webfonts.ffonts.net Open in urlscan Pro
95.216.234.12 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://webfonts.ffonts.net/Lato-Black.font
Submission: On December 01 via api (December 1st 2021, 12:52:03 pm UTC) from BE — Scanned from DE

Summary HTTP 318 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 73 IPs in 10 countries across 69 domains to perform 318 HTTP transactions. The main IP is 95.216.234.12, located in Helsinki, Finland and belongs to HETZNER-AS, DE. The main domain is webfonts.ffonts.net.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 21st 2020. Valid for: 2 years.

This is the only time webfonts.ffonts.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	95.216.234.12 95.216.234.12	24940 (HETZNER-AS) (HETZNER-AS)
6	2600:9000:215... 2600:9000:2156:2400:1:c815:1b40:21	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
5	184.30.24.121 184.30.24.121	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
13	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3	2606:4700:310... 2606:4700:3108::ac42:2b03	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
3 7	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
12	143.204.95.188 143.204.95.188	16509 (AMAZON-02) (AMAZON-02)
6	2606:4700:20:... 2606:4700:20::ac43:4bf1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	51.89.7.205 51.89.7.205	16276 (OVH) (OVH)
3 3	23.37.42.132 23.37.42.132	16625 (AKAMAI-AS) (AKAMAI-AS)
12	23.79.143.124 23.79.143.124	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:400c:c06::9b	15169 (GOOGLE) (GOOGLE)
8	2606:4700:20:... 2606:4700:20::ac43:44a2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
6	104.16.68.69 104.16.68.69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
3	23.37.38.181 23.37.38.181	16625 (AKAMAI-AS) (AKAMAI-AS)
1 10	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
4 8	72.251.249.9 72.251.249.9	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
3	2606:4700::68... 2606:4700::6812:372	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	135.125.163.79 135.125.163.79	16276 (OVH) (OVH)
3	3.120.57.46 3.120.57.46	16509 (AMAZON-02) (AMAZON-02)
3	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	2602:803:c002... 2602:803:c002:200::113	26667 (RUBICONPR...) (RUBICONPROJECT)
3	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	185.86.138.16 185.86.138.16	201081 (SMARTADSE...) (SMARTADSERVER)
3 7	37.157.4.24 37.157.4.24	198622 (ADFORM) (ADFORM)
2	2606:4700::68... 2606:4700::6812:517	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
2	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
2 4	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	37.157.4.25 37.157.4.25	198622 (ADFORM) (ADFORM)
4 9	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
5 7	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1 2	2a05:d018:d29... 2a05:d018:d29:3602:73b0:42cb:776e:1ea4	16509 (AMAZON-02) (AMAZON-02)
3 3	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 3	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
3 43	2606:4700::68... 2606:4700::6812:c05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a02:26f0:12d... 2a02:26f0:12d:587::4469	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	213.254.244.20 213.254.244.20	36062 (DOUBLE-VE...) (DOUBLE-VERIFY)
12	2606:4700::68... 2606:4700::6810:5f41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 8	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1 2	188.65.124.38 188.65.124.38	41690 (DAILYMOTI...) (DAILYMOTION For peering related business)
1	52.31.243.184 52.31.243.184	16509 (AMAZON-02) (AMAZON-02)
2 2	34.248.58.49 34.248.58.49	16509 (AMAZON-02) (AMAZON-02)
1 7	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	18.158.154.136 18.158.154.136	16509 (AMAZON-02) (AMAZON-02)
1 1	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1 1	18.169.90.17 18.169.90.17	16509 (AMAZON-02) (AMAZON-02)
1 1	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
6	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
3	151.101.193.108 151.101.193.108	54113 (FASTLY) (FASTLY)
3	104.17.120.107 104.17.120.107	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	178.250.2.151 178.250.2.151	() ()
1 1	85.114.159.93 85.114.159.93	() ()
1 1	23.88.75.186 23.88.75.186	() ()
1 1	188.165.137.78 188.165.137.78	() ()
6	185.64.189.110 185.64.189.110	() ()
1	2606:4700:20:... 2606:4700:20::681a:ad1	() ()
1	72.251.245.181 72.251.245.181	() ()
1	185.64.190.81 185.64.190.81	() ()
1	169.50.137.182 169.50.137.182	() ()
1 1	2620:116:800d... 2620:116:800d:21:3175:5196:e3fd:8c1d	() ()
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	() ()
1	2a02:fa8:8806... 2a02:fa8:8806:20::2010	() ()
1 1	66.155.71.25 66.155.71.25	() ()
318	73

