdXzV7JbsEfxWsVfGJc46VhYqpOo8HmEvf4g1msvgagBB2YPGc2UL8UsAAStwWBMboGlD51I8upWz7Xqsrn5StL&sai=AMfl-YQWEDlxG1owdguTyIHnIHdRyjj915nOvt3l7tCdfhCKTYZ4AT0LEjBHW9-iOAfiZLzVm4lb3rnTpXsuQzbXJQCqqyAbl5zfDsYtMVs0ysmA8_VU0sEbUDSWkkDseB0nuQ15nY5SPc2IojjWCkXrziaqI50uQffXTHVoR590qJm0iPHESYtMDKvaVZ11Ey_a_L0htoPf9X58JKn5_E3bEdzxxVKxnC0EzR0ga-VpBFkhVTfjpHAyZgvNCaRZj89M1ncmwZMhh6e4WVsSMURymOghDDsgHDnl5IIFmIEb3UjHFV_Jv8J_1qqc43m6YRTjMBC9-yd5zg92fjD5szbJy3dNlzkMC2Hh0jc37mEy84n7tc5-302393d1Qivtlg9pKyickjif66NfdI_c0abqDmTtPUEszo3EaN3lvhwF-aqyZL4HM7dsJHrYxCbbE73gePmmtyFUKOjt1JjIaDUAEmdZuf2zsd-T7HZcLtZIxw&sig=Cg0ArKJSzI68YfUSWz2uEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9jaXRpemVuc2JhbmsuY29t&pr=8:B7C0FD9D8E4971EE&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=6&cbvp=1&cstd=0&cisv=r20250312.60129&arae=1&ftch=1&adurl=
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.198 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:49:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Thu, 13 Mar 2025 20:49:15 GMT
content-type
image/png
content-security-policy
script-src 'none'; object-src 'none'
cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
x-xss-protection
0
attribution-reporting-register-source
{"aggregation_keys":{"908695404":"0xf8ea7ea4c24f72ca0000000000000000","908695405":"0x8e7def4b50f894180000000000000000","908695406":"0xf78f24e06b2bf0030000000000000000"},"debug_key":"17334632180827020113","debug_reporting":true,"destination":["https://citizensbank.com","https://collegeraptor.com","https://debugconversiondomain1.com"],"event_report_windows":{"end_times":[86400,345600]},"expiry":"1296000","filter_data":{"14":["15935329","15990098"],"21":[],"23":[],"24":[],"25":[],"26":[],"27":[],"28":[],"29":[],"8":["8253365"]},"max_event_level_reports":2,"priority":"0","source_event_id":"4270070003506532571"}
server
cafe
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame FD9B 		41 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
age
2579
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:56:16 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:06:16 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=3000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
13937
x-xss-protection
0
server
sffe
12836242624911237659
s0.2mdn.net/simgad/ Frame FD9B 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/12836242624911237659
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8615fdc7b000676d7def55cd5b9705160d59baa15f422fe4c3b20550aa2aab3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

age
112388
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Thu, 12 Mar 2026 13:36:07 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons
true
date
Wed, 12 Mar 2025 13:36:07 GMT
last-modified
Wed, 19 Feb 2025 15:48:30 GMT
content-type
image/png
cache-control
public, max-age=31536000
timing-allow-origin
*
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
22890
x-xss-protection
0
server
sffe
usync.html
eus.rubiconproject.com/ Frame 1135 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&gdpr=0&geo=na&co=us
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.141 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-141.deploy.static.akamaitechnologies.com
Software
Apache/2.4.62 (Debian) /
Resource Hash

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
224
content-type
text/html
date
Thu, 13 Mar 2025 20:49:15 GMT
etag
"10d-629840acea280-gzip"
last-modified
Wed, 18 Dec 2024 04:42:34 GMT
server
Apache/2.4.62 (Debian)
vary
Accept-Encoding
gen_204
pagead2.googlesyndication.com/pagead/ Frame FD9B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame FD9B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame FD9B 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a52b777a2a4df8c0b51a2ae4e3057556bcca947c3c504020e318b19e21bda3f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
skeleton.js
fw.adsafeprotected.com/rjss/st/2388769/85746127/ Frame C743 		62 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/st/2388769/85746127/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1019977296&ias_pubId=19116&ias_chanId=8&ias_placementId=22224013572&bidurl=https://faces.wtf/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0g6wEQB0ZtEPt6cpcjN1jx1
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.222.35.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-35-228.compute-1.amazonaws.com
Software
/
Resource Hash
0e3c1e60b5beba864a47f9bf4d3e0ae8793c34c979c4b3af69ab143ba06c773a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
access-control-allow-origin
fw.adsafeprotected.com
date
Thu, 13 Mar 2025 20:49:15 GMT
content-type
application/javascript;charset=utf-8
vary
accept-encoding
12836242624911237659
s0.2mdn.net/simgad/ Frame C743 		22 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/12836242624911237659
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8615fdc7b000676d7def55cd5b9705160d59baa15f422fe4c3b20550aa2aab3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

age
112388
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Thu, 12 Mar 2026 13:36:07 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons
true
date
Wed, 12 Mar 2025 13:36:07 GMT
last-modified
Wed, 19 Feb 2025 15:48:30 GMT
content-type
image/png
cache-control
public, max-age=31536000
timing-allow-origin
*
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
22890
x-xss-protection
0
server
sffe
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20250312/r20110914/ Frame C743 		27 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20250312/r20110914/abg_lite.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
6aa6a6d5baa7a5d25d88841a94b8bb45bfb62d676308007bff29ff8cb86eac8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
17083116147823517734
age
8845
x-content-type-options
nosniff
expires
Thu, 27 Mar 2025 18:21:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 18:21:50 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
10490
x-xss-protection
0
server
cafe
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame C743 		218 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=r20110914
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ff2b0187d0c36b98f0f9ad514d1847d532fca35baacea186060a53d145d0abe8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
13704936925994429
age
442
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 21:41:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 20:41:53 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
68836
x-xss-protection
0
server
cafe
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20250312/r20110914/elements/html/ Frame C743 		12 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20250312/r20110914/elements/html/omrhp.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
39761e2a7cb0e42a8b09fbbf0d2c4cd9fb0c1568c045b1c5e387177dda8ff064
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
etag
5098607549323971572
age
8815
x-content-type-options
nosniff
expires
Thu, 27 Mar 2025 18:22:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 13 Mar 2025 18:22:20 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
4393
x-xss-protection
0
server
cafe
view
ad.doubleclick.net/pcs/ Frame C743 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjssgL8WWnkuKRmJ9nu30SLkzkLTfndVESL47eeRGvh3S0XfQwTsmL9kMkoTrFf0lYGkxxnw4tF4EN04s6KRkkGtb4gCJJNttVs3EyKIkVDPHWTuSl2bFxl6iQZVuasmgCJpH42C1uFgEsEowhr07XWuX3hCaj865WjkD-odAfsj04xehn2zEsiyxIkCmuGQRPB3ya0J2B_YEM-bnXoTfZ7XJX2hTdsuffKEr7i3GBu9RijjGs4VA5LfY640XDePq4eYOMxGHFDHeqEsBJzQTivIwQcFmfSij52gmzJouelsJ17UE75ylNfC6T8zUG7qlFTHskiaJUUWF6V63HwweM6EJe0rUWk-yZH4-WvgSvVaEFeH0eTN_32o2XBAuoqPgkjdA_wAIQwSA1zotUCNWcqwdL6JY0N0_bxiuAiN7O9qioC3gPr4YJJCja10XHgr-xw-KRJs2PPMjyobhPVrAiw9s86sqC2pPCKlAd2II03dXPHSb2GyXesgJ2nSOvAXEj6-Fi2mzXcXV5CipjLv5SLMCmBidn7y9L-HRDhQ0bjkSbJ6YbZkbTBzdreqDDXa8HOwOIvdIfDknvVdfxLzMAIRIOgDkf22c1Lph0FnWXjPQKS32aE5Y1xQgduVIUpKJ5Gzftc9IDyn4tZDeAsl62SHMvU73s9lcZqU_PoK0i6eIQlPMz4O1Bkj-HAYWk1TQDeX51YL9KZjcucN9Ed_1jfXgu1lwCnaHaFV4m7F6957JT6E6wy0Zn3ZjUre64EVPdIsbUcvcLv_HL8C7-Kh4n05Lxo8H541cAE31vsAIaXbDZ-q3g_FCxenUDWxAezHZHMPcuQmTjqmR2Yg2bqC_DSmf91Czh0aD8RpO1BHmspouGsWHMLaU1s4I2nRQWcEvwN8liQmepvEL24bGYqpGYf8l-HzGA48CUsHfVU4UnVKlDrNBjfbAVJGox-jPBJqZxmtBf0Qbn3Jtfb1VsWS8hlxoNy09n6wsVNgSi1Porh6cnsR7XINvpO2W6a7qICsdf6CXv_AdX3Zb4T8faHCt7nY5dwRtYC2ObOXrTugAW2x1lBng5LTFsrDc3MKtBM8RlMhSy5AftgPj8L8zPy7OtkgYNQhfHo2auy8VfcMX-CTDoSRCH6AS3-7nt06iBiSkxpvkv8ZVvqp3pe1Fb5VozsqvWKDAdp-JY8CH7AeqG2R1-cjAW6Qd4uMMSFHN4TIVofgJYP9kxb16exyb26J4AG79rrt5CDX7e1KNVk9qppa7PebTLG8hX0BQaA19MmQyyvaRSR3JjTqCfcdPEVCFQeHvhttGSDSlj0x6mAa-4PC_HHj4Bvai3W0Cz8QKWwjLuiroyCFoJ2UU5MtAZ7dyqL0bZP2PBqQaMBMiI6oX713J1SnxrO_eaIp7gJtqXpPypjut2di_CIbFBJFM55vQalf91JvRkeC7ApKidvgIKmYm3aA5wPbSKMsi3csDc-cqMUs6fiM9KV3D8WyzgRaq5d3piNO6857wIZDcwC6uXFZGTYAMzsDO2rOmH17T4Z42KJsz&sai=AMfl-YRuAz8N_TIR8RjYgzGkTRz4T3_KbiDpg8aFkw9nJZeLVT3ZZJnlqlTMjX_pm1xpuh2SQdWK6NekUlf7L4hIg6zP70fG5tixTWLapnxGLp1cQbR-vZS9RKbm_2zITs_z275QMu-vPsTnjde_EDop0zteZt8TxdB78_2Hp0vhy8MiSlDsZYA_hsu1itoWlNIYzEW7AFlwP8aHbNMbEpwz5_m4nlSpvLcXGb1psNcEztPTQVFieBfbe0QkRP2Dcbl-iKO1Zt-no3PuIxJOMOyXAI3vIETRtmKYZnBs0yz9ynB6GOgVjH3xMMZkReRIKd7H7AGr2XWQpfiFhKyiil4AhQkPKnupuO5qp3JIJ78auBHh7iMCnVfZ9gWe8lDQ08Ynree55-y3M03OiRL76yFfrZtWRHJSkzOG0vLlRQrQFH83Wc4a8eZvib3NbmY6rWEfvhCIo-36G_yGYv2kbfXmM4OXo1DqQ8bgCcMUCkGknQ&sig=Cg0ArKJSzBLLTt1aLmtKEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9jaXRpemVuc2JhbmsuY29t&pr=8:B7C0FD9D8E4971EE&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=4&cbvp=1&cstd=0&cisv=r20250312.91074&arae=1&ftch=1&adurl=
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.198 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:49:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Thu, 13 Mar 2025 20:49:15 GMT
content-type
image/png
content-security-policy
script-src 'none'; object-src 'none'
cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
x-xss-protection
0
attribution-reporting-register-source
{"aggregation_keys":{"908695404":"0xf8ea7ea4c24f72ca0000000000000000","908695405":"0x8e7def4b50f894180000000000000000","908695406":"0xf78f24e06b2bf0030000000000000000"},"debug_key":"8830466262484554799","debug_reporting":true,"destination":["https://citizensbank.com","https://collegeraptor.com","https://debugconversiondomain1.com"],"event_report_windows":{"end_times":[86400,345600]},"expiry":"1296000","filter_data":{"14":["15935329","15990098"],"21":[],"23":[],"24":[],"25":[],"26":[],"27":[],"28":[],"29":[],"8":["8253365"]},"max_event_level_reports":2,"priority":"0","source_event_id":"14714386314588622019"}
server
cafe
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame C743 		41 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
br
age
2579
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:56:16 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 13 Mar 2025 20:06:16 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=3000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
13937
x-xss-protection
0
server
sffe
usync.html
eus.rubiconproject.com/ Frame D774 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&gdpr=0&geo=na&co=us
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.141 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-141.deploy.static.akamaitechnologies.com
Software
Apache/2.4.62 (Debian) /
Resource Hash

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
224
content-type
text/html
date
Thu, 13 Mar 2025 20:49:15 GMT
etag
"10d-629840acea280-gzip"
last-modified
Wed, 18 Dec 2024 04:42:34 GMT
server
Apache/2.4.62 (Debian)
vary
Accept-Encoding
gen_204
pagead2.googlesyndication.com/pagead/ Frame C743 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame C743 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4659 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:15 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4659 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame C743 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
12099a3f062c4812ddc5e0259e072b21e278fbcb06fa33606c64c13efcbe391a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame FD9B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame FD9B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame C743 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame C743 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 70C8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1496
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 13 Mar 2025 20:24:20 GMT
expires
Thu, 13 Mar 2025 21:14:20 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 5A1C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1496
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 13 Mar 2025 20:24:20 GMT
expires
Thu, 13 Mar 2025 21:14:20 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 9E02 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1496
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 13 Mar 2025 20:24:20 GMT
expires
Thu, 13 Mar 2025 21:14:20 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ftUtils.js
ajs-assets.ftstatic.com/ Frame 4659 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajs-assets.ftstatic.com/ftUtils.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-67.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5856901d3159c27ccab3bdf9786682be92c1b55df22757a402288869445a1d51