9 95.216.234.12 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.12.234.216.95.clients.your-server.de

webfonts.ffonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2156:2400:1:c815:1b40:21 (United States)

ASN16509 (AMAZON-02, US)

d144mzi0q5mijx.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 184.30.24.121 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-121.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3108::ac42:2b03 (United States)

ASN13335 (CLOUDFLARENET, US)

stpd.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

eff2b3f65c9c2302ee2dc69e1a471950.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:1::13 (France) 3 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 143.204.95.188 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-95-188.fra50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.7.205 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p28.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.37.42.132 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.79.143.124 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-143-124.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:20::ac43:44a2 (United States)

ASN13335 (CLOUDFLARENET, US)

prebid-stag.setupad.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

setupad-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.68.69 (None, )

ASN13335 (CLOUDFLARENET, US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 37.252.172.123 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 72.251.249.9 (Amsterdam, Netherlands) 4 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:372 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 135.125.163.79 (France)

ASN16276 (OVH, FR)
PTR: ns3190286.ip-135-125-163.eu

rtb.adxpremium.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.120.57.46 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-57-46.eu-central-1.compute.amazonaws.com

hb.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2602:803:c002:200::113 (United States)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.86.138.16 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.157.4.24 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:517 (United States)

ASN13335 (CLOUDFLARENET, US)

tags.expo9.exponential.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.4.25 (Denmark)

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.173.144.165 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.217.18.98 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3602:73b0:42cb:776e:1ea4 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.132.245 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.194.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7001 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 2606:4700::6812:c05 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdnx.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:12d:587::4469 (Berlin, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 213.254.244.20 (United States)

ASN36062 (DOUBLE-VERIFY, US)

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20521.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6810:5f41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (Amsterdam, Netherlands) 2 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.65.124.38 (L'Haÿ-les-Roses, France) 1 redirects

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: icscale-01-pub-ix7.vip.dailymotion.com

public-prod-dspcookiematching.dmxleo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.31.243.184 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-243-184.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.248.58.49 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-58-49.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.64.190.80 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.158.154.136 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-154-136.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.0.31 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.169.90.17 (London, United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-169-90-17.eu-west-2.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.191 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.193.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.120.107 (None, )

ASN13335 (CLOUDFLARENET, US)

biddr.brealtime.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (None, )

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (None, ) 1 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.88.75.186 (None, ) 1 redirects

ASN- ()

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.165.137.78 (None, ) 1 redirects

ASN- ()

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.64.189.110 (None, )

ASN- ()

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:ad1 (None, )

ASN- ()

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.245.181 (None, )

ASN- ()

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.81 (None, )

ASN- ()

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.182 (None, )

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:3175:5196:e3fd:8c1d (None, ) 1 redirects

ASN- ()

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (None, ) 1 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:20::2010 (None, )

ASN- ()

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.25 (None, ) 1 redirects

ASN- ()

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	tribalfusion.com 3 redirects s.tribalfusion.com cdnx.tribalfusion.com a.tribalfusion.com	33 KB
28	rubiconproject.com 7 redirects secure-assets.rubiconproject.com eus.rubiconproject.com fastlane.rubiconproject.com pixel.rubiconproject.com pixel-eu.rubiconproject.com token.rubiconproject.com	69 KB
26	pubmatic.com 3 redirects hbopenbid.pubmatic.com ads.pubmatic.com image6.pubmatic.com simage2.pubmatic.com image2.pubmatic.com Failed image4.pubmatic.com	73 KB
22	doubleclick.net 5 redirects pubads.g.doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	523 KB
17	criteo.com 3 redirects gum.criteo.com mug.criteo.com bidder.criteo.com dis.criteo.com	5 KB
13	adnxs.com 1 redirects ib.adnxs.com acdn.adnxs.com	67 KB
12	cloudflareinsights.com static.cloudflareinsights.com	61 KB
12	amazon-adsystem.com c.amazon-adsystem.com	119 KB
10	doubleverify.com cdn.doubleverify.com rtb0.doubleverify.com tps20521.doubleverify.com	46 KB
9	4dex.io script.4dex.io mp.4dex.io	70 KB
9	googlesyndication.com pagead2.googlesyndication.com eff2b3f65c9c2302ee2dc69e1a471950.safeframe.googlesyndication.com tpc.googlesyndication.com	185 KB
9	ffonts.net webfonts.ffonts.net	126 KB
8	adform.net 3 redirects adx.adform.net cm.adform.net c1.adform.net	3 KB
8	lijit.com 4 redirects ap.lijit.com	4 KB
8	casalemedia.com 2 redirects htlb.casalemedia.com dsum-sec.casalemedia.com ssum-sec.casalemedia.com	6 KB
8	setupad.net prebid-stag.setupad.net	5 KB
7	openx.net setupad-d.openx.net us-u.openx.net u.openx.net	961 B
6	criteo.net static.criteo.net	158 KB
6	districtm.io dmx.districtm.io cdn.districtm.io	357 B
6	google.com adservice.google.com fundingchoicesmessages.google.com www.google.com	80 KB
6	googletagservices.com www.googletagservices.com	178 KB
6	cloudfront.net d144mzi0q5mijx.cloudfront.net	97 KB
5	emxdgt.com hb.emxdgt.com cs.emxdgt.com	481 B
4	yahoo.com 2 redirects pr-bh.ybp.yahoo.com ads.yahoo.com ups.analytics.yahoo.com	3 KB
4	gstatic.com fonts.gstatic.com	199 KB
4	addthis.com s7.addthis.com m.addthis.com	217 KB
3	indexww.com js-sec.indexww.com	4 KB
3	brealtime.com biddr.brealtime.com	3 KB
3	everesttech.net 2 redirects sync-tm.everesttech.net	824 B
3	mathtag.com 3 redirects sync.mathtag.com	2 KB
3	smartadserver.com prg.smartadserver.com	2 KB
3	adxpremium.services rtb.adxpremium.services	1 KB
3	creativecdn.com prebid-eu.creativecdn.com	543 B
3	id5-sync.com id5-sync.com	2 KB
3	stpd.cloud stpd.cloud	426 KB
3	google-analytics.com www.google-analytics.com	20 KB
2	advertising.com 2 redirects pixel.advertising.com	693 B
2	demdex.net 2 redirects dpm.demdex.net	2 KB
2	dmxleo.com 1 redirects public-prod-dspcookiematching.dmxleo.com	437 B
2	spotxchange.com 2 redirects sync.search.spotxchange.com	1 KB
2	exponential.com tags.expo9.exponential.com	28 KB
2	googleapis.com fonts.googleapis.com	4 KB
1	sitescout.com 1 redirects pixel-sync.sitescout.com	337 B
1	dotomi.com pubmatic-match.dotomi.com	104 B
1	turn.com 1 redirects ad.turn.com	518 B
1	quantserve.com 1 redirects pixel.quantserve.com	541 B
1	simpli.fi um.simpli.fi	616 B
1	adgrx.com cm.adgrx.com	408 B
1	ad4m.at ad4m.at	915 B
1	erne.co 1 redirects green.erne.co	327 B
1	loopme.me 1 redirects csync.loopme.me	217 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	501 B
1	addthisedge.com v1.addthisedge.com	706 B
1	bluekai.com 1 redirects tags.bluekai.com	677 B
1	agkn.com 1 redirects aa.agkn.com	328 B
1	krxd.net beacon.krxd.net	338 B
1	rlcdn.com id.rlcdn.com
1	google.de adservice.google.de	792 B
1	moatads.com z.moatads.com	1 KB
1	googletagmanager.com www.googletagmanager.com	36 KB
0	gumgum.com Failed rtb.gumgum.com Failed
0	playground.xyz Failed ads.playground.xyz Failed
0	bidtheatre.com Failed match.adsby.bidtheatre.com Failed
0	mfadsrvr.com Failed rtb.mfadsrvr.com Failed
0	onaudience.com Failed pixel.onaudience.com Failed
0	taboola.com Failed match.taboola.com Failed
0	iprom.net Failed core.iprom.net Failed
0	adsrvr.org Failed match.adsrvr.org Failed
0	bidr.io Failed match.prod.bidr.io Failed
318	69