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-max-age
3000
access-control-expose-headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
content-encoding
gzip
etag
W/"d3c48e1d221f173643b61e784a31718a"
age
21353
access-control-allow-methods
GET
x-varnish
421419529 413581773
x-cache
Hit from cloudfront
x-amz-cf-id
yGjBodfv9VwUTMClkmcrRBNA8oXPyuUKwSrBVM57ZJ_psoxORY3ufQ==
date
Thu, 13 Mar 2025 14:53:23 GMT
content-type
application/javascript
last-modified
Mon, 03 Mar 2025 14:51:26 GMT
vary
Accept-Encoding,Accept-Encoding
cache-control
max-age=86400
via
1.1 prod-web-edge1.ash11.ftdns.net (Varnish/trunk), 1.1 8ca7450d970f904109dac7e068234b78.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
29455
x-amz-cf-pop
JFK52-P3
server
AmazonS3
x-amz-server-side-encryption
AES256
main.19.8.578.js
static.adsafeprotected.com/ Frame C743 		248 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/main.19.8.578.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d227c6ec39433f130db53c4039c7a34aa4bbb8b959ec4532b8a93961471fce1a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
x-amz-version-id
HdhLDBfvWFX_xZOnmA6KHW7yqk4y4T9u
etag
W/"3d54ab2706b89e8bb614e5578b5505dd"
age
171646
x-cache
Hit from cloudfront
x-amz-cf-id
wURxsYh9Gl_MW6fYWpurFUpdYmC1MAeMg0XIzvmNvB_NkAavPRWOmA==
date
Tue, 11 Mar 2025 21:08:31 GMT
content-type
application/javascript
vary
Accept-Encoding
last-modified
Tue, 11 Mar 2025 20:06:38 GMT
x-amz-replication-status
COMPLETED
cache-control
max-age=315360000
via
1.1 dd0e76eb9b3ff90ab87e33f1490318e8.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
main.19.8.578.js
static.adsafeprotected.com/ Frame FD9B 		248 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/main.19.8.578.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d227c6ec39433f130db53c4039c7a34aa4bbb8b959ec4532b8a93961471fce1a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
x-amz-version-id
HdhLDBfvWFX_xZOnmA6KHW7yqk4y4T9u
etag
W/"3d54ab2706b89e8bb614e5578b5505dd"
age
171646
x-cache
Hit from cloudfront
x-amz-cf-id
wURxsYh9Gl_MW6fYWpurFUpdYmC1MAeMg0XIzvmNvB_NkAavPRWOmA==
date
Tue, 11 Mar 2025 21:08:31 GMT
content-type
application/javascript
vary
Accept-Encoding
last-modified
Tue, 11 Mar 2025 20:06:38 GMT
x-amz-replication-status
COMPLETED
cache-control
max-age=315360000
via
1.1 dd0e76eb9b3ff90ab87e33f1490318e8.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
view
ad.doubleclick.net/pcs/ Frame FD9B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjsvMQzmod6DJuWgBuYH0kZEkq4AsUdLJOQx1mW01P_2P0MMSpDCzrGx9igBrXuoHGAn1rA3RTWip-JqqDOg9VhzzbT0kkaVzWSSXFJLEkakre_x19aHodzZ1GTtgYVHt7JFtT6W3jOeFteP45omlaLoQ7UHoyU9qkzvW7uGcifRjmSEK_h5tsKtS5lyZW4SsW1UFdxuHMyw_WAS3MsH3Qwf4jZCviHNpA3_j0jKW7NKUe3nXuVi6LEEbkVzzsuYhcWb5AbPWNlR4OZniAcAEQBtFv00B6NIpVqqXYJ1QZf25CdZi_k1pLIVMWw8jV7GjKSPs6Hv7oyT96SHg2YSySSEh22Yn8jwsFxeETfbthknMk2j8LsHqnb-Bg3s8br4BpKaKWGCy74OgRBRFlMPmMinInoTdIDBqTwSynVJJMKzb2u2gXgNWO6PA0r8QRpqC_VOQVL7j_UNqJW7lVX-WkkUqOe67p9e9vpmZOLw6CfuGbJUPwB5QKeyDrlQsdFvZGeSCimBZ91KKFxSy_NQ66EMEpK8Ow0tfARq5tiHnc6VQxNMJ9jgHc8y4HdGNDFFT9qHjs06Y-z-cbPbr4SQF4aUjtVuZ6NuMmBPgAu6Ha2Ys4cl9rWn88SFSHdsBwXb0GP9pOw_v9-JYKxmNcMx2p9ue1qiKP6o03fjZe39psqPhSvDsfo0D88TddoLyDIJvY9rtXWic-DT-JzzcuOs9H8KTcFK0WbnCGx5MsQKkuJ8utOtm9_fuU1IEvKXt2ga0ko-8p3ZW8Cp7PiiAwpdAYtRikkw2BDzsZBKKq0pnTq8qUauC7qm29Vtzu8c4C7NYPPrLXgFjTuy84y9vLebRQMYOzdRjRINDnxQMhUYYHxirlnD6dzKYn7rnD3G6-qgCQlidOyKIFKN0Lhzshgrz-esXpW3eXQxjumUHcM94Y7B3YUvWdFYcnK0uPqby7xhVSiuIWg5P--n-bpB_ZdEN7yZwCet9jxd-L8_QpA16W6B7azcfp4LfomPn4ixUJYaf0OEIzKlRdq_3R3zo44dwgIk0iLmRMMXgW5Kt6Js8xKCdawKR5nVlQL3pYC2oJtfcgzlC3EXTcGbvWISZrLoIXYDdRY83k-54Ze9FP20dersGDtJun1SuWBd6WgQ6KhpREZlfQuDq_JU84AmKrSIaQXtSOSP77WRQPDWhd8vWCmfZoT9ctXdExO3ot3vYYdlGgcStlyA5yMwEN1FnuJqnaZX7HMQTiMas5_M1bU2TfQE799bqT7YlnPgu1RKVj0pjgTu6cfYq1Em4cFxkpLFPKxLuUEHWsO61fQKqpE1u51PbQ2cT5L4yVU8HbtV821BerxWnyKaQfD7Uvu9QJ0jU-Vzg4K0q2NZ4zIqcx7_c50e_vecOcFYjA9Y1sFNbM5BiLfJxqu2JSGkmJDr6SlnpzFZohvLnloZj7tp1uk9ClU5w5NdXzV7JbsEfxWsVfGJc46VhYqpOo8HmEvf4g1msvgagBB2YPGc2UL8UsAAStwWBMboGlD51I8upWz7Xqsrn5StL&sai=AMfl-YQWEDlxG1owdguTyIHnIHdRyjj915nOvt3l7tCdfhCKTYZ4AT0LEjBHW9-iOAfiZLzVm4lb3rnTpXsuQzbXJQCqqyAbl5zfDsYtMVs0ysmA8_VU0sEbUDSWkkDseB0nuQ15nY5SPc2IojjWCkXrziaqI50uQffXTHVoR590qJm0iPHESYtMDKvaVZ11Ey_a_L0htoPf9X58JKn5_E3bEdzxxVKxnC0EzR0ga-VpBFkhVTfjpHAyZgvNCaRZj89M1ncmwZMhh6e4WVsSMURymOghDDsgHDnl5IIFmIEb3UjHFV_Jv8J_1qqc43m6YRTjMBC9-yd5zg92fjD5szbJy3dNlzkMC2Hh0jc37mEy84n7tc5-302393d1Qivtlg9pKyickjif66NfdI_c0abqDmTtPUEszo3EaN3lvhwF-aqyZL4HM7dsJHrYxCbbE73gePmmtyFUKOjt1JjIaDUAEmdZuf2zsd-T7HZcLtZIxw&sig=Cg0ArKJSzI68YfUSWz2uEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9jaXRpemVuc2JhbmsuY29t&pr=8:B7C0FD9D8E4971EE&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=315&vt=11&dtpt=309&dett=2&cstd=0&cisv=r20250312.60129&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=1&ftch=1&adurl=
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.198 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:49:16 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
x-xss-protection
0
content-type
image/png
attribution-reporting-register-source
{"aggregation_keys":{"908695404":"0xf8ea7ea4c24f72ca0000000000000000","908695405":"0x8e7def4b50f894180000000000000000","908695406":"0xf78f24e06b2bf0030000000000000000"},"debug_key":"6655997625188982429","debug_reporting":true,"destination":["https://citizensbank.com","https://collegeraptor.com","https://debugconversiondomain1.com"],"event_report_windows":{"end_times":[86400,345600]},"expiry":"1296000","filter_data":{"14":["15935329","15990098"],"21":[],"23":[],"24":[],"25":[],"26":[],"27":[],"28":[],"29":[],"8":["8253365"]},"max_event_level_reports":2,"priority":"0","source_event_id":"12957686923381137716"}
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame FD9B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssP57Z9-NlBdCmhANUE3AdMYTo6DG8m6u2L9c-4N44ByS2gXtLX_67i_vHfiiqc6LJIrUY2cAuGateapiNXN7LjmmfkdhPkLmxAbWXZrXFlV5W_9PpIdhYUz8tuKlFCorAFfbSSQcMTvEs6Uq8b4bOxsaPpf4_C8blLE-mOoltgNJXuE9hMD12AmjbZC4su9TaEJwtDRAPXKl7VfRtj_5RPC6SQ0fePf6fqHciretHsI1ZKjF4U3VOo7mFkojQwNxZYX6CSu14fPdgBcX7uqse4VV7tOUHISvjkSbbD5G6qhRN44Qgq5YD62iKs6VYLMLBN0B2tHeujdPorGm2vpwE655n16tRTGFvx5vTj6RimRaDrc5zP0-bpqxQO7QqJj55d3jVP3LDIdLOPKPqcHnCL_ASHUyLoMhDmvniOoHbif_f8Ej_EJfH6pwjWlpss&sai=AMfl-YQtWhocLlbwQ1kzYKd7_KlIRPdDgI8IZM6lAVkZEIn287iBxgedWkow4Wo0VW3dAA2Ir_sSjhfk5yO7jhtHcNtHNPyNq1VUai7Cku3vErG0--4KIU8YjGxS3Z8RXRjb6PhaxjV8oub8xEfazUE&sig=Cg0ArKJSzC9hrDT2DqKUEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:49:16 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
view
ad.doubleclick.net/pcs/ Frame C743 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjssgL8WWnkuKRmJ9nu30SLkzkLTfndVESL47eeRGvh3S0XfQwTsmL9kMkoTrFf0lYGkxxnw4tF4EN04s6KRkkGtb4gCJJNttVs3EyKIkVDPHWTuSl2bFxl6iQZVuasmgCJpH42C1uFgEsEowhr07XWuX3hCaj865WjkD-odAfsj04xehn2zEsiyxIkCmuGQRPB3ya0J2B_YEM-bnXoTfZ7XJX2hTdsuffKEr7i3GBu9RijjGs4VA5LfY640XDePq4eYOMxGHFDHeqEsBJzQTivIwQcFmfSij52gmzJouelsJ17UE75ylNfC6T8zUG7qlFTHskiaJUUWF6V63HwweM6EJe0rUWk-yZH4-WvgSvVaEFeH0eTN_32o2XBAuoqPgkjdA_wAIQwSA1zotUCNWcqwdL6JY0N0_bxiuAiN7O9qioC3gPr4YJJCja10XHgr-xw-KRJs2PPMjyobhPVrAiw9s86sqC2pPCKlAd2II03dXPHSb2GyXesgJ2nSOvAXEj6-Fi2mzXcXV5CipjLv5SLMCmBidn7y9L-HRDhQ0bjkSbJ6YbZkbTBzdreqDDXa8HOwOIvdIfDknvVdfxLzMAIRIOgDkf22c1Lph0FnWXjPQKS32aE5Y1xQgduVIUpKJ5Gzftc9IDyn4tZDeAsl62SHMvU73s9lcZqU_PoK0i6eIQlPMz4O1Bkj-HAYWk1TQDeX51YL9KZjcucN9Ed_1jfXgu1lwCnaHaFV4m7F6957JT6E6wy0Zn3ZjUre64EVPdIsbUcvcLv_HL8C7-Kh4n05Lxo8H541cAE31vsAIaXbDZ-q3g_FCxenUDWxAezHZHMPcuQmTjqmR2Yg2bqC_DSmf91Czh0aD8RpO1BHmspouGsWHMLaU1s4I2nRQWcEvwN8liQmepvEL24bGYqpGYf8l-HzGA48CUsHfVU4UnVKlDrNBjfbAVJGox-jPBJqZxmtBf0Qbn3Jtfb1VsWS8hlxoNy09n6wsVNgSi1Porh6cnsR7XINvpO2W6a7qICsdf6CXv_AdX3Zb4T8faHCt7nY5dwRtYC2ObOXrTugAW2x1lBng5LTFsrDc3MKtBM8RlMhSy5AftgPj8L8zPy7OtkgYNQhfHo2auy8VfcMX-CTDoSRCH6AS3-7nt06iBiSkxpvkv8ZVvqp3pe1Fb5VozsqvWKDAdp-JY8CH7AeqG2R1-cjAW6Qd4uMMSFHN4TIVofgJYP9kxb16exyb26J4AG79rrt5CDX7e1KNVk9qppa7PebTLG8hX0BQaA19MmQyyvaRSR3JjTqCfcdPEVCFQeHvhttGSDSlj0x6mAa-4PC_HHj4Bvai3W0Cz8QKWwjLuiroyCFoJ2UU5MtAZ7dyqL0bZP2PBqQaMBMiI6oX713J1SnxrO_eaIp7gJtqXpPypjut2di_CIbFBJFM55vQalf91JvRkeC7ApKidvgIKmYm3aA5wPbSKMsi3csDc-cqMUs6fiM9KV3D8WyzgRaq5d3piNO6857wIZDcwC6uXFZGTYAMzsDO2rOmH17T4Z42KJsz&sai=AMfl-YRuAz8N_TIR8RjYgzGkTRz4T3_KbiDpg8aFkw9nJZeLVT3ZZJnlqlTMjX_pm1xpuh2SQdWK6NekUlf7L4hIg6zP70fG5tixTWLapnxGLp1cQbR-vZS9RKbm_2zITs_z275QMu-vPsTnjde_EDop0zteZt8TxdB78_2Hp0vhy8MiSlDsZYA_hsu1itoWlNIYzEW7AFlwP8aHbNMbEpwz5_m4nlSpvLcXGb1psNcEztPTQVFieBfbe0QkRP2Dcbl-iKO1Zt-no3PuIxJOMOyXAI3vIETRtmKYZnBs0yz9ynB6GOgVjH3xMMZkReRIKd7H7AGr2XWQpfiFhKyiil4AhQkPKnupuO5qp3JIJ78auBHh7iMCnVfZ9gWe8lDQ08Ynree55-y3M03OiRL76yFfrZtWRHJSkzOG0vLlRQrQFH83Wc4a8eZvib3NbmY6rWEfvhCIo-36G_yGYv2kbfXmM4OXo1DqQ8bgCcMUCkGknQ&sig=Cg0ArKJSzBLLTt1aLmtKEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9jaXRpemVuc2JhbmsuY29t&pr=8:B7C0FD9D8E4971EE&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=224&vt=11&dtpt=220&dett=2&cstd=0&cisv=r20250312.91074&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=1&ftch=1&adurl=
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.198 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:49:16 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
x-xss-protection
0
content-type
image/png
attribution-reporting-register-source
{"aggregation_keys":{"908695404":"0xf8ea7ea4c24f72ca0000000000000000","908695405":"0x8e7def4b50f894180000000000000000","908695406":"0xf78f24e06b2bf0030000000000000000"},"debug_key":"6228182112662568773","debug_reporting":true,"destination":["https://citizensbank.com","https://collegeraptor.com","https://debugconversiondomain1.com"],"event_report_windows":{"end_times":[86400,345600]},"expiry":"1296000","filter_data":{"14":["15935329","15990098"],"21":[],"23":[],"24":[],"25":[],"26":[],"27":[],"28":[],"29":[],"8":["8253365"]},"max_event_level_reports":2,"priority":"0","source_event_id":"303004407772920060"}
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame C743 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv0WjIW4Ah4JeuCY6xIZRL2e0b8ClpEmyk_BF2_VQ5Bhlp-EGYB63uMTfw56mnzUS-fV60THZMD0yHWxV079t32cohhqGm_mSQj1o41HlD7WSUzCjB3ii9e52D_rSi45CDBZqw26aEmyvaPSun1xa6svpoXgmAOzubxpfvHFhEDA2ooA-TkjiMtYa1yrd_UFrBHNZUYqIJns0vfPIfNLIe6bdjrS8xRiLqn0YOJckaM6fn4TklasR8pWoWggXnuQnjEFMTc_ksE5gls19yJIjnTH3yeFL3CaPr0QLM76b2XI2tiTXYW81WL5zUYXn6O99hbpgiLzMkjmQ1_0o6QxaL9Ic4fkDxys2h8FFz4FzkNojyEklujn5vg-8Tu5-mHm6sxgh_Hhzv6w1WstqjYOpH65fCBzGxAJw7XXEotxXm-6TrseC9EELQ_O9Ys4GlP&sai=AMfl-YQ6HYo0XqHAIh1vSVTwHgAHxJcV0uK0iXh1CMmmaFPPXozyVwwgmEoaVwxH0h5tZ8OyPYNWjXGiZEPXJUZiaJCmTnfly9EtOJejFPc_oXbYKUlhroEHxLuVjM2yI91QDZ5aQGbhmrSoTFepfMk&sig=Cg0ArKJSzBjsyrfS869nEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Thu, 13 Mar 2025 20:49:16 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
5204940.json
agen-assets.ftstatic.com/display/9356627/ Frame 4659 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://agen-assets.ftstatic.com/display/9356627/5204940.json
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-124.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
59fbf17ba5e93c5593bec929c9fe71573acc525556d31c3d43b34358fd6a039a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

access-control-max-age
3000
access-control-expose-headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
content-encoding
gzip
etag
W/"d495e3073eee5299371de938474b1b91"
age
381
access-control-allow-methods
GET
x-varnish
380508999
x-cache
Hit from cloudfront
x-amz-cf-id
WBIJeLuStnu439jhpNjum5ZvrsgocXqhr8lOZZrEMmdcqCUvUGDUgw==
date
Thu, 13 Mar 2025 20:43:11 GMT
content-type
application/json
vary
Accept-Encoding,Accept-Encoding
last-modified
Thu, 06 Mar 2025 17:55:23 GMT
cache-control
max-age=30
via
1.1 prod-web-edge4.dub11.ftdns.net (Varnish/trunk), 1.1 922167d169fb5d47cad92d0fd0cd14aa.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-amz-cf-pop
JFK50-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
skeleton.js
static.adsafeprotected.com/ Frame C743
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/2388769/85746127/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1019977296&ias_pubId=19116&ias_chanId=8&ias_placementId=22224013572&bidurl=https://fa...
  • https://static.adsafeprotected.com/skeleton.js?ias_xappb=
17 B
464 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/skeleton.js?ias_xappb=
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
2600:9000:247b:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

etag
"53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id
nylqTweorRThFHMBJSrf_fHcWx3KVKN3
age
175358
x-cache
Hit from cloudfront
x-amz-cf-id
HTgiqPKD0yY39EQ03Dme0tl5sAafQqpQSUyOS_z9GnKYMEctHdtUvA==
date
Tue, 11 Mar 2025 20:06:39 GMT
content-type
application/javascript
last-modified
Mon, 17 Aug 2020 23:54:35 GMT
x-amz-replication-status
COMPLETED
cache-control
max-age=315360000
via
1.1 dd0e76eb9b3ff90ab87e33f1490318e8.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
17
x-amz-cf-pop
JFK52-P2
server
AmazonS3
x-amz-server-side-encryption
AES256

Redirect headers

cache-control
no-cache
location
https://static.adsafeprotected.com/skeleton.js?ias_xappb=
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
pragma
no-cache
sca.17.6.4.js
static.adsafeprotected.com/ Frame 06DF 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.4.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ac42cf20760d5b0f71be7a0391c76020002aa1dcfc75bae782360bf2761db29f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
x-amz-version-id
bOtNsqPibVajaDyuqqyqCrhSRcjcC6sa
etag
W/"8fa66f8b94450bd040e7b5a7550c52de"
age
175358
x-cache
Hit from cloudfront
x-amz-cf-id
Vc_RY3RRR4wKdqYOLVb_oz8y1owPzE4rg1uTBdWidoTkVXuPnKA7xg==
date
Tue, 11 Mar 2025 20:06:39 GMT
content-type
application/javascript
vary
Accept-Encoding
last-modified
Mon, 13 May 2024 16:44:02 GMT
x-amz-replication-status
COMPLETED
cache-control
max-age=315360000
via
1.1 dd0e76eb9b3ff90ab87e33f1490318e8.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
skeleton.js
static.adsafeprotected.com/ Frame FD9B
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/2388769/85746127/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1019977296&ias_pubId=19116&ias_chanId=8&ias_placementId=22224013572&bidurl=https://fa...
  • https://static.adsafeprotected.com/skeleton.js?ias_xappb=
17 B
0 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/skeleton.js?ias_xappb=
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Server
2600:9000:247b:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

etag
"53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id
nylqTweorRThFHMBJSrf_fHcWx3KVKN3
age
175358
x-cache
Hit from cloudfront
x-amz-cf-id
HTgiqPKD0yY39EQ03Dme0tl5sAafQqpQSUyOS_z9GnKYMEctHdtUvA==
date
Tue, 11 Mar 2025 20:06:39 GMT
content-type
application/javascript
last-modified
Mon, 17 Aug 2020 23:54:35 GMT
x-amz-replication-status
COMPLETED
cache-control
max-age=315360000
via
1.1 dd0e76eb9b3ff90ab87e33f1490318e8.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
17
x-amz-cf-pop
JFK52-P2
server
AmazonS3
x-amz-server-side-encryption
AES256