	Domain	Requested by
28	s.tribalfusion.com	tags.expo9.exponential.com webfonts.ffonts.net static.cloudflareinsights.com
12	a.tribalfusion.com	3 redirects s.tribalfusion.com ads.pubmatic.com
12	static.cloudflareinsights.com	s.tribalfusion.com
12	eus.rubiconproject.com	webfonts.ffonts.net eus.rubiconproject.com stpd.cloud
12	c.amazon-adsystem.com	webfonts.ffonts.net c.amazon-adsystem.com
10	ib.adnxs.com	1 redirects stpd.cloud acdn.adnxs.com
10	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net webfonts.ffonts.net
9	webfonts.ffonts.net	webfonts.ffonts.net
8	ap.lijit.com	4 redirects stpd.cloud
8	prebid-stag.setupad.net	stpd.cloud webfonts.ffonts.net
7	simage2.pubmatic.com	1 redirects ads.pubmatic.com
7	cm.g.doubleclick.net	5 redirects webfonts.ffonts.net
7	gum.criteo.com	3 redirects static.criteo.net
6	image2.pubmatic.com	ads.pubmatic.com
6	static.criteo.net	stpd.cloud static.criteo.net
6	mug.criteo.com	webfonts.ffonts.net
6	script.4dex.io	stpd.cloud script.4dex.io
6	pagead2.googlesyndication.com	webfonts.ffonts.net pagead2.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com
6	www.googletagservices.com	webfonts.ffonts.net securepubads.g.doubleclick.net
6	d144mzi0q5mijx.cloudfront.net	webfonts.ffonts.net d144mzi0q5mijx.cloudfront.net
5	pixel.rubiconproject.com	webfonts.ffonts.net s.tribalfusion.com
5	ads.pubmatic.com	stpd.cloud ads.pubmatic.com
4	c1.adform.net	3 redirects ads.pubmatic.com
4	tps20521.doubleverify.com	cdn.doubleverify.com
4	cdn.doubleverify.com	s.tribalfusion.com cdn.doubleverify.com
4	token.rubiconproject.com	4 redirects
4	image6.pubmatic.com	2 redirects ads.pubmatic.com
4	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
4	fonts.gstatic.com	fonts.googleapis.com
3	ssum-sec.casalemedia.com	js-sec.indexww.com
3	js-sec.indexww.com	stpd.cloud
3	biddr.brealtime.com	stpd.cloud
3	cdn.districtm.io	stpd.cloud
3	acdn.adnxs.com	stpd.cloud
3	u.openx.net	stpd.cloud
3	cdnx.tribalfusion.com	webfonts.ffonts.net
3	sync-tm.everesttech.net	2 redirects webfonts.ffonts.net
3	sync.mathtag.com	3 redirects
3	adx.adform.net	stpd.cloud
3	prg.smartadserver.com	stpd.cloud
3	bidder.criteo.com	stpd.cloud
3	fastlane.rubiconproject.com	stpd.cloud
3	hbopenbid.pubmatic.com	stpd.cloud
3	hb.emxdgt.com	stpd.cloud
3	rtb.adxpremium.services	stpd.cloud
3	mp.4dex.io	stpd.cloud
3	htlb.casalemedia.com	stpd.cloud
3	prebid-eu.creativecdn.com	stpd.cloud
3	dmx.districtm.io	stpd.cloud
3	setupad-d.openx.net	stpd.cloud
3	secure-assets.rubiconproject.com	3 redirects
3	id5-sync.com	stpd.cloud
3	stpd.cloud	webfonts.ffonts.net
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com webfonts.ffonts.net
3	pubads.g.doubleclick.net	webfonts.ffonts.net
3	s7.addthis.com	webfonts.ffonts.net s7.addthis.com
2	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
2	pixel.advertising.com	2 redirects
2	dpm.demdex.net	2 redirects
2	public-prod-dspcookiematching.dmxleo.com	1 redirects s.tribalfusion.com
2	sync.search.spotxchange.com	2 redirects
2	dsum-sec.casalemedia.com	2 redirects
2	rtb0.doubleverify.com	cdn.doubleverify.com
2	pr-bh.ybp.yahoo.com	1 redirects ads.pubmatic.com
2	cs.emxdgt.com	stpd.cloud
2	tags.expo9.exponential.com	securepubads.g.doubleclick.net
2	fonts.googleapis.com	webfonts.ffonts.net
1	pixel-sync.sitescout.com	1 redirects
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	ad.turn.com	1 redirects
1	pixel.quantserve.com	1 redirects
1	um.simpli.fi	ads.pubmatic.com
1	image4.pubmatic.com	ads.pubmatic.com
1	cm.adgrx.com	ads.pubmatic.com
1	ad4m.at	ads.pubmatic.com
1	green.erne.co	1 redirects
1	csync.loopme.me	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	www.google.com	tpc.googlesyndication.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	tags.bluekai.com	1 redirects
1	aa.agkn.com	1 redirects
1	ups.analytics.yahoo.com	1 redirects
1	beacon.krxd.net	s.tribalfusion.com
1	us-u.openx.net	s.tribalfusion.com
1	ads.yahoo.com	webfonts.ffonts.net
1	id.rlcdn.com	webfonts.ffonts.net
1	pixel-eu.rubiconproject.com	webfonts.ffonts.net
1	cm.adform.net	webfonts.ffonts.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	eff2b3f65c9c2302ee2dc69e1a471950.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	z.moatads.com	s7.addthis.com
1	googleads.g.doubleclick.net	pagead2.googlesyndication.com
1	www.googletagmanager.com	webfonts.ffonts.net
0	rtb.gumgum.com Failed	ads.pubmatic.com
0	ads.playground.xyz Failed	ads.pubmatic.com
0	match.adsby.bidtheatre.com Failed	ads.pubmatic.com
0	rtb.mfadsrvr.com Failed	ads.pubmatic.com
0	pixel.onaudience.com Failed	ads.pubmatic.com
0	match.taboola.com Failed	ads.pubmatic.com
0	core.iprom.net Failed	ads.pubmatic.com
0	match.adsrvr.org Failed	ads.pubmatic.com
0	match.prod.bidr.io Failed	ads.pubmatic.com
318	107

This site contains links to these domains. Also see Links.

Domain
www.whatfontis.com
www.ffonts.net
www.facebook.com
twitter.com
plus.google.com
de.ffonts.net
es.ffonts.net
ro.ffonts.net
fr.ffonts.net
it.ffonts.net
pt.ffonts.net
cn.ffonts.net
ru.ffonts.net
ar.ffonts.net
jp.ffonts.net
in.ffonts.net
kreativfont.com
www.fontocean.com
www.fontfreak.com
www.free-fonts.com
www.fontriver.com

Subject Issuer	Validity	Valid
*.ffonts.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-21` - `2022-06-20`	2 years	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-21` - `2022-08-20`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.id5-sync.com R3	`2021-10-05` - `2022-01-03`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-01` - `2022-04-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
districtm.io Cloudflare Inc ECC CA-3	`2021-06-02` - `2022-06-01`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
*.adxpremium.services Sectigo RSA Domain Validation Secure Server CA	`2021-08-05` - `2022-09-05`	a year	crt.sh
*.emxdgt.com Amazon	`2021-07-02` - `2022-07-31`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
exponential.com Cloudflare Inc ECC CA-3	`2021-04-21` - `2022-04-20`	a year	crt.sh
*.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-05-28` - `2022-06-15`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.doubleverify.com DigiCert SHA2 Secure Server CA	`2021-01-10` - `2022-01-17`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-24`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
*.brealtime.com Go Daddy Secure Certificate Authority - G2	`2020-01-22` - `2022-03-22`	2 years	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-24` - `2022-03-26`	a year	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-24` - `2022-02-16`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh

This page contains 70 frames:

Primary Page: https://webfonts.ffonts.net/Lato-Black.font
Frame ID: 2F87918F3AECA6B400F8196FC3B20DBC
Requests: 49 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/zrt_lookup.html
Frame ID: DE464F6E23D969486DEC4C8F34BCA989
Requests: 1 HTTP requests in this frame

Frame: https://stpd.cloud/assets/postbid/stpd201221.js
Frame ID: C05A909ACBAEB61ADA6FE7D4B49370E2
Requests: 32 HTTP requests in this frame

Frame: https://stpd.cloud/assets/postbid/stpd201221.js
Frame ID: C08C5EDFA440E557FBD680A21BC759AE
Requests: 31 HTTP requests in this frame

Frame: https://stpd.cloud/assets/postbid/stpd201221.js
Frame ID: DC761B4F66AF6685B107B224D340AE60
Requests: 31 HTTP requests in this frame