Redirect headers

cache-control
no-cache
location
https://static.adsafeprotected.com/skeleton.js?ias_xappb=
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
pragma
no-cache
sca.17.6.4.js
static.adsafeprotected.com/ Frame EF44 		91 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.4.js
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ac42cf20760d5b0f71be7a0391c76020002aa1dcfc75bae782360bf2761db29f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-encoding
gzip
x-amz-version-id
bOtNsqPibVajaDyuqqyqCrhSRcjcC6sa
etag
W/"8fa66f8b94450bd040e7b5a7550c52de"
age
175358
x-cache
Hit from cloudfront
x-amz-cf-id
Vc_RY3RRR4wKdqYOLVb_oz8y1owPzE4rg1uTBdWidoTkVXuPnKA7xg==
date
Tue, 11 Mar 2025 20:06:39 GMT
content-type
application/javascript
vary
Accept-Encoding
last-modified
Mon, 13 May 2024 16:44:02 GMT
x-amz-replication-status
COMPLETED
cache-control
max-age=315360000
via
1.1 dd0e76eb9b3ff90ab87e33f1490318e8.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
dt
dt.adsafeprotected.com/ 		43 B
178 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=2388769&asId=23bf21b3-d8ef-915e-b22c-089decdecd8a&tv=%7Bc:6JMM1y,pingTime:-2,time:436,type:a,im:%7BpBlk:386,sf:0,pom:1,prf:%7BbeA:1122,beZ:1124,mfA:1449,cmA:1451,inA:1451,inZ:1457,prA:1457,prZ:1465,si:1489,poA:1491,bl:1509,poZ:1509,cmZ:1509,mfZ:1509,loA:1546,loZ:1549,ltA:1557,ltZ:1557,mdA:1128,mdZ:1433%7D%7D,sca:%7Bdfp:%7Bdf:2,sz:300.600,dom:img%7D%7D,env:%7Bgca:false,cca:false,gca2:true,gcd2:%7Bappl:0,cnst:na%7D%7D,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:600,t:365%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:436,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:365,wc:400.400.1600.1200,ac:445.456.300.600,am:sp,cc:400.400.300.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B104~100%5D,as:%5B104~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:0,fm:uFmmva4+11%7C121111%7C121112%7C1211131%7C1211132%7C1211133%7C1211134%7C121114%7C121115%7C121116%7C121117%7C12112%7C12113%7C12114%7C12115%7C12116%7C12117%7C12118%7C122%7C13%7C14%7C15%7C16%7C17%7C18*.2388769-85746127%7C181%7C182%7C183%7C19.2388769-85746127%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3,idMap:18*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:IMG.qs,siq:368,slid:%5Bc6654_p3_0_0,google_ads_iframe_/2172637573922803128949/faces.wtf_1098/doublempu_6654_0__container__,ZpwRExDR9d7G_1741898954257_168675157_2,__next%5D,msd:0,ph:1200,sinceFw:65,readyFired:true%7D&br=c
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:1aca:4280:46af:258a:9b81:4449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-length
43
date
Thu, 13 Mar 2025 20:49:16 GMT
pragma
no-cache
content-type
image/gif
dt
dt.adsafeprotected.com/ 		43 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=2388769&asId=c026729b-c97e-8018-f342-f420d7362d04&tv=%7Bc:6JMM1A,pingTime:-2,time:430,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1069,beZ:1072,mfA:1462,cmA:1462,inA:1462,inZ:1464,prA:1464,prZ:1468,si:1471,poA:1472,poZ:1483,cmZ:1483,mfZ:1483,loA:1494,loZ:1496,ltA:1500,ltZ:1500,mdA:1075,mdZ:1373%7D%7D,sca:%7Bdfp:%7Bdf:2,sz:300.600,dom:img%7D%7D,env:%7Bgca:false,cca:false,gca2:true,gcd2:%7Bappl:0,cnst:na%7D%7D,clog:%5B%7Bpiv:0,vs:o,r:l,w:300,h:600,t:401%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:430,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:401,wc:400.400.1600.1200,ac:1655.456.300.600,am:sp,cc:400.400.300.600,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B38~0%5D,as:%5B38~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:0,fm:uFmmva4+11%7C121111%7C121112%7C1211131%7C1211132%7C1211133%7C1211134%7C121114%7C121115%7C121116%7C121117%7C12112%7C12113%7C12114%7C12115%7C12116%7C12117%7C12118%7C122%7C13%7C14%7C15%7C16%7C17%7C18.2388769-85746127%7C181%7C182%7C183%7C184%7C19*.2388769-85746127%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3,idMap:19*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:IMG.qs,siq:402,slid:%5Bc6654_p4_0_0,google_ads_iframe_/2172637573922803128949/faces.wtf_1098/doublempu_6654_1__container__,PBGDzFADSy98_1741898954263_865814550_3,__next%5D,msd:0,ph:1200,sinceFw:28,readyFired:true%7D&br=c
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:1aca:4280:46af:258a:9b81:4449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-length
43
date
Thu, 13 Mar 2025 20:49:16 GMT
pragma
no-cache
content-type
image/gif
dt
dt.adsafeprotected.com/ 		43 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=2388769&asId=23bf21b3-d8ef-915e-b22c-089decdecd8a&tv=%7Bc:6JMM2G,time:506,type:e,im:%7BpWait:4%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:506,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:365,wc:400.400.1600.1200,ac:445.456.300.600,am:sp,cc:400.400.300.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B174~100%5D,as:%5B174~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:0,fm:uFmmva4+11%7C121111%7C121112%7C1211131%7C1211132%7C1211133%7C1211134%7C121114%7C121115%7C121116%7C121117%7C12112%7C12113%7C12114%7C12115%7C12116%7C12117%7C12118%7C122%7C13%7C14%7C15%7C16%7C17%7C18*.2388769-85746127%7C181%7C182%7C183%7C19.2388769-85746127%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3,idMap:18*,rmeas:1,rend:1,renddet:IMG.qs,siq:368,msd:0,ph:1200%7D&br=c
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:1aca:4280:46af:258a:9b81:4449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-length
43
date
Thu, 13 Mar 2025 20:49:16 GMT
pragma
no-cache
content-type
image/gif
d9core
d9.flashtalking.com/ Frame 4659 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d9.flashtalking.com/d9core
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.3.3 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-194-3-3.compute-1.amazonaws.com
Software
Apache/2.4.59 (Amazon Linux) OpenSSL/3.0.8 /
Resource Hash
a6a7044e71e8b4f59e308797db367dc1609db9c5b3ac2ddf95b93f70d0fa35c7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
private, must-revalidate, proxy-revalidate, max-age=172800
etag
5bc31bf7d4a298e1bef9d35fce222bfc
access-control-allow-credentials
true
access-control-allow-methods
GET,POST,SERVER
access-control-allow-origin
d9.flashtalking.com
p3p
policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date
Thu, 13 Mar 2025 20:49:16 GMT
content-type
application/javascript;charset=utf-8
server
Apache/2.4.59 (Amazon Linux) OpenSSL/3.0.8
index.html
cdn.flashtalking.com/172799/5204940/ Frame 97DA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.flashtalking.com/172799/5204940/index.html
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.94.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-94-42.jfk52.r.cloudfront.net
Software
Flashtalking (AKA) /
Resource Hash

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=1200
content-encoding
gzip
content-length
699
content-type
text/html
date
Thu, 13 Mar 2025 20:48:43 GMT
etag
W/"693999c980e115bf6c363126bc3e437f"
last-modified
Tue, 04 Mar 2025 23:37:17 GMT
server
Flashtalking (AKA)
vary
Origin
via
1.1 prod-web-edge2.dub11.ftdns.net (Varnish/trunk), 1.1 5c0a259581220ee625646cd2f358183c.cloudfront.net (CloudFront)
x-amz-cf-id
l_uvi6a3SfdF77FG_hM0_S6h-EUO6VOOQMtSDOCKxKllHLGaOK4zsA==
x-amz-cf-pop
JFK52-P10
x-cache
Hit from cloudfront
x-varnish
429311508 429403426
truncated
/ Frame 4659 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
score.min.js
js.ad-score.com/ Frame 4659 		926 KB
187 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.ad-score.com/score.min.js?pid=1000925&tt=g
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:b400:a:deb0:3380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
063619d95768cf2a8b8d3ebe3cfbf701dd47faa9b7eccc35b542e03e0f35ee0f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

Content-Encoding
br
Age
7045
Access-Control-Allow-Methods
GET
Expires
Fri, 14 Mar 2025 18:51:51 GMT
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
1ImoOJgo70TWxRKRmv82qXfPA28Q40XWKPD3ICyEir0s7eDwz4BDfg==
Date
Thu, 13 Mar 2025 18:51:51 GMT
Content-Type
application/javascript
Last-Modified
Thu, 13 Mar 2025 18:51:51 GMT
Vary
Accept-Encoding
Access-Control-Allow-Headers
Cache-Control
Transfer-Encoding
chunked
Cache-Control
public, max-age=86400
Connection
keep-alive
Access-Control-Allow-Credentials
true
Via
1.1 08c35fba3c05c07f78b1292e4a5f949a.cloudfront.net (CloudFront)
Access-Control-Allow-Origin
*
X-Amz-Cf-Pop
JFK52-P3
/
ad-events.flashtalking.com/state/9356627;5204940;0;271;9CD73026-168A-1627-2303-EA425E91CB5F/ Frame 4659 		0
67 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-events.flashtalking.com/state/9356627;5204940;0;271;9CD73026-168A-1627-2303-EA425E91CB5F/?cachebuster=130302265
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.208.84 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-208-84.compute-1.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-length
0
date
Thu, 13 Mar 2025 20:49:16 GMT
content-type
text/plain; charset=utf-8
server
awselb/2.0
iconc.png
cdn.flashtalking.com/oba/icon/ Frame 4659 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.94.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-94-118.jfk52.r.cloudfront.net
Software
Flashtalking (AKA) /
Resource Hash
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
max-age=2592000
etag
W/"db320ef6f3c45ab5c90887ef618de2bb"
via
1.1 prod-web-edge2.ash11.ftdns.net (Varnish/trunk), 1.1 4184c55a8c6148d4c2081dc674c1874e.cloudfront.net (CloudFront)
x-varnish
97447825
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
1308
x-amz-cf-id
KQovteSbtMOga3OD80iKKrd3p_RNcCELAwwduTyZ_XbyL9sOt_M8RA==
date
Wed, 12 Feb 2025 23:35:20 GMT
content-type
image/png
last-modified
Sat, 12 Apr 2014 19:14:31 GMT
server
Flashtalking (AKA)
x-amz-cf-pop
JFK52-P10
vary
Origin
activeview
pagead2.googlesyndication.com/pcs/ Frame 4659 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvCcZ9hMjzZymt1N4gnJKfIOdjYETzyuQvOML0FYVkD24okBuzkyDfOB5mZiE-r1o2YGQp1psyYQuGrUEZSo9aOvAfAH7PGxqfyWsZyyPq-sEWfUD2v8InPMib2ZrduZ1HrDwdyyWACU9IXe6u75VjYwhyKTTbKskF9p5gOBp9XmocCRA&sig=Cg0ArKJSzLvqHu4XyUKREAE&id=lidar2&mcvt=1008&p=1110,436,1200,1164&tm=1051&tu=43.19999694824219&mtos=1008,1008,1008,1008,1008&tos=1008,0,0,0,0&v=20250312&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3991525916&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3783175500&rst=1741898955042&rpt=624&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Thu, 13 Mar 2025 20:49:16 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
dt
dt.adsafeprotected.com/ 		43 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=2388769&asId=23bf21b3-d8ef-915e-b22c-089decdecd8a&tv=%7Bc:6JMM6Q,pingTime:-10,time:764,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi40djEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi40dk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDAzMDEwN3x8NjAwfHxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzMuMC4wLjAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.4v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200222002220222202,asp:1741898956791%7C%7C7e1c45752245cd86521edaca92cac3ec%7C%7C97c8d7303a7d32359ab28720b7810e9d%7C%7C6f126f2413e610ddc88a24836cbe15f9%7C%7Cd8f3625e343b416d685d32bf3d3839b5%7C%7Cbc65c2d33bda6e000ca5877f03a642f9%7C%7C3edc9eb8e02b328417483a16e8462535%7C%7C78c7acbe33e97e9106adfcc7eb917f12%7C%7C1715618633,sca:%7Beng:b,tss:%7Blts:2025-03-1310.49.16,tzo:600,tzn:Pacific/Honolulu%7D,mob:%7Bori:0,ges:0,tch:0%7D,prp:%7Bnot:1,csi:1,msl:0,hdl:1,aps:0,hae:1,ito:1,sec:1%7D%7D%7D
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:1aca:4280:46af:258a:9b81:4449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-length
43
date
Thu, 13 Mar 2025 20:49:16 GMT
pragma
no-cache
content-type
image/gif
lgc
d9.flashtalking.com/ Frame 4659 		103 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d9.flashtalking.com/lgc
Requested by
Host: d9.flashtalking.com
URL: https://d9.flashtalking.com/d9core
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.3.3 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-194-3-3.compute-1.amazonaws.com
Software
Apache/2.4.59 (Amazon Linux) OpenSSL/3.0.8 /
Resource Hash
23984525d8560928c15bb3a62408accffaf67bc4313b74dfe1931be4d1e4b5b7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://faces.wtf/

Response headers

access-control-allow-credentials
true
access-control-allow-methods
GET,POST,SERVER
access-control-allow-origin
https://faces.wtf
content-length
103
p3p
policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date
Thu, 13 Mar 2025 20:49:16 GMT
content-type
application/json;charset=UTF-8
server
Apache/2.4.59 (Amazon Linux) OpenSSL/3.0.8
dt
dt.adsafeprotected.com/ 		43 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=2388769&asId=c026729b-c97e-8018-f342-f420d7362d04&tv=%7Bc:6JMM7H,time:809,type:e,sca:%7Beng:b,tss:%7Blts:2025-03-1310.49.16,tzo:600,tzn:Pacific/Honolulu%7D,mob:%7Bori:0,ges:0,tch:0%7D,prp:%7Bnot:1,csi:1,msl:0,hdl:1,aps:0,hae:1,ito:1,sec:1%7D,exr:%7Bexs:objectExternal%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:809,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:401,wc:400.400.1600.1200,ac:1655.456.300.600,am:sp,cc:400.400.300.600,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B416~0%5D,as:%5B416~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:198,fm:uFmmva4+11%7C121111%7C121112%7C1211131%7C1211132%7C1211133%7C1211134%7C121114%7C121115%7C121116%7C121117%7C12112%7C12113%7C12114%7C12115%7C12116%7C12117%7C12118%7C122%7C13%7C14%7C15%7C16%7C17%7C18.2388769-85746127%7C181%7C182%7C183%7C184%7C19*.2388769-85746127%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3,idMap:19*,rmeas:1,rend:1,renddet:IMG.qs,siq:402,msd:0,ph:1200,sis:568%7D&br=c
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:1aca:4280:46af:258a:9b81:4449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-length
43
date
Thu, 13 Mar 2025 20:49:16 GMT
pragma
no-cache
content-type
image/gif
/
servedby.flashtalking.com/state/9356627;5204940;0;401;9CD73026-168A-1627-2303-EA425E91CB5F/ Frame 4659 		42 B
387 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://servedby.flashtalking.com/state/9356627;5204940;0;401;9CD73026-168A-1627-2303-EA425E91CB5F/?ft_data=d9:4a8ce94cf7fc4b45b4c56bd737a2d295;d9s:4a8ce94cf7fc4b45b4c56bd737a2d295&cachebuster=436430267
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.200.197.55 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-200-197-55.deploy.static.akamaitechnologies.com
Software
prod-xre-app59.ash11 /
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

Strict-Transport-Security
max-age=86400
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 13 Mar 2025 20:49:16 GMT
Content-Length
42
Allow-Fenced-Frame-Automatic-Beacons
true
Date
Thu, 13 Mar 2025 20:49:16 GMT
Content-Type
image/gif
Server
prod-xre-app59.ash11
dt
dt.adsafeprotected.com/ 		43 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=2388769&asId=23bf21b3-d8ef-915e-b22c-089decdecd8a&tv=%7Bc:6JMM8M,time:884,type:e,sca:%7Bexr:%7Bexs:objectExternal%7D,ifr:%7Bact:1,eff:0%7D,uai:%7Bent:1%7D,nit:%7Bpqr:denied,ntr:default%7D,cdc:%5B2,2,2,2,0,0,0,0,0,2,0,2,0,0,2,2,2,2%5D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:884,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:365,wc:400.400.1600.1200,ac:445.456.300.600,am:sp,cc:400.400.300.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B552~100%5D,as:%5B552~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:101,fm:uFmmva4+11%7C121111%7C121112%7C1211131%7C1211132%7C1211133%7C1211134%7C121114%7C121115%7C121116%7C121117%7C12112%7C12113%7C12114%7C12115%7C12116%7C12117%7C12118%7C122%7C13%7C14%7C15%7C16%7C17%7C18*.2388769-85746127%7C181%7C182%7C183%7C19.2388769-85746127%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3,idMap:18*,rmeas:1,rend:1,renddet:IMG.qs,siq:368,msd:0,ph:1200,sis:575%7D&br=c
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:1aca:4280:46af:258a:9b81:4449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-length
43
date
Thu, 13 Mar 2025 20:49:16 GMT
pragma
no-cache
content-type
image/gif
dt
dt.adsafeprotected.com/ 		43 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=2388769&asId=c026729b-c97e-8018-f342-f420d7362d04&tv=%7Bc:6JMM8V,time:885,type:e,sca:%7Bifr:%7Bact:1,eff:0%7D,uai:%7Bent:1%7D,nit:%7Bpqr:denied,ntr:default%7D,cdc:%5B2,2,2,2,0,0,0,0,0,2,0,2,0,0,2,2,2,2%5D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:885,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:401,wc:400.400.1600.1200,ac:1655.456.300.600,am:sp,cc:400.400.300.600,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B492~0%5D,as:%5B492~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:67,fm:uFmmva4+11%7C121111%7C121112%7C1211131%7C1211132%7C1211133%7C1211134%7C121114%7C121115%7C121116%7C121117%7C12112%7C12113%7C12114%7C12115%7C12116%7C12117%7C12118%7C122%7C13%7C14%7C15%7C16%7C17%7C18.2388769-85746127%7C181%7C182%7C183%7C184%7C19*.2388769-85746127%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3,idMap:19*,rmeas:1,rend:1,renddet:IMG.qs,siq:402,msd:0,ph:1200,sis:568%7D&br=c
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:1aca:4280:46af:258a:9b81:4449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-length
43
date
Thu, 13 Mar 2025 20:49:16 GMT
pragma
no-cache
content-type
image/gif
nlp-bp.min.js
js.ad-score.com/ Frame 4659 		300 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.ad-score.com/nlp-bp.min.js?pid=1000925&tt=g
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:b400:a:deb0:3380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
1c53b5b95d99b14ffb7a8a00a2cb1345bfd4f60a5dd8c70adfa511c247c8112d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

Transfer-Encoding
chunked
Cache-Control
public, max-age=86400
Content-Encoding
gzip
Age
7046
Connection
keep-alive
Via
1.1 08c35fba3c05c07f78b1292e4a5f949a.cloudfront.net (CloudFront)
Accept-Ranges
bytes
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
bA2ZXvDvMBDHtB-HkX3-NFwLNweUh3N2dTD9ERJOuZYyIvty88ncaw==
Date
Thu, 13 Mar 2025 18:51:51 GMT
Content-Type
text/javascript; charset=utf-8
Last-Modified
Thu, 13 Mar 2025 18:22:45 GMT
X-Amz-Cf-Pop
JFK52-P3
cors
data.ad-score.com/data/ Frame 4659 		137 B
678 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://data.ad-score.com/data/cors?pm_st=eNzUmnzuegtvMRmNrYcOKDCezhbclejH-FE7fPshldVTkKD8b0XLPFknBPA==-E03FPcVualvjNw==&pm_ct=27be31b6329464df6f0f370a&pm_pl=1741898957174&pm_td=75&pid=1000925&en=1.1&callback=__pm_glbl_SHZ2amVN76Jsg0gFEDJWDnhh._gc1&tt=g&v=273ca3d
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
f49f5bfa0526e9002fe9beb58d7c92396d9b3ecce32b36958b41feced7acfb45

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://faces.wtf/

Response headers

Cache-Control
post-check=0, pre-check=0, false, proxy-revalidate, no-cache, no-cache=Set-Cookie, no-store, must-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
Age
0
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
https://faces.wtf
P3p
CP="CURa ADMa DEVa TAIi PSAi PSDi IVAi IVDi CONi HISa TELi OUR IND DSP CAO COR"
Content-Length
137
Date
Thu, 13 Mar 2025 20:49:17 GMT
Content-Type
text/plain; charset=utf-8
0135d4d5-d461-4bfa-ae5b-04e7e804225d
https://faces.wtf/ Frame 4659 		0
0
truncated
/ Frame 9719 		266 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
fe775be6-ca51-4992-883d-bd7873c993ac
https://faces.wtf/ Frame 4659 		0
0
truncated
/ Frame 4659 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
dt
dt.adsafeprotected.com/ 		43 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=2388769&asId=23bf21b3-d8ef-915e-b22c-089decdecd8a&tv=%7Bc:6JMMkp,pingTime:1,time:1605,type:p,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:600,t:365%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1605,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:365,wc:400.400.1600.1200,ac:445.456.300.600,am:sp,cc:400.400.300.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1273~100%5D,as:%5B1273~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:72,fm:uFmmva4+11%7C121111%7C121112%7C1211131%7C1211132%7C1211133%7C1211134%7C121114%7C121115%7C121116%7C121117%7C12112%7C12113%7C12114%7C12115%7C12116%7C12117%7C12118%7C122%7C13%7C14%7C15%7C16%7C17%7C18*.2388769-85746127%7C181%7C182%7C183%7C19.2388769-85746127%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3,idMap:18*,rmeas:1,rend:1,renddet:IMG.qs,siq:368,msd:0,ph:1200,sis:575%7D&br=c
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:1aca:4280:46af:258a:9b81:4449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-length
43
date
Thu, 13 Mar 2025 20:49:17 GMT
pragma
no-cache
content-type
image/gif
dt
dt.adsafeprotected.com/ 		43 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=2388769&asId=23bf21b3-d8ef-915e-b22c-089decdecd8a&tv=%7Bc:6JMMkp,pingTime:1,time:1605,type:pf,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:600,t:365%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1606,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:365,wc:400.400.1600.1200,ac:445.456.300.600,am:sp,cc:400.400.300.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1274~100%5D,as:%5B1274~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:72,fm:uFmmva4+11%7C121111%7C121112%7C1211131%7C1211132%7C1211133%7C1211134%7C121114%7C121115%7C121116%7C121117%7C12112%7C12113%7C12114%7C12115%7C12116%7C12117%7C12118%7C122%7C13%7C14%7C15%7C16%7C17%7C18*.2388769-85746127%7C181%7C182%7C183%7C19.2388769-85746127%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3,idMap:18*,rmeas:1,rend:1,renddet:IMG.qs,siq:368,msd:0,ph:1200,sis:575%7D&br=c
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:1aca:4280:46af:258a:9b81:4449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-length
43
date
Thu, 13 Mar 2025 20:49:17 GMT
pragma
no-cache
content-type
image/gif
activeview
pagead2.googlesyndication.com/pcs/ Frame C743 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstP_BYEPqR9YV_zRjCRWgHWD_sORYTvDsYQ4l1H_5AkU4ymrD-S_4nZgNTjjWzY5Qyb2a9iaWobF1KZcg4sohIQB7hhE3snvkvNASNnbkSCMF4wJRcg1YYHztSm9o3u_ERAT4A9um2R3-JTO8q5iAQ&sig=Cg0ArKJSzJ5u0OQEzuylEAE&id=lidar2&mcvt=1569&p=0,0,600,300&tm=1750.5&tu=181.1999969482422&mtos=1569,1569,1569,1569,1569&tos=1569,0,0,0,0&v=20250312&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=32&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3783175500&rst=1741898954907&rpt=1154&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Thu, 13 Mar 2025 20:49:17 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
activeview
pagead2.googlesyndication.com/pcs/ Frame FD9B 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst2QA_PqgYOs5ud-A5Lz-JGhTyNmLO20ewLxp0WdSI2W0XsDTtb1rMypER42K4GR-MjMXxESVgqaZrijgnRfTRc2fOqC-kZj4hhAYdYyRCkcMj_gQjkubYb8T5lm6FzRbbCHqGAie0cI8vQ_uWHr0E&sig=Cg0ArKJSzHxM-bmPyD9tEAE&id=lidar2&mcvt=1572&p=0,0,600,300&tm=1855.3000030517578&tu=283&mtos=1572,1572,1572,1572,1572&tos=1572,0,0,0,0&v=20250312&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=32&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3783175500&rst=1741898954967&rpt=1085&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Thu, 13 Mar 2025 20:49:17 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
activeview
pagead2.googlesyndication.com/pcs/ Frame C743 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssV9FJZWSXeYQIktE5wuxBMS4JAac6P4u8r5GvinEPWPWmZzTvgOxPwOCPS-6NhaDZ81jW5Wgq6WboGNGHffuyzNs2UuS9MmMihpVPGUKANH3V-2f1fSM1WdlYWH8VlMoW8cyqPBpCRZ-KuVuWVjkXynq49NhmyFE5n8TNv9wE1FSQ&sig=Cg0ArKJSzB6pFm8kM3TGEAE&id=lidar2&mcvt=1575&p=56,45,656,345&tm=1759.099998474121&tu=183.89999771118164&mtos=1575,1575,1575,1575,1575&tos=1575,0,0,0,0&v=20250312&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=623423141&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3783175500&rst=1741898954907&rpt=1149&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Thu, 13 Mar 2025 20:49:17 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
activeview
pagead2.googlesyndication.com/pcs/ Frame FD9B 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssLaX0fpFL8A9lC1IR80RmeoY4wrgtCUvMiUAeFr3yFqqyeuPsvkzlE862hIBupPyu6qgmwUruFnJlbK03VgBTnzxPdSNsxL7DmEltYVNdd-ThhG5d4VHYohqSoPHjMAXP-mIu0VofwUqoej6-2AK4pEdoWGgHv59c7M-Y2vNrc4j0&sig=Cg0ArKJSzPeXGypLdFK-EAE&id=lidar2&mcvt=1578&p=56,1254,656,1554&tm=1862.8999977111816&tu=285.39999771118164&mtos=1578,1578,1578,1578,1578&tos=1578,0,0,0,0&v=20250312&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=2593077440&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3783175500&rst=1741898954967&rpt=1079&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Thu, 13 Mar 2025 20:49:17 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
dt
dt.adsafeprotected.com/ 		43 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=2388769&asId=c026729b-c97e-8018-f342-f420d7362d04&tv=%7Bc:6JMMkC,pingTime:-10,time:1610,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi40djEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi40dk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDAzMDEwN3x8NjAwfHxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzMuMC4wLjAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.4v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200222002220222202,asp:1741898956791%7C%7C7e1c45752245cd86521edaca92cac3ec%7C%7C97c8d7303a7d32359ab28720b7810e9d%7C%7C6f126f2413e610ddc88a24836cbe15f9%7C%7Cd8f3625e343b416d685d32bf3d3839b5%7C%7Cbc65c2d33bda6e000ca5877f03a642f9%7C%7C3edc9eb8e02b328417483a16e8462535%7C%7C78c7acbe33e97e9106adfcc7eb917f12%7C%7C1715618633,sca:%7Bspg:23bf21b3-d8ef-915e-b22c-089decdecd8a%7D%7D
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:1aca:4280:46af:258a:9b81:4449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-length
43
date
Thu, 13 Mar 2025 20:49:17 GMT
pragma
no-cache
content-type
image/gif
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4659 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8274178825948&version=m202503100101&ct=77&x=8&cor=11895251376072990000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:17 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
sync.kueezrtb.com/api/sync/iframe/ Frame 61E2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.kueezrtb.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.183.103.129 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods
GET, HEAD, OPTIONS, POST
access-control-allow-origin
*
content-length
3994
content-type
text/html
date
Thu, 13 Mar 2025 20:49:18 GMT
p3p
CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
presync.html
scripts.opti-digital.com/js/ Frame 396F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://scripts.opti-digital.com/js/presync.html?endpoint=optidigital
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.3.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=7200
cf-cache-status
HIT
cf-ray
91fe65a63d75a545-MIA
content-encoding
br
content-type
text/html
date
Thu, 13 Mar 2025 20:49:17 GMT
expires
Thu, 13 Mar 2025 22:49:17 GMT
priority
u=0,i
server
cloudflare
server-timing
cfExtPri
vary
Accept-Encoding
x-cloud-trace-context
9aebea955553bd6263afffec9116b9dc
load-cookie.html
elb.the-ozone-project.com/static/ Frame EE22 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&gpp=&gpp_sid=&pubcid.org=aed0aebb-d34e-4d33-824f-53231927c1cc&adserver.org=f7f272c4-ba58-4f19-bcf7-2852999b8cd8&audigent.com=0001yum0eabkba98bciae6gibddj96ldclf786khdaabackkc2jl&publisherId=OZONEVEN0005&siteId=1500000649&cb=1741898953660&bidder=ozone
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.34.190 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
91fe65a6194e743d-MIA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 13 Mar 2025 20:49:17 GMT
expires
0
last-modified
Thu, 13 Mar 2025 13:36:50 GMT
pragma
no-cache
server
cloudflare
server-timing
cfCacheStatus;desc="DYNAMIC"
vary
Origin, Accept-Encoding
sync
eb2.3lift.com/ Frame 41E2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
1097
content-type
text/html; charset=utf-8
date
Thu, 13 Mar 2025 20:49:17 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
usync.html
eus.rubiconproject.com/ Frame 0338 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.141 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-141.deploy.static.akamaitechnologies.com
Software
Apache/2.4.62 (Debian) /
Resource Hash

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
224
content-type
text/html
date
Thu, 13 Mar 2025 20:49:17 GMT
etag
"10d-629840acea280-gzip"
last-modified
Wed, 18 Dec 2024 04:42:34 GMT
server
Apache/2.4.62 (Debian)
vary
Accept-Encoding
isync
visitor.omnitagjs.com/visitor/ Frame 6575 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.212.18.61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
61.18.212.35.bc.googleusercontent.com
Software
fasthttp /
Resource Hash

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-length
2226
content-type
text/html; charset=UTF-8
date
Thu, 13 Mar 2025 20:49:17 GMT
p3p
CP="CAO PSA OUR"
server
fasthttp
vary
Accept-Encoding
via
kong/3.6.1
x-kong-proxy-latency
0
x-kong-request-id
f18ac3139b563507f7d2205601f78f3a
x-kong-upstream-latency
3
isyn
use1-sync.a-mo.net/ Frame EA26 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://use1-sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CtUBSglmYWNlcy53dGZSC2Fhcy04NGY0N2I4WghwYmExLjMuNGoJZmFjZXMud3Rm-gEGOS4yOS4w6AIBiAPJic2-BqgDP-oDJGUzMDY2YjRhLWU0NTEtNDU4YS1hZTMxLTI1MGYxYWM3NDA4N6IEEmh0dHBzOi8vZmFjZXMud3RmL6oEA0RDSLIFA1VTROoFB2Rlc2t0b3D6BQNueTXABgDIBgGqBwN3ZWLKBwlmYWNlcy53dGbgBwGCCAlmYWNlcy53dGaKCAZjaHJvbWWZCCAAAAAACEAA
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.195.55 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

cache-control
max-age=0, private, must-revalidate
content-encoding
gzip
content-length
599
content-type
text/html; charset=utf-8
date
Thu, 13 Mar 2025 20:49:18 GMT
server
envoy
vary
accept-encoding
x-envoy-upstream-service-time
9
usync.html
u.4dex.io/ Frame 81E9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://u.4dex.io/usync.html?it=adg-pb-clt&lang=en&publisher_id=1090&website_name=faces-wtf
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.40.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
38.40.149.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Referer
https://faces.wtf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
content-encoding
zstd
content-length
443
content-type
text/html; charset=utf-8
date
Thu, 13 Mar 2025 20:49:18 GMT
expires
0
pragma
no-cache
vary
Origin Accept-Encoding
via
1.1 google
gen_204
pagead2.googlesyndication.com/pagead/ Frame FD9B 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6465077487194&version=m202503100101&ct=76&x=8&cor=2284170839634666800
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:17 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame C743 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9046760296681&version=m202503100101&ct=76&x=8&cor=15876197263580099000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Thu, 13 Mar 2025 20:49:17 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
consumer-privacy-logo.png
secure.flashtalking.com/oba/icon/ Frame 4659 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.200.196.50 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-200-196-50.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

Cache-Control
max-age=1200
ETag
W/"d675694ab4d4d2eb56cca854c25d9c36"
Connection
keep-alive
Expires
Thu, 13 Mar 2025 21:09:18 GMT
X-Varnish
977502517 975897158
Accept-Ranges
bytes
Content-Length
5953
X-FT-Origin
us
Date
Thu, 13 Mar 2025 20:49:18 GMT
Last-Modified
Thu, 11 Feb 2021 15:39:51 GMT
Content-Type
image/png
Server
Flashtalking (AKA)
activeview
pagead2.googlesyndication.com/pcs/ Frame 4659 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstd5i2ly-cdmnhIP5VH70JDltDbcJbZFjoARbgk0x2-qHB9qhFtd7YzDlI-uUv1YRJo8gDNKXEMa4HWfQnSb2UwvyuUEFq8JSljRJAV7JAK-hz8O27KgEldL73ceenhggE0ZD6L5ptdTYu1Pjf7Zec&sig=Cg0ArKJSzE6_3aNPkdehEAE&id=lidar2&mcvt=1228&p=0,0,90,728&tm=2153&tu=925.0999984741211&mtos=1228,1228,1228,1228,1228&tos=1228,0,0,0,0&v=20250312&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=32&adk=577841541&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=3783175500&rst=1741898955042&rpt=1221&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Thu, 13 Mar 2025 20:49:17 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
83f464d4-f96e-4095-9512-f4473e2f3ea3
https://faces.wtf/ Frame 4659 		0
0
cors
data.ad-score.com/data/ Frame 4659 		1 B
265 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://data.ad-score.com/data/cors?pm_st=eNzUmnzuegtvMRmNrYcOKDCezhbclejH-FE7fPshldVTkKD8b0XLPFknBPA==-E03FPcVualvjNw==&pm_ct=27be31b6329464df6f0f370a&pm_pl=1741898957174&pm_td=999&pid=1000925&en=1.1&callback=__pm_glbl_SHZ2amVN76Jsg0gFEDJWDnhh._gc2&tt=g&v=273ca3d
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://faces.wtf/

Response headers

Access-Control-Allow-Origin
https://faces.wtf
Content-Length
1
Date
Thu, 13 Mar 2025 20:49:18 GMT
Content-Type
text/plain; charset=utf-8
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
POST
cors
data.ad-score.com/data/ Frame 4659 		1 B
265 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://data.ad-score.com/data/cors?pm_st=eNzUmnzuegtvMRmNrYcOKDCezhbclejH-FE7fPshldVTkKD8b0XLPFknBPA==-E03FPcVualvjNw==&pm_ct=27be31b6329464df6f0f370a&pm_pl=1741898957174&pm_td=1232&pid=1000925&en=1.1&callback=__pm_glbl_SHZ2amVN76Jsg0gFEDJWDnhh._gc3&tt=g&v=273ca3d
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://faces.wtf/

Response headers

Access-Control-Allow-Origin
https://faces.wtf
Content-Length
1
Date
Thu, 13 Mar 2025 20:49:18 GMT
Content-Type
text/plain; charset=utf-8
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
POST
cors
data.ad-score.com/data/ Frame 4659 		1 B
265 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://data.ad-score.com/data/cors?pm_st=eNzUmnzuegtvMRmNrYcOKDCezhbclejH-FE7fPshldVTkKD8b0XLPFknBPA==-E03FPcVualvjNw==&pm_ct=27be31b6329464df6f0f370a&pm_pl=1741898957174&pm_td=1404&pid=1000925&en=1.1&callback=__pm_glbl_SHZ2amVN76Jsg0gFEDJWDnhh._gc4&tt=g&v=273ca3d
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://faces.wtf/