Frame: https://eff2b3f65c9c2302ee2dc69e1a471950.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2ECAAC6CAEFC1997F180F00183B351E0
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Frame ID: 73B8F0E37A8E6DE9BFB8F9C7FFBDFA07
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Frame ID: CC2B7C3354A861B42A5DC43A0CE214BF
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Frame ID: 82D6C4910140BB9C3AA610CEE4AEAD0E
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu4cO3Sfmn5kKIhx-hWUAO6CHdGutUH_XEXB6dJDCP6igoIwdXdEkuKHJy9TEz1t6ruTixqXP9E3KUlMig4CneOrCjxYJr-zRF-kk5TxekqwFeTE5ktYWHX0_ypiCSdLCFE2t1F7b9RkLwgf7csFoyiEP8rbW8-djoOdyxF-xxoru2k5jBMVZ_ryOVAPLag6w6cINmMO1EWs_Hk611mkshfIH1KNkEweQi4e6Urhx-97bPONWLHDY6g04hM80hFbVT4V5Py1yvp2eo6fIpYuqgfQtPXnZzvXKRUOABT2m6BGy2DUfMaATOsKg&sai=AMfl-YQQh1c82RGSaPYVMA8UjNUg5pacoMAuaiLzF2tEe6-gQWJPVkvKxrn3xmuAKnhdBuUkKlj6OllLtsIZFCy7C46Tg9sthJxaU1fwzpSZJ4rsZRs2y1vkEWLIBFUfDlY&sig=Cg0ArKJSzOcAJzRjCodSEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: A02BC8197657E4262CEA49DC5E764B2D
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsua22xhiKsbYG2d94rzruJ3eu7emyRaULQ3K9yNz2uQp7tJ2NCkHHBRetKdTNrcA_ExmkrYjxngqAlHbolPmE9KINqgnQ7ce6wFNfcAVpbO23TKoEOXSMkvJmARFPUq8tc7oD4dr2hKpS1q8_VBcpj-CiLd-oDnKuzswcvE6_HGSGJCFlfo_EtHzvgOw-AntKJJQuPI9WuUAzB9iqYExeKdMHHbLIvUx0XhCToMzx_pUsidRSAZR4lG3Qs2m4rVLDqNzeU3bN4VNRClNTklWC6TxvUAcqo00OVZSBTsWa3geo1PCpjUd07bPdrGNOu1lQ&sai=AMfl-YSjWZ8ozg7zPLGNrCeSLlAtxbaNuEFAk0KC3IPKeFDERpG_p8EsaP5n0YsA28xFYo_Rho5wvZZH8ymesuDz_5K_dHs43_VDYzyKW_f96hoIPKKWIFXE-2r3SmUlDw8&sig=Cg0ArKJSzATOL4MCnjsMEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: B7C623D10EE5254C7E2D9BA6BB6A4D38
Requests: 13 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=1&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D1%26gdpr_consent%3D%26uid%3D
Frame ID: 7175B3A08B82FE033F7F87EDDA58E844
Requests: 2 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?ssp=pbs&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Demx_digital%26uid%3D%24UID
Frame ID: CBFB6C769CA2E06C2661E52AFF90853A
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?ssp=pbs&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Demx_digital%26uid%3D%24UID
Frame ID: EF20E4ADF0D7CCA77C8C85940CB748A9
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aImT09TTQaSTYZdSsbAQUmmPHndVcQS2rXxmtaqYqmu4dnBSVBF46JLpW6nTdB80bMi1FBf0aqqPrBHUFQSVdU0nFJsRb7M1qFN4aUh2aU2oTbIYUF6UdbQnmfKpGMwoWMK3TZbe3dAn46vZbprYLXcvVYGF51sJwpaFW5FU2VUnEUAMTPqb2ScYnQdFv1tZbuVmvp3GZbVYrQZcTAmp4PYbR6MK4WZbO0cbLMTAJoh7kqp&mediaDataID=2713736&mediaName=frame.html
Frame ID: A08523641B09FFA181FD7D7A14CDE4A0
Requests: 4 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aJmT09ScUsStZbM0W7tTmnw4sJ2YbMLUmTw4A39Q6bB4WYnXHrJnt2N4PvT5GM9Vc3lUsbeRPFxWtZbWUbjP3rArVErqTa3iSEBHRcQZbRrZatPHviVcY24bqunWqq0qqp2tnZaQVrF46vIpHXtVWjaXFv8YrYg1TEsPUrEWFQSVdJ3orZbxPbrp1EZbs4aYd4EURmE7IXFYgTd7UmmrInGrtmHfJ5EZb73GTrSpbMn3NpQa&mediaDataID=9148826&mediaName=frame.html
Frame ID: F264D931A5CFF07BD876AFE298CBD79F
Requests: 4 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aKmT091E3t3TZbi4aY5nEnB1rjaUWjQnPQBnVnnpHnC5EYl5dEt5PvKmF3JXsvS1cQTXV7xnTvW5FZbVVU7ZcWPMYQqM2SVYOQHUt0HvtT6QM4sYUXUMKUPqm56Zb9R67K2HYy0HBJntiM4ABR3sQbTGY7WGMhS6rvWWvTWbjP3r2oUqnvVaJ8STvKSVbZbPUZavRWMiVcf25bysmWesXqyN4dbZdSGrZa4BjZaNTEHo5NVt8&mediaDataID=5436426&mediaName=frame.html
Frame ID: F66AD40955342F799833EE1F923C5298