Response headers

Access-Control-Allow-Origin
https://faces.wtf
Content-Length
1
Date
Thu, 13 Mar 2025 20:49:18 GMT
Content-Type
text/plain; charset=utf-8
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
POST
truncated
/ Frame 4659 		35 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
cors
data.ad-score.com/data/ Frame 4659 		1 B
265 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://data.ad-score.com/data/cors?pm_st=eNzUmnzuegtvMRmNrYcOKDCezhbclejH-FE7fPshldVTkKD8b0XLPFknBPA==-E03FPcVualvjNw==&pm_ct=27be31b6329464df6f0f370a&pm_pl=1741898957174&pm_td=1543&pid=1000925&en=1.1&callback=__pm_glbl_SHZ2amVN76Jsg0gFEDJWDnhh._gc5&tt=g&v=273ca3d
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://faces.wtf/

Response headers

Access-Control-Allow-Origin
https://faces.wtf
Content-Length
1
Date
Thu, 13 Mar 2025 20:49:18 GMT
Content-Type
text/plain; charset=utf-8
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
POST
/
ad-events.flashtalking.com/state/9356627;5204940;0;202;9CD73026-168A-1627-2303-EA425E91CB5F/ Frame 4659 		0
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-events.flashtalking.com/state/9356627;5204940;0;202;9CD73026-168A-1627-2303-EA425E91CB5F/?cachebuster=275437418
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.208.84 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-208-84.compute-1.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

content-length
0
date
Thu, 13 Mar 2025 20:49:18 GMT
content-type
text/plain; charset=utf-8
server
awselb/2.0
cors
data.ad-score.com/data/ Frame 4659 		1 B
265 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://data.ad-score.com/data/cors?pm_st=eNzUmnzuegtvMRmNrYcOKDCezhbclejH-FE7fPshldVTkKD8b0XLPFknBPA==-E03FPcVualvjNw==&pm_ct=27be31b6329464df6f0f370a&pm_pl=1741898957174&pm_td=1953&pid=1000925&en=1.1&callback=__pm_glbl_SHZ2amVN76Jsg0gFEDJWDnhh._gc6&tt=g&v=273ca3d
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://faces.wtf/

Response headers

Access-Control-Allow-Origin
https://faces.wtf
Content-Length
1
Date
Thu, 13 Mar 2025 20:49:19 GMT
Content-Type
text/plain; charset=utf-8
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
POST
dt
dt.adsafeprotected.com/ 		43 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=2388769&asId=23bf21b3-d8ef-915e-b22c-089decdecd8a&tv=%7Bc:6JMNk4,pingTime:5,time:5428,type:p,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:600,t:365%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5428,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:365,wc:400.400.1600.1200,ac:445.456.300.600,am:sp,cc:400.400.300.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5097~100%5D,as:%5B5097~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:254,fm:uFmmva4+11%7C121111%7C121112%7C1211131%7C1211132%7C1211133%7C1211134%7C121114%7C121115%7C121116%7C121117%7C12112%7C12113%7C12114%7C12115%7C12116%7C12117%7C12118%7C122%7C13%7C14%7C15%7C16%7C17%7C18*.2388769-85746127%7C181%7C182%7C183%7C19.2388769-85746127%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3,idMap:18*,rmeas:1,rend:1,renddet:IMG.qs,siq:368,msd:0,ph:1200,sis:575%7D&br=c
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:1aca:4280:46af:258a:9b81:4449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
content-length
43
p3p
CP="COM NAV INT STA NID OUR IND NOI"
date
Thu, 13 Mar 2025 20:49:21 GMT
pragma
no-cache
content-type
image/gif
server
Apache-Coyote/1.1
dt
dt.adsafeprotected.com/ 		43 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=2388769&asId=23bf21b3-d8ef-915e-b22c-089decdecd8a&tv=%7Bc:6JMNk5,pingTime:5,time:5429,type:pf,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:600,t:365%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5429,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:365,wc:400.400.1600.1200,ac:445.456.300.600,am:sp,cc:400.400.300.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5097~100%5D,as:%5B5097~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:254,fm:uFmmva4+11%7C121111%7C121112%7C1211131%7C1211132%7C1211133%7C1211134%7C121114%7C121115%7C121116%7C121117%7C12112%7C12113%7C12114%7C12115%7C12116%7C12117%7C12118%7C122%7C13%7C14%7C15%7C16%7C17%7C18*.2388769-85746127%7C181%7C182%7C183%7C19.2388769-85746127%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3,idMap:18*,rmeas:1,rend:1,renddet:IMG.qs,siq:368,msd:0,ph:1200,sis:575%7D&br=c
Requested by
Host: faces.wtf
URL: https://faces.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:1aca:4280:46af:258a:9b81:4449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer
https://faces.wtf/

Response headers

cache-control
no-cache
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-length
43
date
Thu, 13 Mar 2025 20:49:21 GMT
pragma
no-cache
content-type
image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=2173
Domain
faces.wtf
URL
blob:https://faces.wtf/0135d4d5-d461-4bfa-ae5b-04e7e804225d
Domain
faces.wtf
URL
blob:https://faces.wtf/fe775be6-ca51-4992-883d-bd7873c993ac
Domain
faces.wtf
URL
blob:https://faces.wtf/83f464d4-f96e-4095-9512-f4473e2f3ea3

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| webpackChunk_N_E object| __VM_WPK_C_LR__i function| __next_set_public_path__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E function| __NEXT_PRELOADREADY object| __MIDDLEWARE_MATCHERS object| __BUILD_MANIFEST object| __SSG_MANIFEST object| __cfBeacon object| __VM object| __VM_WPK_C_LR__m object| regeneratorRuntime object| _pbjsGlobals object| googletag object| ADAGIO object| ggeac object| google_tag_data object| google_js_reporting_queue object| google_reactive_ads_global_state object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| MTE4YTIxNDI2ZDQwYzhhZWxvYWRlcl9qcw== string| MTE4YTIxNDI2ZDQwYzhhZWNhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners object| __tcfapiManager boolean| __tcfapiPostMessageReady object| google_tag_topics_state number| google_unique_id boolean| 8d7cf09c-f299-4e3b-a554-8ffbda9021fb number| google_srt object| google_logging_queue object| google_ad_modifications object| google_persistent_state_async object| adsbygoogle string| google_user_agent_client_hint object| google_image_requests object| googDdmPs

275 Cookies

Domain/Path Name / Value
.3lift.com/sync Name: sync
Value: CgoIgAIQsYeTitkyCgoIoQEQsYeTitkyCgoIgQIQ4IqTitkyCgoI4gEQsYeTitkyCgoI5gEQsYeTitkyCgoIhwIQsYeTitkyCgkISRDgipOK2TIKCQgLEOCKk4rZMgoKCIwCELGHk4rZMgoKCKwCEOCKk4rZMgoKCK0CEOCKk4rZMgoKCM4BEOCKk4rZMgoKCJQCEOCKk4rZMgoKCLcCEOCKk4rZMgoJCDoQsYeTitkyCgkIGxCxh5OK2TIKCgidAhDgipOK2TIKCgjeARDgipOK2TIKCgi_AhCxh5OK2TIKCQhfELGHk4rZMg==
.faces.wtf/ Name: _sharedid
Value: aed0aebb-d34e-4d33-824f-53231927c1cc
.faces.wtf/ Name: _sharedid_cst
Value: zix7LPQsHA%3D%3D
faces.wtf/ Name: _lr_retry_request
Value: true
faces.wtf/ Name: _lr_env_src_ats
Value: false
.adsrvr.org/ Name: TDID
Value: f7f272c4-ba58-4f19-bcf7-2852999b8cd8
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.faces.wtf/ Name: cto_bundle
Value: wiutGF8lMkYlMkZEcGZ2TWtGamlYNXlDU2N0SFhld2M1TDdqSTVSY0w0SXFTYmtsaTRnS1Q4VCUyQmMlMkY1YVNreXdkN3N0bFpKNXVOdlY5JTJGazY2N1F2Z1dyRE5ObHlOdURIU0xCT3ZBWU1JSlhNYlNBJTJGdUVsQUVGYWRFUmRSUUhMQXNVSHBybDc5UQ
.faces.wtf/ Name: cto_bidid
Value: y7jqPV9CV2FjVjclMkJCeGpPMEVEN21xMWtLUXVEWXo5ZnJPZHpldk9qVnNWNFpwUjh4JTJGZWdwN0RLYjJjNUJjdiUyQkVDUTM4YlRNUVdTbkx2dUJQWUQ2cUhqJTJGS1VRJTNEJTNE
.3lift.com/ Name: receive-cookie-deprecation
Value: 1
.3lift.com/ Name: tluid
Value: 3563202939838213902245
.faces.wtf/ Name: _au_1d
Value: AU1D-0100-001741898953-EIBAPF3G-CJXT
.prebid.a-mo.net/ Name: __amc
Value: 1_1741898953_1741898953
.a-mo.net/ Name: amuid2
Value: 48d81378-f2a7-4169-ae75-d61b35e5d83d
.a-mo.net/ Name: pamuid2
Value: 48d81378-f2a7-4169-ae75-d61b35e5d83d
.prebid.a-mo.net/ Name: psd_amuid2
Value: 48d81378-f2a7-4169-ae75-d61b35e5d83d
.prebid.a-mo.net/ Name: sd_amuid2
Value: 48d81378-f2a7-4169-ae75-d61b35e5d83d
.tapad.com/ Name: TapAd_TS
Value: 1741898953532
.tapad.com/ Name: TapAd_DID
Value: 7b808386-ded4-4fa0-9901-37f48422813b
.openx.net/ Name: i
Value: 9f37cd8d-1a98-453c-bc04-1602d710a09f|1741898953
.omnitagjs.com/ Name: ayl_visitor
Value: 9034b771263f5bc8bc15994fe04bd57d
.rubiconproject.com/ Name: khaos_p
Value: M87TNUK5-15-JGCE
.turn.com/ Name: uid
Value: 7017034605181824636
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 8255A0EB-E98C-4BA0-AD19-90E39EB92532
.adnxs.com/ Name: XANDR_PANID
Value: bww0SO2_-6XSMc_RBvIBXijAl-973-qQBdcTaeFUmiljuBvmjl3XLxDnxxg_DoLeHhma9cDtZ0rHQoywQ9KjYnoqm4d23r_4EH3mMhSj4rw.
.adnxs.com/ Name: uuid2
Value: 4240468663692882447
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!1748
.doubleclick.net/ Name: IDE
Value: AHWqTUkbr4YCruaQ60ZEz8Hx3aCcSLmHSjIaoPJIo9Ci7kO8GgtvoUniPXH1rTupYpE
.cpx.to/ Name: dsp_OPENX
Value: 0ca6dec7-8fb7-46c4-8444-2646b2a08ce0#1741898953743
.faces.wtf/ Name: __gads
Value: ID=6c41f73dfb6ae9d4:T=1741898953:RT=1741898953:S=ALNI_MbWCFFbIOTl4kdtc1bxCg6vNHSDwQ
.faces.wtf/ Name: __gpi
Value: UID=0000106c83356116:T=1741898953:RT=1741898953:S=ALNI_Maq2YpJD5wNWcJHUT5_hgLZ-_Q3pg
.faces.wtf/ Name: __eoi
Value: ID=aace88faa3f54968:T=1741898953:RT=1741898953:S=AA-AfjYiURh4mh5WS8ZzCVzqPu40
.go.sonobi.com/ Name: __uis
Value: e4c0b503-d2ff-4105-b499-91ca4139a2d6
.id5-sync.com/ Name: id5
Value: 68868cb5-207c-7a34-bdf0-b16cabe7b9e1#1741898952787#4
.ad.gt/ Name: au_id
Value: AU1D-0100-001741898953-EIBAPF3G-CJXT
.ad.gt/ Name: au_3p_check
Value: 1
.cpx.to/ Name: dsp_pubmatic
Value: 8255A0EB-E98C-4BA0-AD19-90E39EB92532#1741898953856
.amazon-adsystem.com/ Name: ad-id
Value: AzbxVgwtOEeYt4jYc0wzEKg
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.cpx.to/ Name: dsp_dbm
Value: CAESEC04iH2Lg5h0oWMSxSUVAZo#1741898953875
.cpx.to/ Name: dsp_app_nexus
Value: 4240468663692882447#1741898953887
.cpx.to/ Name: dsp_TTD
Value: f7f272c4-ba58-4f19-bcf7-2852999b8cd8#1741898953887
.cpx.to/ Name: dsp_rubicon
Value: M87TNUK5-15-JGCE#1741898953921
.bidr.io/ Name: bito
Value: AACwp07PpooAABvauAIGtw
.bidr.io/ Name: bitoIsSecure
Value: ok
.rubiconproject.com/ Name: khaos
Value: M87TNUK5-15-JGCE
.rubiconproject.com/ Name: receive-cookie-deprecation
Value: 1
.kueezrtb.com/ Name: vdz_sync
Value: 6587e04a-f9b9-1293-031d-31bb4151b5f0
.gumgum.com/ Name: vst
Value: u_d24c22c9-5e15-40b1-bed6-4e8eb2389ad3
.smartadserver.com/ Name: pid
Value: 6012339931697455579
.smaato.net/ Name: SCM
Value: a1e4e7243b
.smaato.net/ Name: SCMaps
Value: a1e4e7243b
.3lift.com/ Name: tluidp
Value: 3563202939838213902245
.media.net/ Name: visitor-id
Value: 3849005541524327000V10
.inmobi.com/ Name: TEST-COOKIE
Value: YES
edge.venatusmedia.com/ Name: u
Value: 603987fb-10c7-4a79-ab1a-2f2d52f9a11c
.inmobi.com/ Name: iid
Value: ID5-1-94e100f6-b736-4241-9dd7-e36e07e688f2
.deepintent.com/ Name: CDIUSER
Value: di_d62e25d4e81c4239a618a
.yahoo.com/ Name: A3
Value: d=AQABBMpE02cCEJ-NksOsN241dP25mpC0jgcFEgEBAQGW1GfdZwAAAAAA_eMAAA&S=AQAAAuR3jQzfyf7O41KKLK5bEpA
.adform.net/ Name: C
Value: 1
.bidswitch.net/ Name: c
Value: 1741898954
.bidswitch.net/ Name: tuuid_lu
Value: 1741898954
.smaato.net/ Name: SCMinmobi
Value: a1e4e7243b
.smaato.net/ Name: SCM1001980
Value: a1e4e7243b
.smaato.net/ Name: SCMtapad
Value: a1e4e7243b
.contextweb.com/ Name: V
Value: b18eXA6KYr2I
.contextweb.com/ Name: VP
Value: part_b18eXA6KYr2I
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 633d6c1a209fcb92
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-c421370e-949a-544a-71bb-669c84100a63.j5xX4lmKDj0%2FueJRxyBciEVVIpuN8JTWIdz2bz%2BO71c
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-c421370e-949a-544a-71bb-669c84100a63.j5xX4lmKDj0%2FueJRxyBciEVVIpuN8JTWIdz2bz%2BO71c
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AxCE3DpSaVEpxu2achBAKYyaEdks.BmPfUJrsVdoZPZtyI0FaAiLKjSLbbDogqq2ZGHi2YZQ
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AxCE3DpSaVEpxu2achBAKYyaEdks.BmPfUJrsVdoZPZtyI0FaAiLKjSLbbDogqq2ZGHi2YZQ
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKINTBx7vLGq6MGVcMD1rudXKdet5DsK0Q-gyjzIsPbHIKEGcYBCDKic2-BjABOgSbPmuqQgR5fsVG.zdWXVAhHuhGTCgP7JBWVuPYjmRBEpiWtrpMB6HK9knQ
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKINTBx7vLGq6MGVcMD1rudXKdet5DsK0Q-gyjzIsPbHIKEGcYBCDKic2-BjABOgSbPmuqQgR5fsVG.zdWXVAhHuhGTCgP7JBWVuPYjmRBEpiWtrpMB6HK9knQ
.ipredictive.com/ Name: cu
Value: 519b468e-5426-4604-b143-04047cdb1286|1741898954575
.adform.net/ Name: uid
Value: 7515525650224763116
.zemanta.com/ Name: zuid
Value: CbOQhZelOGdhxhWLGNRV
.bidswitch.net/ Name: tuuid
Value: 9c719883-0767-4727-8741-78e893a877cb
s2s.t13.io/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJpbm1vYmkiOnsidWlkIjoiSUQ1LTEtOTRlMTAwZjYtYjczNi00MjQxLTlkZDctZTM2ZTA3ZTY4OGYyIiwiZXhwaXJlcyI6IjIwMjUtMDMtMjdUMjA6NDk6MTQuNjUwMjk5MjEzWiJ9fSwib3B0b3V0IjpmYWxzZX0=
.inmobi.com/ Name: gob_cookie
Value: YES
.creativecdn.com/ Name: ts
Value: 1741898954
.creativecdn.com/ Name: g
Value: S6u8CW41WyRiBcf4cpax_1741898954727
.mookie1.com/ Name: id
Value: 10597462514847832301
.mookie1.com/ Name: mdata
Value: 1|10597462514847832301|1741898954804
.mookie1.com/ Name: ov
Value: 6e93e2c887f4bb0575233535de426264
.outbrain.com/ Name: obuid
Value: 637bce5f-46f8-41d8-8c27-8e334055e232
.faces.wtf/ Name: FCNEC
Value: %5B%5B%22AKsRol9ThvYdqaMXELRSsA6ZBkumDCsnXJJmhaqNNGnaS2A0JDKoSERlJEp4yF8Jv0v0DQ1KbgmMwH9e4Wn7YQ6Wp1VBCAOZTqp93zMnIATjqX2TfB-jEaGJwF-_jVK50YyQm6kjv8XvhEGLqDq75TG-FmmEGT6g_g%3D%3D%22%5D%5D
.deepintent.com/ Name: CDIPARTNERS
Value: %7B%221%22%3A%2220250313%22%2C%22141%22%3A%2220250313%22%7D
.rlcdn.com/ Name: pxrc
Value: CMqJzb4GEgUI6AcQABIFCOhHEAASBgjzwisQAA==
.lijit.com/ Name: ljt_reader
Value: KUihALZHgTw-C69LTc-pkxE4
.e-volution.ai/ Name: v_usr
Value: a26cf840-61bc-490d-bd9f-ff5b919cf820
.e-volution.ai/ Name: v_red
Value: 378
.pubmatic.com/ Name: KRTBCOOKIE_1251
Value: 23269-di_d62e25d4e81c4239a618a&KRTB&23571-di_d62e25d4e81c4239a618a&KRTB&23677-di_d62e25d4e81c4239a618a
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEJ4Un2xqJAuKZq3Zy-P7NQg&KRTB&16514-CAESEJ4Un2xqJAuKZq3Zy-P7NQg&KRTB&23025-CAESEJ4Un2xqJAuKZq3Zy-P7NQg&KRTB&23386-CAESEJ4Un2xqJAuKZq3Zy-P7NQg
.socdm.com/ Name: SOC
Value: Z9NEy8Co8GwAANoelmgAAAAA
.sportradarserving.com/ Name: zuuid
Value: bea93aeb-252c-4d9a-9d39-98ad6d4ead39
.sportradarserving.com/ Name: c
Value: 1741898955
.sportradarserving.com/ Name: zuuid_lu
Value: 1741898955
.blismedia.com/ Name: b
Value: 67D344CBA69D0FC565A21974_
.pippio.com/ Name: did
Value: ROL5lKUZneKBcKuE
.pippio.com/ Name: didts
Value: 1741898955
.pippio.com/ Name: nnls
Value:
.pippio.com/ Name: pxrc
Value: CMuJzb4GEgYIgr0rEAA=
.simpli.fi/ Name: suid
Value: C71118851A0A439A971BFAC2E0EFCE2A
.pubmatic.com/ Name: KRTBCOOKIE_279
Value: 22890-519b468e-5426-4604-b143-04047cdb1286&KRTB&23011-519b468e-5426-4604-b143-04047cdb1286&KRTB&23355-519b468e-5426-4604-b143-04047cdb1286
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-f7f272c4-ba58-4f19-bcf7-2852999b8cd8&KRTB&22918-f7f272c4-ba58-4f19-bcf7-2852999b8cd8&KRTB&23031-f7f272c4-ba58-4f19-bcf7-2852999b8cd8
.ortb.net/ Name: lluid
Value: cda992c6-f94f-9ea6-048b-4d70d6ae6a75
.ortb.net/ Name: llum
Value: eyJzaHIiOnsiMSI6MTc0MTg5ODk1NTM5Mn19
.playdigo.com/ Name: pd_key
Value: 76a2e63c-86bc-417e-99a9-6dbd665105b6
.playdigo.com/ Name: pb_red
Value: 46
sync.clearnview.com/ Name: uid
Value: b3981a85-e180-5968-a63b-44d94a056ccd
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.sportradarserving.com/ Name: zuuid_k
Value: 1
.sportradarserving.com/ Name: zuuid_k_lu
Value: 1741898955
global.ib-ibi.com/ Name: ASP.NET_SessionId
Value: uuq3ikwo455k4332ykrlzwxc
.semasio.net/ Name: SEUNCY
Value: D33A4D88F7044EF5
.doubleclick.net/ Name: APC
Value: AfxxVi5mBsuRiS2aL1yT83LqfNmC3lbiZIsHwoRc8kbXovURsA2N6A
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:C71118851A0A439A971BFAC2E0EFCE2A&KRTB&23486-uid:C71118851A0A439A971BFAC2E0EFCE2A&KRTB&23489-uid:C71118851A0A439A971BFAC2E0EFCE2A&KRTB&23539-uid:C71118851A0A439A971BFAC2E0EFCE2A
.onaudience.com/ Name: cookie
Value: d62caca4ddc7b4c5
.onaudience.com/ Name: done_redirects252
Value: 1
.criteo.com/ Name: cto_bundle
Value: gfMLWF9FRFdDWFNKT0tGM3pFUFNHcm5NQ3RROXROUTFQdVdqYTRLdGVEZkNBazR1RzVISlNMbm9hM1R4RzdWeEVNVWtVNnFkZEtLRUo4SXVwckhOaDFxMEc0dzhRNnRLT0lBaWpucXk1UmQxbUswayUzRA
.criteo.com/ Name: uid
Value: 402f6467-b4f1-400e-b69a-0ea59db406ce
.csync.loopme.me/ Name: viewer_token
Value: ba1692a7-ab0f-4e50-bed8-c0fe9c258041
.adentifi.com/ Name: adtheorent[cuid]
Value: cuid_a04e0eb3-004c-11f0-99b7-12db0105501f
.linkedin.com/ Name: li_sugr
Value: 7c374a3f-4959-4c2b-bdd2-5bdd2ed5d505
.linkedin.com/ Name: bcookie
Value: "v=2&9ae6c908-d531-49c0-8891-7fa862c54c10"
.linkedin.com/ Name: lidc
Value: "b=TGST05:s=T:r=T:a=T:p=T:g=3230:u=1:x=1:i=1741898955:t=1741985355:v=2:sig=AQHwKTdUcRpxPgCC6CZKQZmH1jPVwQ6M"
.doubleclick.net/ Name: ar_debug
Value: 1
.sitescout.com/ Name: ssi
Value: 234e083b-a8aa-4db5-ab51-74baf0467f3f#1741898955690
.casalemedia.com/ Name: CMPS
Value: 5801
.pubmatic.com/ Name: KRTBCOOKIE_32
Value: 11175-AQAAy64NhSeMcQJ4CAMOAQEBAQEBAQCUkEW6FQEBAJSQRboV&KRTB&22715-AQAAy64NhSeMcQJ4CAMOAQEBAQEBAQCUkEW6FQEBAJSQRboV&KRTB&23519-AQAAy64NhSeMcQJ4CAMOAQEBAQEBAQCUkEW6FQEBAJSQRboV&KRTB&23632-AQAAy64NhSeMcQJ4CAMOAQEBAQEBAQCUkEW6FQEBAJSQRboV
ib.mookie1.com/ Name: ASP.NET_SessionId
Value: ofkehdtjwmkzgwbcvbah5boi
.ib.mookie1.com/ Name: ibkukiuno
Value: s=a6b91b6a-9ab0-4ced-93b2-5c4643d11c5e&h=&v=0&l=-8584597079297864098&op=&hl=0&vlu=0&tcs=1&dcc=-8584597079297864098
.pubmatic.com/ Name: KRTBCOOKIE_188
Value: 3189-234e083b-a8aa-4db5-ab51-74baf0467f3f-67d344cb-5553&KRTB&23418-234e083b-a8aa-4db5-ab51-74baf0467f3f-67d344cb-5553&KRTB&23634-234e083b-a8aa-4db5-ab51-74baf0467f3f-67d344cb-5553
.casalemedia.com/ Name: CMID
Value: Z9NEy9HM5W8ABxtRAZzL5QAA
.casalemedia.com/ Name: CMPRO
Value: 5801
.onaudience.com/ Name: done_redirects200
Value: 1
.flashtalking.com/ Name: flashtalkingad1
Value: "GUID=62811B99B17473"
.rkdms.com/ Name: sessionid
Value: h-072fd574c0494f1f94cbe9059c3c3284_t-1741898955
.rkdms.com/ Name: sc
Value: 14%3A124440
.lijit.com/ Name: _ljtrtb_80
Value: M87TNUK5-15-JGCE
.primis.tech/ Name: csuuid
Value: 67d344cc23f26
.intentiq.com/ Name: intentIQ
Value: PdSJujH9Eh
.intentiq.com/ Name: IQver
Value: 1.9
.bidberry.net/ Name: cookie
Value: d62caca4ddc7b4c5
.bidberry.net/ Name: done_redirects280414
Value: 1
.intentiq.com/ Name: ASDT
Value: 0
.intentiq.com/ Name: IQPData
Value: 646215245#1741898956447#0#1741898956447
.intentiq.com/ Name: intentIQCDate
Value: 1741898956449
.intentiq.com/ Name: CSDT
Value: UEQ6MTUxMDZfMCZVZk1NVkdy
.360yield.com/ Name: tuuid
Value: f4892ac6-d577-4372-9a12-2ac1476d9397
.360yield.com/ Name: tuuid_lu
Value: 1741898956
.360yield.com/ Name: um
Value: !313,IXTa-RqWAtfpre87eRFAMq4BzQ65SqK8751Je2I.noRFtcDi7E9HwJmOLAcOWJIIRWsRDCicjrw71HRpwxBC55afrYrucyybjrKrqR8J2b-uu0r-,1749674956
.360yield.com/ Name: umeh
Value: !313,0,1804106956,-1
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: 815af1e420b2838c37017add3d9f7f8f
.flashtalking.com/ Name: _D9J
Value: 184957601f3a4e71bccde24c8ffd20f4
.lijit.com/ Name: ljtrtb
Value: eJyrVrIwULJS8rUwD%2FEL9TbVNTTV9XJ3dlWqBQBOQwYv
.lijit.com/ Name: _ljtrtb_85
Value: AACwp07PpooAABvauAIGtw
.the-ozone-project.com/ Name: ozone_uid
Value: 2uHIE6odn9tAeXtfRfTd8D8250l
.the-ozone-project.com/ Name: __cf_bm
Value: h4.vBKkBMgxgL3jrGyDku_6GnuZnYa1T5C0t6XuAio8-1741898957-1.0.1.1-gMoXAyGfgMVCRhcEv4ubwqQgxjOSpLqihXkplS7HwosbvHfSzonk3bcThieI6Gf._GQC_akj3T9KUnHxdKgmoPElNkM0XIJSr7j91im1WNU
.rlcdn.com/ Name: rlas3
Value: c6JYUJ9yAfEwY+k78EgV+jZAYoLdGzZcizGXAOk9H8Y=
.id5-sync.com/ Name: 3pi
Value: 434#1741898956224#-1417091312|264#1741898957969#674968474#f7f272c4-ba58-4f19-bcf7-2852999b8cd8|1241#1741898956986#1190131449|155#1741898954256#-1752397449#AACwp07PpooAABvauAIGtw|203#1741898955592#1080945781#402f6467-b4f1-400e-b69a-0ea59db406ce|108#1741898955870#-1503370399|124#1741898956664#1675416119|796#1741898957694#-1336947398
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-xCE3DpSaVEpxu2achBAKYyaEdks&KRTB&23334-xCE3DpSaVEpxu2achBAKYyaEdks&KRTB&23417-xCE3DpSaVEpxu2achBAKYyaEdks&KRTB&23426-xCE3DpSaVEpxu2achBAKYyaEdks
.kueezrtb.com/ Name: vdzj1_8428d559