Requests: 4 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aLmT09STYZcQVJLRberRWUbUVfU5b2nnWZaOXauu3dMESG7C26MZcotXmUdfcXUvc1UZb7XqitRbJEWFJYVdYWmbZbsQbjp1qQN5EUc5T73oTJG1rZbfTtjSnmUIms7nmHrJ3TY83dmt5PJJmUbZd0GUUYGU00cvumaJU5bvUTU7ZcWP74REMQQVZbmStYN1tnsWAQp2c3UYbBAUPmt46Q7P6fH4WZbOXWBAnVuvSS38n2UhJV&mediaDataID=8039566&mediaName=frame.html
Frame ID: 362763D1BF08C46F42F9EFB56D2040A8
Requests: 4 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=ammT092avYoTbD1bZb6UHjQoA3ZamGUmpHQJ3T3g2ter3AjIpbQZbXVfVXVM10sfvpTj25F3VVFnHUPf4PTrQQsQmPHZbuYHjwVAbn3GB00UvZbVmqw56Q8PABG3dZbqXW3AntIn5mBP5c3bUGJcUcBjRmUNUHFTTFZb15U6nUaMvVEJbSTYFScQZdRrZatRHMkWVQ54UyxnWuyYTqN2WvGQG7B2mJHmdXyTcr6TVrUmNYtFx&mediaDataID=6530936&mediaName=frame.html
Frame ID: 7321E7B9470BF9AE2EABB758865F70AA
Requests: 4 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aomT09T6Mu4sY4XUUAVAXp2Pn6PAZbI3WrO0HQLmdEv36UW3cY9TsJ7VVFlR6UxWdQ5Wbb03b2nUabpVEYlQE3IRcJZdRFixRH7kVcbP2FTrodiOXqyM4tMCPsrH2mUHotZaOTHQ8XrY7XrYeXaIoRFYBUrB0WHv2oFjoRFbNYTFs3TZba4T75oTBDXb77WWJXmPrBmsjvpdrE3qQe3tap3AvGprbEXtZbQUUYjm7Aw67&mediaDataID=4056396&mediaName=frame.html
Frame ID: DE0B67F6D81E748D646EDD49BEA0D70E
Requests: 4 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=apmT09oTbD1rZb8WWfToPbIpGUtmWnE2Er73d6r4A7ZbprnK0V3SYsF01sBynafV5UQ4TUfEWA73RTj1Qs3MQdJu0H7rTPnn3cBWYbZbZaVmXq2PUeQP7A3HvM1dBLpdAo5mU05cj9Tsv8VGMfPPvMUHUQUUMY2UipUEQmTEYlQEBZdQVJCPFuqPHU8VcQQ2UTxmteOYEam3HvCQsfF4m3KmdXyVWQhXTZbbUcFXpZaSbfA&mediaDataID=6546596&mediaName=frame.html
Frame ID: B1D7D5A990172AA947571DD79CF4B397
Requests: 4 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aqmT09PHvdUVMU4bTmndZas0q2n3WjEQVZbZa46YZapdAtVWFb0r3dYFYl1TZamRUYEWUUQTdQ3mrQoRFMqYTUy5EJf5Tv5oafKXUUhTtMWoA3ZdpGvwptrF3Evk2Hmr3AbGnbnHXVfSYsrY1cvwpTFQ3rUPVbnHVmQ5RqYXSs3MQdUOYt7uVPbN4srVXbMZaUPXw4AQeQPnJ3tQo0d3JndIO36BY3sjgTWjc1U7YnnnW19&mediaDataID=6807466&mediaName=frame.html
Frame ID: 33740391A38BDA05C200FF236965C47A
Requests: 4 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=armUCk4sY40UUZaTA6n5AM7R6FG3dBq1HvAntZav46YR3svaVsMaWsMkS6MOUWUTWrfR5rEoWqjmTEBbQEQFSGZbZdQF6qPtrkVVb35r6qodAn0qmp2dUDPs7E5AJZcmWeOUWYe0bYcYU7l1aqtRFFHWUUYWtr0orZbxQbJtYErr3TBh5aMQnafKYrU9WHbXmPfKpGUwpWQF5q3k2Wmq5mvJpFfJXs3QYVQ40cZbnpTv45UFWQbjrifnChg&mediaDataID=5578346&mediaName=frame.html
Frame ID: 156E27F7FF8E2BC42268404DCA65440E
Requests: 4 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=axmT09Vmqn2PU8PmJD3tnsXWrDmHIM4PvY5cM7UcQcUcfiPAnxUtFQTFF33UZamUqvxTEQbQTBZaQGYIPbevRWM7VcMR2rmondqMYEey4dQBSGjZa5AUJpt6rUdQ60brkYFZb60qqqRrvCTrBXTtrXmUBtPrrtXqrt3afj2qnRmEMC1rZbfUtMUoA3ZbnVfspt3J3TQ72HyM46bLnFvZbXGMW1cFVXGvnnb3UQcYdmSiVek&mediaDataID=6719746&mediaName=frame.html
Frame ID: D4FF52199981974679EB0A246CD666A9
Requests: 4 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aymT09oAnKpGvnpd7C3EYe5tEn3PBZcmF3EXVvQXc33XGjOpEZbW3FFPWrJDWmn3REnSSsUtQtUyYdnoVmrp2c3XYbUZcVAyp26ZbgQPMF4WvnXWYAndTN5AvP4Gj7VcUjWsf7RAFxUtrRTUM15b6tWTMrVqJcPanZcQcjLRbevRW7cUVM54r6sodAtYEXv2dQZdQVfZa5AFEpHEnTdZb8XbM91UY9XaqMRTjGYc3enuDWFy&mediaDataID=6347136&mediaName=frame.html
Frame ID: B02F8A46B616305AEA79FCD9002DE0A6
Requests: 4 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aMmT09odiq0qmw4trCSVvF2mvLmtioTHfhXrvbXUBeXa6pPrMEUFB5WHn0mFBoRU7y1T3s5TUj2qfXmEjIYbJaTtbUomvIpV7uptfG5Evl5teN4mjZcpFUIYsfQ1cYV0VjonEvW3FrSWbnFUA31Par3QGZbqPHbNYHFnTmrp2cB50UUDTAit2PMbQAFF4HvO0H3AmWPn4A3T5Gn9Tc36UcM8PPFoUV7VYG7hoZcZaXZc9&mediaDataID=7665496&mediaName=frame.html
Frame ID: EF7EB9B8CBA9DB8F524E8A9DB55898B5
Requests: 4 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: FEE179DCAB841FCA899B5D48B8CF050E
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 591428EFA5400F4A938E1F9BF8910FD5