Value: ddf12sMZpSYIflIIYCG8qESEtJwMeOmtjKG9sQ2Q4fABZfXg4EHtuQmRtfV5aL3FrQ3t4XHFvelENfHFoS3w7E2Vte1FYfXFvFX4%2FFmB7ZURaey9sRHU7SGs8KgNef3psEXtjEWNqf1NOZWtvQHo7RmJqcVVfeX5uRnVoQ2BoLF9aKH97X29sQ2Q4f1VYLX06RytoEWI7flAPfn9oF3V4XHFvelENf3k6FXk5RDVrKFcOfn86RHg4RmV7ZURaen49Q3xuR2o6elBee3huECw5EWtpKFFOZWtvQHo7RTVqKlIPfS9rEnw4R2U6flNYLyt7X29sQ2Q4f1cKfXg4EHtuQmRtfV5aL3E8ES94XHFvelYKfXtrF39tRjc7KwBbcX1sEC9jSDF7ZURaei0%2FF39vQmZtK1ENKytpQStrRWBvfFBOZWtvQHhsEmFreAdcfCw%2FQStiRGI4flFVcXF7X29sRjdvL1IKe39rRC5sEWI%2FcVIOK387ECh4XHFvelRUKC9tF3o8ETJqflIOfno8QXhpEjZ7FEpOKiYsHTl4SmN1awEIOTt7STZ4GSAcHERWLyg1ACh2UjQ9ORROc2tpUWF4FzcpOyUDJzo8HTl4SnF7ZUQZOhkrGjs7Eyp7c0RONGV7ACgpAzo2J0RWa3w6SyluFmZrZARVL390Fn5pE349fQdVZCw%2FFX88SGRtK1BUeGt1US41Hj08KhIFJicQF29gUmVuKFJUcH88EHQ%2FRzFvLwdfLHxgQnltE3F1aw8fAC8rEiA%2FUmktOxMJNA%3D%3D
.aidemsrv.com/ Name: __cf_bm
Value: w5a.bwz2Q8XSE0oXJyNlr4QeL.f9wWqgxBGpaAMBp14-1741898958-1.0.1.1-0TmMgIvd68cEfeYZxKDc3CpQbOW9gGqqQVyEYLm4mcm5HrQU1a19COrfHgnid1X4OHksBCyafq2BYfxUar6Z0cegDOJhJ6LzEc5WwP12XaQ
.pbs.optidigital.com/ Name: uidod
Value: e30=
.pbs.optidigital.com/ Name: uidrubicon
Value: eyJ1aWQiOiJNODdUTlVLNS0xNS1KR0NFIn0=
.pbs.optidigital.com/ Name: uidtriplelift
Value: eyJ1aWQiOiIzNTYzMjAyOTM5ODM4MjEzOTAyMjQ1In0=
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSsjSzNDE3MDI2NTEyMzM2tjA1F-Iz1LXwCirN96wsDItwtAQAq52NhSQAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_9vEyGtobmJoYWlhaWphZGYIAO6HwnkQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSsjSzNDE3MDI2NTEyMzM2tjA1F-Iz1LXwCirN96wsDItwtAQAq52NhSQAAAA
.sharethrough.com/ Name: stx_user_id
Value: 376ea694-51eb-4c90-911e-9613d4565270
.quantserve.com/ Name: mc
Value: 67d344ce-42221-f2bf7-41b40
.quantserve.com/ Name: sp
Value: CggIiQ0SAxDqDg==
.yellowblue.io/ Name: wrvUserID
Value: T3V2xg39Cp_s
.bing.com/ Name: MUID
Value: 1ED269E051356D851EBB7C4E50346C65
.c.bing.com/ Name: MR
Value: 0
.agkn.com/ Name: ab
Value: 0001%3ATjmAP%2BKBMGTJBxWdlfXTeDlXIQV6DHwA
.use1-sync.a-mo.net/ Name: psd_amuid2
Value: 48d81378-f2a7-4169-ae75-d61b35e5d83d
.use1-sync.a-mo.net/ Name: sd_amuid2
Value: 48d81378-f2a7-4169-ae75-d61b35e5d83d
.postrelease.com/ Name: visitor
Value: 4144de18-de65-453d-963c-27baa4989959
.postrelease.com/ Name: status
Value: 0
.trustedstack.com/ Name: visitor-id
Value: 3849005581524311000V10
.tribalfusion.com/ Name: ANON_ID
Value: aRnoeUPME7uQmKvElTOB50JtitTrqMjbPJ66M1WK
.pbs.optidigital.com/ Name: uidcriteo
Value: eyJ1aWQiOiJrLUNDYmIxb3pJbzNmOER6akZIU2VDekI2YkFsVmtUdHBma3pHVV9RIn0=
.openwebmp.com/ Name: wrvUserID
Value: 9s_2xgFrkp_ow
.richaudience.com/ Name: pdid
Value: 0fffdf84-97a0-4993-8677-1zz1741898958
beacon.lynx.cognitivlabs.com/ Name: UID
Value: 42270f4f-fc43-4436-9422-1dd834568463
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 19420--9lUcfnaUyfg2gJw_98dJP-MVnXg2gEg-d7jufsz&KRTB&22979--9lUcfnaUyfg2gJw_98dJP-MVnXg2gEg-d7jufsz&KRTB&23462--9lUcfnaUyfg2gJw_98dJP-MVnXg2gEg-d7jufsz&KRTB&23661--9lUcfnaUyfg2gJw_98dJP-MVnXg2gEg-d7jufsz
.pubmatic.com/ Name: KRTBCOOKIE_18
Value: 22947-969470235426633857
.pubmatic.com/ Name: KRTBCOOKIE_1278
Value: 23329-724df8af-8af3-4143-8f05-69555159b734&KRTB&23340-724df8af-8af3-4143-8f05-69555159b734&KRTB&23498-724df8af-8af3-4143-8f05-69555159b734
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-7515525650224763116&KRTB&23263-7515525650224763116&KRTB&23481-7515525650224763116
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-7017034605181824636&KRTB&23150-7017034605181824636&KRTB&23527-7017034605181824636&KRTB&23643-7017034605181824636
.smaato.net/ Name: SCMrise
Value: a1e4e7243b
.go.sonobi.com/ Name: HAPLB8G
Value: s86202|Z9NE0
.33across.com/ Name: 33x_ps
Value: u%3D213031053635751%3As1%3D1741898958402%3Ats%3D1741898958402
.mxptint.net/ Name: mxpim
Value: R33646_12520F568_9BBE1882.1.000000000000000067D344CE
.mathtag.com/ Name: uuid
Value: f92967d3-44ce-4900-99b4-feae494cc201
.pbs.optidigital.com/ Name: uidsmartadserver
Value: eyJ1aWQiOiI2MDEyMzM5OTMxNjk3NDU1NTc5In0=
beacon.lynx.cognitivlabs.com/ Name: ss
Value: IZdgVXITa2dlzKpXK7jJyjbcKBWae32CyvclAJesw%2BRXbTuzsl57KuCprwCQI5Jp4jpkEv7wXBVPpMSq9ahqWob2IH%2BZFYrjfN6lVZ%2F%2BXaQ%3D
.pubmatic.com/ Name: KRTBCOOKIE_52
Value: 22772-R33646_12520F568_9BBE1882&KRTB&23092-R33646_12520F568_9BBE1882
.openx.net/ Name: pd
Value: v2|1741898958|hEiKgakWvMgy
.yieldmo.com/ Name: yieldmo_id
Value: xqZ3tmm2z3mc8kfY2z7e%7C1741824000000%7C0
.bttrack.com/ Name: GLOBALID
Value: 2uKlc8-sIBd987FnX3vEG5l9AQoDJyn6dXc4nXTPIkOIQUVqCIq-0_uw5BpSnI0pJmr2uolhcJQC4TM1
.aniview.com/ Name: aniC
Value: 761eb24c-3cc9-4742-8b5c-d1dc34364401
sync.aniview.com/ Name: aniC
Value: 761eb24c-3cc9-4742-8b5c-d1dc34364401
.tynt.com/ Name: uid
Value: 6iLoIGfTRM7f04cqVpcxbQ==
.disqus.com/ Name: zeta-ssp-user-id
Value: ua-456f596c-1a4b-3150-a0e0-d3fb8c47c2fd
.adotmob.com/ Name: uid
Value: 0bb120050084899b254e549e
.adotmob.com/ Name: uuid
Value: 0bb120050084899b254e549e
.adotmob.com/ Name: partners
Value: SMA%3A1741898958697
.pubmatic.com/ Name: KRTBCOOKIE_699
Value: 22727-AACwp07PpooAABvauAIGtw&KRTB&23649-AACwp07PpooAABvauAIGtw
.media.net/ Name: data-ris
Value: {{APID}}~~25
pool.admedo.com/ Name: tuuid
Value: 4f478b0f-a42b-48df-9bb2-b989ed7257b6
pool.admedo.com/ Name: c
Value: 1741898958
pool.admedo.com/ Name: tuuid_lu
Value: 1741898958
.a-mx.com/ Name: amdt_t
Value: p::1741898958806
.a-mx.com/ Name: amdt_t
Value: p::1741898958806
.a-mx.com/ Name: amuid2
Value: 48d81378-f2a7-4169-ae75-d61b35e5d83d
.a-mx.com/ Name: amuid2
Value: 48d81378-f2a7-4169-ae75-d61b35e5d83d
.smartadserver.com/ Name: csync
Value: 25:f92967d3-44ce-4900-99b4-feae494cc201|66:0bb120050084899b254e549e
.sitescout.com/ Name: _ssuma
Value: eyI0NSI6MTc0MTg5ODk1NTc0OCwiMjYiOjE3NDE4OTg5NTgyNjQsIjM5IjoxNzQxODk4OTU4MjY0LCI3IjoxNzQxODk4OTU4MjY0LCI3NCI6MTc0MTg5ODk1ODkwMn0
.aniview.com/ Name: 1_C_204
Value: ab54f915-7d57-43db-b8bc-01ae4a539ff3
sync.aniview.com/ Name: 1_C_204
Value: ab54f915-7d57-43db-b8bc-01ae4a539ff3
.aniview.com/ Name: 1_C_24
Value: 9c719883-0767-4727-8741-78e893a877cb
sync.aniview.com/ Name: 1_C_24
Value: 9c719883-0767-4727-8741-78e893a877cb
.aniview.com/ Name: 1_C_72
Value: 234e083b-a8aa-4db5-ab51-74baf0467f3f-67d344cb-5553
sync.aniview.com/ Name: 1_C_72
Value: 234e083b-a8aa-4db5-ab51-74baf0467f3f-67d344cb-5553
.aniview.com/ Name: 1_C_18
Value: KUihALZHgTw-C69LTc-pkxE4
sync.aniview.com/ Name: 1_C_18
Value: KUihALZHgTw-C69LTc-pkxE4
.rtb.mx/ Name: amdt_t
Value: p::1741898959043
.rtb.mx/ Name: amdt_t
Value: p::1741898959043
.rtb.mx/ Name: amuid2
Value: 48d81378-f2a7-4169-ae75-d61b35e5d83d
.rtb.mx/ Name: amuid2
Value: 48d81378-f2a7-4169-ae75-d61b35e5d83d
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-9c719883-0767-4727-8741-78e893a877cb&KRTB&23280-9c719883-0767-4727-8741-78e893a877cb
.analytics.yahoo.com/ Name: IDSYNC
Value: "18z8~2o18:199z~2o18:190u~2o18"
.adsby.bidtheatre.com/ Name: __ktpct
Value: 1
.adsby.bidtheatre.com/ Name: __kuid
Value: edc347d1-8405-4e83-9e18-995097ff32dc.511112959
.pubmatic.com/ Name: KRTBCOOKIE_650
Value: 12226-edc347d1-8405-4e83-9e18-995097ff32dc
.adx.opera.com/ Name: UID
Value: OPUdc92d0d6124c43389bdf8746740edc5d
.aniview.com/ Name: 1_C_5
Value: M87TNUK5-15-JGCE
sync.aniview.com/ Name: 1_C_5
Value: M87TNUK5-15-JGCE
.pubmatic.com/ Name: SPugT
Value: 1741898959
.media.net/ Name: data-pbs
Value: setstatuscode~~1
.rubiconproject.com/ Name: audit_p
Value: 1|qu9Gh61V0fcBdKlLg5VDuKbWnmKJMWDLQOF9Q4RupfObz16xSA9sXR/5Q1anUJ9xiugZ14oOMA3yUhTWCqUS/Pv31DA4fHDqMp0HTDw5gZ7V/IjBlWfcnehmFr38BriFHQREc2clzA3dhAw/GZU8wWU9z85IWv/BYPDxny9O7hNPVHjylZIeXNAPlTu0R9RN
.rubiconproject.com/ Name: audit
Value: 1|qu9Gh61V0fcBdKlLg5VDuKbWnmKJMWDLQOF9Q4RupfObz16xSA9sXR/5Q1anUJ9xiugZ14oOMA3yUhTWCqUS/Pv31DA4fHDqMp0HTDw5gZ7V/IjBlWfcnehmFr38BriFHQREc2clzA3dhAw/GZU8wWU9z85IWv/BYPDxny9O7hNPVHjylZIeXNAPlTu0R9RN
.copper6.com/ Name: co_key
Value: e6c0df57-1de7-445c-b884-36eb6e9971b6
.copper6.com/ Name: co_red
Value: 4
.tynt.com/ Name: pids
Value: %5B%7B%22p%22%3A%22797f54a72d%22%2C%22f%22%3A1%2C%22ts%22%3A1741898958937%7D%2C%7B%22p%22%3A%224ef5c9a86a%22%2C%22f%22%3A1%2C%22ts%22%3A1741898958937%7D%2C%7B%22p%22%3A%224bee518595%22%2C%22f%22%3A1%2C%22ts%22%3A1741898960810%7D%2C%7B%22p%22%3A%22029cc11ae7%22%2C%22f%22%3A1%2C%22ts%22%3A1741898960810%7D%2C%7B%22p%22%3A%226f27415d53%22%2C%22f%22%3A1%2C%22ts%22%3A1741898960810%7D%2C%7B%22p%22%3A%22162dbd77b3%22%2C%22f%22%3A1%2C%22ts%22%3A1741898960810%7D%2C%7B%22p%22%3A%227daaa56bb0%22%2C%22f%22%3A1%2C%22ts%22%3A1741898960810%7D%2C%7B%22p%22%3A%2224c05c7b76%22%2C%22f%22%3A1%2C%22ts%22%3A1741898958937%7D%2C%7B%22p%22%3A%22d26852f088%22%2C%22f%22%3A1%2C%22ts%22%3A1741898958937%7D%2C%7B%22p%22%3A%22cf4d6e49b5%22%2C%22f%22%3A1%2C%22ts%22%3A1741898958937%7D%2C%7B%22p%22%3A%22f9a4a8fd15%22%2C%22f%22%3A1%2C%22ts%22%3A1741898958937%7D%2C%7B%22p%22%3A%22008c314e8f%22%2C%22f%22%3A1%2C%22ts%22%3A1741898960810%7D%5D
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1wz3|7bq.0.1|80p.0.1|7dN.0.AACwp07PpooAABvauAIGtw|8i8.0.1
.contextweb.com/ Name: pb_rtb_ev_part
Value: 3-1wz3|7bq.0.1|80p.0.1|7dN.0.AACwp07PpooAABvauAIGtw|8i8.0.1
.dotomi.com/ Name: DotomiTest
Value: 251b0879ec501438
.pubmatic.com/ Name: DPSync4
Value: 1743033600%3A245_219_226_228_197%7C1741910400%3A248%7C1742428800%3A252_164_265
.4dex.io/ Name: uids
Value: eyJzeW5jcyI6eyJpbXByb3ZlZGlnaXRhbCI6IjIwMjUtMDMtMTNUMjA6NDk6MTguMTA5NTMyNTgxWiIsInB1Ym1hdGljIjoiMjAyNS0wMy0xM1QyMDo0OToxOC4xMDk1MzIxMzFaIiwicnRiaG91c2UiOiIyMDI1LTAzLTEzVDIwOjQ5OjE4LjEwOTUzNDQ1MVoiLCJydWJpY29uIjoiMjAyNS0wMy0xM1QyMDo0OToxOC4xMDk1Mjk2MjFaIn0sInVpZHMiOnsiYWRhZ2lvIjp7InVpZCI6ImI5MmRjYTA4LWJmNzktNDZkMS05MzExLWYyZTBiNGIxNDE1NyIsImV4cGlyZXMiOiIyMDI1LTA1LTEyVDIwOjQ5OjEzLjI5MTY0NTQyMVoifSwiaW1wcm92ZWRpZ2l0YWwiOnsidWlkIjoiZjQ4OTJhYzYtZDU3Ny00MzcyLTlhMTItMmFjMTQ3NmQ5Mzk3IiwiZXhwaXJlcyI6IjIwMjUtMDUtMTJUMjA6NDk6MjAuMzk1NDA0NTg4WiJ9LCJydGJob3VzZSI6eyJ1aWQiOiIwOHZWeXAtbXhsRVJSNnh1aEJiSks3bTY3V2RPWk5iS3VSWG5xWWNmVUFJIiwiZXhwaXJlcyI6IjIwMjUtMDUtMTJUMjA6NDk6MjEuMzcyOTc4MjU5WiJ9LCJydWJpY29uIjp7InVpZCI6Ik04N1ROVUs1LTE1LUpHQ0UiLCJleHBpcmVzIjoiMjAyNS0wNS0xMlQyMDo0OToxOS41NjM2NDgxMThaIn19LCJiZGF5IjoiMjAyNS0wMy0xM1QyMDo0OToxMy4yOTE0OTQ2ODFaIn0=
.pubmatic.com/ Name: SyncRTB4
Value: 1743033600%3A99_71_220_7_56_13_201_214_231_176_22_267_5_54_249_233_104_250_165_234_264_46_266_48_96_8_21_238_3_55_240_81_178_166%7C1742428800%3A2_223_15%7C1742256000%3A216%7C1743120000%3A35_268%7C1742688000%3A63%7C1744416000%3A224%7C1747008000%3A69
.adsrvr.org/ Name: TDCPM
Value: CAESFAoFdGFwYWQSCwjiqvK60Z7xPRAFEhcKCHB1Ym1hdGljEgsItrqnxtGe8T0QBRIWCgdydWJpY29uEgsIxtfEztGe8T0QBRgBIAEoAjILCLLS6LLonvE9EAU4AVoHdTQwY3B1d2AC
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:f92967d3-44ce-4900-99b4-feae494cc201
.pubmatic.com/ Name: KRTBCOOKIE_1323
Value: 23480-OPUdc92d0d6124c43389bdf8746740edc5d&KRTB&23485-OPUdc92d0d6124c43389bdf8746740edc5d&KRTB&23524-OPUdc92d0d6124c43389bdf8746740edc5d&KRTB&23575-OPUdc92d0d6124c43389bdf8746740edc5d
.pubmatic.com/ Name: KRTBCOOKIE_632
Value: 23041-08vVyp-mxlERR6xuhBbJK7m67WdOZNbKuRXnqYcfUAI&KRTB&23047-08vVyp-mxlERR6xuhBbJK7m67WdOZNbKuRXnqYcfUAI&KRTB&23234-08vVyp-mxlERR6xuhBbJK7m67WdOZNbKuRXnqYcfUAI&KRTB&23361-08vVyp-mxlERR6xuhBbJK7m67WdOZNbKuRXnqYcfUAI
.pbs.optidigital.com/ Name: uidpubmatic
Value: eyJ1aWQiOiI4MjU1QTBFQi1FOThDLTRCQTAtQUQxOS05MEUzOUVCOTI1MzIifQ==
.pubmatic.com/ Name: KRTBCOOKIE_594
Value: 17105-OPTOUT&KRTB&17107-OPTOUT
.ads.pubmatic.com/ Name: KCCH
Value: YES
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 16
.pubmatic.com/ Name: pi
Value: 156813:4
.ads.pubmatic.com/ Name: pubsyncexp
Value: 1741920561761
.adgrx.com/ Name: ADGRX_UID
Value: a4068094-004c-11f0-96d8-cc1d5f45f862
.w55c.net/ Name: wfivefivec
Value: Wk28kQ1b1TSPux5
.ctnsnet.com/ Name: cid_dff7004da97f433b92c2e01d265c52d7
Value: 1
.adgrx.com/ Name: ADGRX_CM_PUBMATIC_BRIDGED
Value: 1
.w55c.net/ Name: matchpubmatic
Value: 5
.pubmatic.com/ Name: KRTBCOOKIE_1003
Value: 22761-a4068094-004c-11f0-96d8-cc1d5f45f862&KRTB&23275-a4068094-004c-11f0-96d8-cc1d5f45f862
.pubmatic.com/ Name: KRTBCOOKIE_107
Value: 1471-uid:Wk28kQ1b1TSPux5&KRTB&23421-uid:Wk28kQ1b1TSPux5
.pubmatic.com/ Name: PugT
Value: 1741898961
.the-ozone-project.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJiaWRzd2l0Y2giOnsidWlkIjoiOWM3MTk4ODMtMDc2Ny00NzI3LTg3NDEtNzhlODkzYTg3N2NiIiwiZXhwaXJlcyI6IjIwMjUtMDMtMjdUMjA6NDk6MjEuMTYzMzAwOTM5WiJ9LCJncmlkIjp7InVpZCI6IjljNzE5ODgzLTA3NjctNDcyNy04NzQxLTc4ZTg5M2E4NzdjYiIsImV4cGlyZXMiOiIyMDI1LTAzLTI3VDIwOjQ5OjIxLjk3MDI0NjAwNloifSwiaXgiOnsidWlkIjoiWjlORXk5SE01VzhBQnh0UkFaekw1UUFBXHUwMDI2NTgwMSIsImV4cGlyZXMiOiIyMDI1LTAzLTI3VDIwOjQ5OjE4LjY4NTY1NjA1MloifSwibWVkaWFuZXQiOnsidWlkIjoiMzg0OTAwNTU0MTUyNDMyNzAwMFYxMCIsImV4cGlyZXMiOiIyMDI1LTAzLTI3VDIwOjQ5OjIwLjM5MDMyMzk5OVoifSwib3BlbngiOnsidWlkIjoiNzU0NTdkMWItMGE4MC00OTIyLThkNWUtMWVmZjMyNmM1MWVmIiwiZXhwaXJlcyI6IjIwMjUtMDMtMjdUMjA6NDk6MTkuMDg2NjkxNDI4WiJ9LCJwdWJtYXRpYyI6eyJ1aWQiOiI4MjU1QTBFQi1FOThDLTRCQTAtQUQxOS05MEUzOUVCOTI1MzIiLCJleHBpcmVzIjoiMjAyNS0wMy0yN1QyMDo0OToyMS41MDAyMTI0MTRaIn0sInJ1Ymljb24iOnsidWlkIjoiTTg3VE5VSzUtMTUtSkdDRSIsImV4cGlyZXMiOiIyMDI1LTAzLTI3VDIwOjQ5OjIwLjY4Mjg4ODU0NFoifSwic2hhcmV0aHJvdWdoIjp7InVpZCI6IjM3NmVhNjk0LTUxZWItNGM5MC05MTFlLTk2MTNkNDU2NTI3MCIsImV4cGlyZXMiOiIyMDI1LTAzLTI3VDIwOjQ5OjIwLjUzMzYzOTgyNVoifSwic21hcnQiOnsidWlkIjoiNjAxMjMzOTkzMTY5NzQ1NTU3OSIsImV4cGlyZXMiOiIyMDI1LTAzLTI3VDIwOjQ5OjE4LjQzMzkyNTU0OVoifSwic292cm4iOnsidWlkIjoiS1VpaEFMWkhnVHctQzY5TFRjLXBreEU0IiwiZXhwaXJlcyI6IjIwMjUtMDMtMjdUMjA6NDk6MTguODM4MDcyMTkzWiJ9LCJ0cmlwbGVsaWZ0Ijp7InVpZCI6IjM1NjMyMDI5Mzk4MzgyMTM5MDIyNDUiLCJleHBpcmVzIjoiMjAyNS0wMy0yN1QyMDo0OToxOS4yOTQxMzA5MDRaIn0sInR0ZCI6eyJ1aWQiOiJmN2YyNzJjNC1iYTU4LTRmMTktYmNmNy0yODUyOTk5YjhjZDgiLCJleHBpcmVzIjoiMjAyNS0wMy0yN1QyMDo0OToyMS44MTk5MDU1MzlaIn0sInlpZWxkbW8iOnsidWlkIjoieHFaM3RtbTJ6M21jOGtmWTJ6N2UiLCJleHBpcmVzIjoiMjAyNS0wMy0yN1QyMDo0OToyMS4zMDYyNzU1MjNaIn19LCJiZGF5IjoiMjAyNS0wMy0xM1QyMDo0OToxOC40MzM5MjIwNjhaIn0=

11 Console Messages

Source Level URL
Text
javascript error URL: https://faces.wtf/
Message:
Access to fetch at 'https://api.rlcdn.com/api/identity/envelope?pid=2173' from origin 'https://faces.wtf' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=2173
Message:
Failed to load resource: net::ERR_FAILED
security warning URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security warning URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security warning URL: https://cadmus.script.ac/d1oykxszdrgjgl/script.js
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000925&tt=g(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000925&tt=g(Line 1)
Message:
Failed to create WebGPU Context Provider
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000925&tt=g(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000925&tt=g(Line 1)
Message:
Failed to create WebGPU Context Provider
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000925&tt=g(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000925&tt=g(Line 1)
Message:
Failed to create WebGPU Context Provider

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

49df8c7b726f1f5265a4f8982841a893.safeframe.googlesyndication.com
a.ad.gt
aax.amazon-adsystem.com
ad-delivery.net
ad-events.flashtalking.com
ad.doubleclick.net
agen-assets.ftstatic.com
ajs-assets.ftstatic.com
api.rlcdn.com
beacon-sjc2.rubiconproject.com
c.4dex.io
c.amazon-adsystem.com
cadmus.script.ac
cdn.flashtalking.com
cdn.hadronid.net
cdn.id5-sync.com
ce.lijit.com
cm.g.doubleclick.net
config.aps.amazon-adsystem.com
d.turn.com
d9.flashtalking.com
data.ad-score.com
dis.eu.criteo.com
dt.adsafeprotected.com
eb2.3lift.com
edge.venatusmedia.com
elb.the-ozone-project.com
eus.rubiconproject.com
exchange.kueezrtb.com
faces.wtf
fastlane.rubiconproject.com
fundingchoicesmessages.google.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
gum.criteo.com
hb-api.omnitagjs.com
hb-vntsm-com.global.ssl.fastly.net
hb.vntsm.com
hb.vntsm.io
hb.yellowblue.io
i.clean.gg
ib.adnxs.com
ice.360yield.com
id.hadron.ad.gt
id5-sync.com
ids.ad.gt
ids4.ad.gt
image2.pubmatic.com
js.ad-score.com
lb.eu-1-id5-sync.com
match.adsrvr.org
match.prod.bidr.io
mp.4dex.io
mug.criteo.com
p.ad.gt
p.cpx.to
pagead2.googlesyndication.com
pbs.optidigital.com
pixel.rubiconproject.com
pixel.tapad.com
pixels.ad.gt
prebid.a-mo.net
proc.ad.cpe.dotomi.com
proton.ad.gt
s.amazon-adsystem.com
s.cpx.to
s0.2mdn.net
scripts.opti-digital.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.flashtalking.com
securepubads.g.doubleclick.net
seg.ad.gt
servedby.flashtalking.com
static.adsafeprotected.com
static.cloudflareinsights.com
sync.go.sonobi.com
sync.ipredictive.com
sync.kueezrtb.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
u.4dex.io
u.openx.net
use1-sync.a-mo.net
visitor.omnitagjs.com
www.googletagmanager.com
api.rlcdn.com
faces.wtf
104.18.3.52
104.18.34.190
104.21.96.1
108.138.106.108
108.138.112.90
13.226.94.118
13.226.94.42
13.35.93.124
130.211.115.4
142.250.65.174
142.251.40.161
142.251.40.194
142.251.40.198
142.251.41.2
145.40.65.199
147.75.195.55
151.101.131.42
151.101.65.194
152.42.155.191
162.19.138.120
172.217.165.130
178.250.7.11
18.238.49.67
18.238.63.180
23.200.196.50
23.200.197.55
23.201.174.84
23.56.163.141
2600:1f18:1aca:4280:46af:258a:9b81:4449
2600:9000:247b:5600:8:48e:53c0:93a1
2600:9000:261f:b400:a:deb0:3380:93a1
2602:803:c001::200:164
2602:803:c002:200::32
2606:4700:10::6816:2f8e
2606:4700:10::6816:35ad
2606:4700:10::6816:445
2606:4700:10::6816:545
2606:4700:10::ac43:17ea
2606:4700:10::ac43:266a
2606:4700:20::681a:246
2606:4700:4400::6812:291e
2606:4700:4400::ac40:994e
2606:4700::6810:4f49
2606:ae80:1471:1b::1780
2607:f350:3:2569:0:10:0:c
2607:f8b0:4006:80b::200e
2607:f8b0:4006:80e::2008
2607:f8b0:4006:816::2001
2607:f8b0:4006:822::2006
2620:100:a00b::12
2620:112:f008:200::101
3.168.102.9
3.208.184.227
3.222.35.228
3.226.233.195
3.233.167.98
3.33.220.150
34.111.113.62
34.149.40.38
34.160.72.119
34.194.3.3
34.42.134.208
34.95.69.49
34.98.64.218
35.171.199.145
35.212.18.61
35.241.34.106
35.71.139.29
44.213.21.170
52.18.207.0
52.204.208.84
52.210.9.111
54.191.70.79
68.183.103.129
68.67.179.164
68.67.181.102
69.173.146.5
74.119.117.17
8.28.7.83
98.82.156.207
002648cda33beef730fc1dc5e62b0bf2be60c3635a48d828c0ff2ce053da280b
04467d03fa439c06f6239cad9cbb0d99ceaf06baf17d99054e34e3ca142ca90e
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
0583928e8a0e6d838cc8d965fd74e8b2f59f4fad014fbf6919d1229ea33fd8e9
05e416474709940bc8116e62879dc6cd4c1791bdb3546e518513f0a6232b1103
063619d95768cf2a8b8d3ebe3cfbf701dd47faa9b7eccc35b542e03e0f35ee0f
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06f380176f0d945d7fbeb5cae237875b4cbea4e5c27df1e679635ac53cf72834
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0dc17345df0672de389ebd22545a6c47e3e934ec6913ba3d685025449f55715d
0e3c1e60b5beba864a47f9bf4d3e0ae8793c34c979c4b3af69ab143ba06c773a
0f3007ea195c4a8e642b81af2e6bb8cf9434c07dbcbcb8ed5401839ebf960da5
1043ab7f9e8cd3b2c3a3ccf24be0b18664fb05855d82996bf3fdc0ec2d304cac
107bc1ec8160d92c0c0fda452f742fd178e47762c61065395452c42da7810ecb
12099a3f062c4812ddc5e0259e072b21e278fbcb06fa33606c64c13efcbe391a
14c8551b6f1c25913ce2952529d09525ff11f69d5a1d6aae89b7a3b92efb3d1d
171b605037ea845a6dc974023208cb4ec1b6677044bae8b8ee7fe63883465a98
1899063be01b9f03b7437ba60cd270e42fcbfcfe8555e94fe7f474817e8dd613
194acd38c64c830c909fbf5b909ba7fd7fb2c5a8efac9593a1d854caee21c2b6
1b98f736eb84c033d808669c5c44480fe622bb66b7690645acc3ffd3b4f06a21
1c53b5b95d99b14ffb7a8a00a2cb1345bfd4f60a5dd8c70adfa511c247c8112d
1cf54d45dc80a95ecb70ebe257ce705ce36803740322d4af813a5b71d50a08b4
23984525d8560928c15bb3a62408accffaf67bc4313b74dfe1931be4d1e4b5b7
23f6c09f238319b3a2f1dec8ad29e66cc0e98765a049c5bc3ef3d8a3cb5ac9b6
2883ccebcb28a6b9138988fe1cf282b1ef60ab7e508f7b8777fe410733b76d9a
288bfb5a2bea5904baf3c1e1203069ab2eee7d65a8dfbe25ecca6dc0e48a08b3
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
31c018bb99912bcde508183bcb37997fb63e4ec9b9d6f1116276dea8cff8ea90
32a818ed067aedbbdb973816c57e47c712d67a4200a457961e79d75e49a2b4da
345341a4cd0e74bf33c98c4008e6a30d09d80a3df16297491372509782e1eddb
387043db1afdd90b46ff0cd040941eda1474c14f8ed5105bd95d13320a892e4f
38f5657034c309a5f28063340d3040713f51be3b4ccd08025354ef9ce7d30309
39761e2a7cb0e42a8b09fbbf0d2c4cd9fb0c1568c045b1c5e387177dda8ff064
3a52b777a2a4df8c0b51a2ae4e3057556bcca947c3c504020e318b19e21bda3f
3d715953d8607d3141b793c1de7088ab96190f77b04116f7140f8ef934fac815
3fc92d4454cbec48155e127c71cdbc3223dd186c1cf92faf9ceac9c0ce339c0b
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff
44416ba430f0b726c5a88aee0a21f0abe2fb711eca5d1a2ee4baa868d2830fc0
46ac059d57c99bb49518de997eff048e09b3573a596cb7b697432a44e5f922b1
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
47c5e6a7c70dbb6ce3c8598f21ad899c42391ad0dce003ebc27f4cadf4a8fd7e
4877a611406cd0c8b8e67ff8c8f3741fc91f068d4fb0939b1e5d8773c95d3214
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98
4b56c73fc679df3678714fc5f2b472950c698f4ddcc76de9f67be729cd4e14e5
4f58a6097516f39ed272a6d5f69a98558189343883722abe060227c85cf32ca4
503b67852f8ba1a8fa41f50039a65613a5aefdc6a04ec8ffe64bfcb692f3e1d7
5183b7b325e4a151d7e5c04520848756fc66c4669a5a8c34156df9710e71bbaf
551a85842016f5b8c5cb552aeab3ac32931eacad58d9b2ab583daa42b28d4b00
5856901d3159c27ccab3bdf9786682be92c1b55df22757a402288869445a1d51
59fbf17ba5e93c5593bec929c9fe71573acc525556d31c3d43b34358fd6a039a
5b3fa65cab2a594ffe6e5c78e709bfe5aca419dc159a55ae2fc9289f845b0a73
5c093bb50c00c044ae820c2e717a2ec1f7df2f1f527807fa68077aa933344557
5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
615e88a3e9c0c150e5e79987a7e292b7f6c67354ead8af49d40eb4879012b425
643bdbfce74f2c46324a77d29a7f34aceb5856c3f0ea8201e5dffb627279c134
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
66b168b2faf4d6daaac849c73e427bc9c82a27c991ed652ae5c2c3072cf5ded7
68897cb69ed53880c7557c4868d4f52b684a4d7d9d4b3a0d65785c9e583e3b21
6a5fc4740483c3412454907f8a44666f5c7534ddd722a1e06901f093ec459118
6aa6a6d5baa7a5d25d88841a94b8bb45bfb62d676308007bff29ff8cb86eac8e
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c9b897895ad86f6562870903e43bc500437d54ad026197e183bd57b3423c07a
6e9a6b334cb9810f7d25fafab61725edf522f8b7372ac65f1274db79867a6537
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
6f71aa0c67cfc824ca1ff2afbe9e2b0f4e3ce145fb774533faf532ffeca79b3a
6fe0ae51dfe4d80e94ef1ea3dde00e548c78b402b40397b32bc646b10d9dfd5b
708fd7958cb1523354b05c0741e0d32bd47c82503fe33efa920604155f5ab7ef
71f0c958e33905cb028dfd76ff7fcffa9d57a260845594e84d116530e3f80a36
7c415e0eb17ead2fb65fed0185e557cc902c67b7b8430678b8a78d86ee9e0b54
8117b37f1f694726caf04df8f33c28516d792d5fb9e9d4a40d97c9966f3b9ca8
8615fdc7b000676d7def55cd5b9705160d59baa15f422fe4c3b20550aa2aab3f
88154214d3aa3e8ead752c3d5b086aeabb2020c8e36d7beecf18578e44232f5d
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8a9c2bbaedf13fea94a2c570720fc76f62b29bae26d665d63091eee19ac3749c
8cc803cdc58a64d30a94037b116eed0135cde82f18b89cb07a21ce7776dfb2f0
91a058ff4adb16c84496769d82a047e77af8bf4d9e1e573d569040b41fad95ae
91b5f5acff2b7b91a2ac573a7f634f8fd66f2645263995902ce2b53cbc600289
938c64115ce60b98ee8151d7eb28208567753f3d4ebbe0aa0f56618c555a18fb
95e54d63eaa4361292503a9111b9768f854d7ca5f6e973123a2d2153294ae936
96b4878df8e1604830e9201e0de0bbdcf234c21b22e81c85f935ec1f7aeeee8c
98a574e1a285f126faf372e7d17ed4f63e4b4912f4b12fb9a03559530c834aa8
9ae506154e8165dd7bbef817a4e7546f040c99ea84d03ed556a0ae8a991f33cb
9d0509ae91143462a6f75eda85ff5fb92e3619d8146d10803def413092c40b45
9de64b2d72bc9fca370d00a26f0633b1d3411bc94e8bc8096d45d938b5e838b6
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1716f46643cca9cf4558a3a3e659716634f1f803334e5fd085316fd6cecb520
a36029ae3decd7c3a7063696bb3152ef53af5081cf8393e2d721531bcd63fbf6
a552757ba69eee944c05944f342aa42eb4f46cf2aaf6ba8993b4a6da45057cfd
a6a7044e71e8b4f59e308797db367dc1609db9c5b3ac2ddf95b93f70d0fa35c7
a93870aedbdd3ce72ce30cdd5e609e7ad8800410064affdbf35f4bb6d927d469
ab47d4ae1440cba8e5a6dde47341146bcea3b8c1defad57cd90d1313159072a5
abce51476c992eaaacd53b9b0f4ef97b8d9ceaacad89e706a3bde801ed30e6e4
ac42cf20760d5b0f71be7a0391c76020002aa1dcfc75bae782360bf2761db29f
ad5c8c3bdc03a133b100130b6973dcb72acfc5eabcd057be87c9ea9e68cbf4ab
ad5dcc4e01dab6422e6e5c6b3e67267079b6a145fe17981fe1e21688cc118eb4
ae1171937a1f9a7fbbbae8bf06a2e5475c0dabfa8274b73144f500db1720acdf
ae47d60da5641260e58328d755e9e1e2897451f21a72da17a3c2cf03a2063f02
af38029add5f0a61cf23e73db972184076dcbde7c9b49cbf2691aacb5f2f941b
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b04cd869cfd41a48c006458f71969a0eb26f33fec12f3cfe00408f8b73bf3ff8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b415c8f07e849c1c305b3635e92f740c88664411d34053a61db4a090cecf1c95
b507c301121d1c7c7adfeacca7bdb7e29532b2951e6ea29c0d27715a4e1b6cbb
b5846768b2a34f804191adbda61e2b8ce7d5da42a968c53d2c6a21858f1badb1
b723ed8de08c39e892986b54a30cfab7f2b83a0d5d12d1b16fca72e65e008f49
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
c0e4be83a8ad1da161811c1ed91191d795be6df5205734f136f16b3696641df1
c260ac31960304a2080a48e058e3a2ef4898a014d9b65da184106dfdcfee5a1b
c3bed41608ea0d94be4c15c95f13134357f5ccb700c0ac0f474bce0d78fb5130
c4015e55d5ebfb6fd53525c2916d85f8edafd9dd703e03c51d84e16ad6c8046b
c4e5b0e14a271b2355a631bd239bfbbe4e5b0ade9fc20e6cd5d1613f1538fab7
cbaa5e4276b74c4024b17de1d091e6cbc32a4cbdfca0e51c035150529b3c4bce
ce8368e5b8e9f2f066acc6284578c00021aea742c4c7c7ec2836c232a5f8b1f8
cee6b1696aa0b323f94d7559594ce15d448db33341e8bee998b2553e8b1242be
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d08cf478a319bf5771a4439d90bc124afa889c987f07649b3624a8c1a5771d98
d136112aa20334a0cd4b49681984bdd85ed74ff587def5f5a0bcf817be0ddfba
d1c616a3c0e6b1989605bc5959a0cf9a1248051e49d158d8179e693e428eac49
d227c6ec39433f130db53c4039c7a34aa4bbb8b959ec4532b8a93961471fce1a
d3c286558922ca8c2c69167698cd61a8280cb03b81bb41d9bd633f80f18c274f
d658423fb50e913c70d082a763f76c7667437353f7a047e2a6bae306f405ac9f
d7ce1f47a8ac0f54005a4e057ed5dfb88eed87e648d29e3a69ec24b9b79e2d77
db21a396338aeb2d9285f2cfd434dadc2944a2eb81b35ff4d2d2f72eba6b5e3e
dc27178575bb6b33ccbc865ecb1e2d8a016632a15ad89c56f1fe5e5805958684
dcb09ae80de7e7caedae5f4332b41da70a46e1b3c4bb53349d45a4c4cb1ec826
debcc64e97c8a0e9241eecb25305b5b09f582c1904ed22e91e0d06ce8c975d4d
e104e214fb25a71091783a9fbd2b872191d7d94610684cb8257efbdc861898c0
e1fbaed711a15d37ad237843b3ad78da31d818c6193e8927d7e01ff2f9286f8d
e33a68179dc0a04fe7c40755e6ae9af5df1bad48eb19e168f09b8ccfaf92b5fd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48101da015562ac4f710e08ec7d28acc8ea6fd0d951944608457b621d171fac
e9c08fd037ef642e1df9c0be5435c423f4fec4e3455bf05b30f932e45014fd34
eb87c0447bd19366919bdb8913f775caca732ac31cbc5e5d42e4db5df39437ce
ec57e030c77efb1752cc5db33bc5272476e69464443fd8451152112d012f789d
ee096a851d8d6abd4eb044eb7463de39bb6b6b09716693b8ffc645d5353ffdf7
eed4abf92c55010a8ecf6c603acc1c4979e1bf8c5326e1c5875c58beea263827
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f47dea1ff59cbb5781cad41a36be6df7123d9068dd7160e99f41c94deeb63390
f49f5bfa0526e9002fe9beb58d7c92396d9b3ecce32b36958b41feced7acfb45
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025
f8fc7b65c78d42b3f74d3bcd0c4457de39becd0b510a78e7cbd4315ca641e389
fb626a05fd1c1ec386a9ad7f2fbdd6ddb36a012b730312fe7fa67dc73f6666a8
ff2b0187d0c36b98f0f9ad514d1847d532fca35baacea186060a53d145d0abe8