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=webfonts.ffonts.net&gdpr=1&gdpr_consent=
Frame ID: 61EFCE1CF461AC98204EED2734ABCCE4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 9DAAD7DDFFD08FC6C170C6892D3C8C45
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 897DB1135B72C27AE121751278CAC14C
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: A33FDD65D784C69E6CAD13B17D31125B
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 67EC091B616D44677ADA98B4543AADB5
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 9CAF8C502A0605558925EDD2B0A653C6
Requests: 2 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: CDCC5D6EEFE98B22362D59DBDD9D532D
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 4DD55B10E903DAF1F12366E2BFBE6C67
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: B55A2946D1766DD854C87C2186D9C36E
Requests: 22 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: A03FA0AF49834AB75C1FC7B71D4B550A
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 66F22241A311FBC48D2DF2DC3D47C314
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: B39E675D5549F882154861587E048C76
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13401985
Frame ID: 1AE33443503C39458E0F8F458CFD7ADD
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 9F016EEA81A12D7B372862F950602168
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 21E0026D87583BCC1996A8DC8AA67F14
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 59605BEA25C0E281293A4E99254484D8
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 37509773352CCB3DA5924BE6A320A923
Requests: 2 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 54C7304C1087FC58BBFA7F307D589444
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 912373D43F5F216C54951084DB29BDCA
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 03C81ED26EF1B195A876B77101EEAA6A
Requests: 2 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 4F5955B90AFA3C9950FA6628AEFFED31
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 3D62414F384DD6B690E71EDA2E301B22
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 779A4E350FD16483825DA0CBC7EA94DA
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 0F20ACECB2E69D199EC5805F137558C8
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 9B6E77CD68B25768D1BB66CBEF140743
Requests: 2 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=undefined&d=https://webfonts.ffonts.net/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: A7EC7CFB73F46BAA49F546C0839D00E2
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F
Frame ID: 2CA143BB455C6C856C68152CDDBA70D8
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1418811660511071063
Frame ID: A8DB0D51C70067A9D5795B16008F5F25
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 80E8AD2850CECDA7951C4DF81C4A3023
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7036716032266205336
Frame ID: AB8794D24EA7996EECEA4CE6430484B6
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yadv8wAIraNalABR&gdpr=0&gdpr_consent=&_test=Yadv8wAIraNalABR
Frame ID: FBA4A290639328AA00AA8A5D2E9ECB1C
Requests: 1 HTTP requests in this frame

Frame: https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
Frame ID: E6932F0DFE17E59C8418FDDFD6C26826
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: EE13C97FAB891C2DB6A15B184B7D4DAE
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2685852313
Frame ID: 5E645109CF1C6A0C7DFB24B27D0D65DF
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=2sXqZUHqavNmNYqu2BayX6ME
Frame ID: EADE05EA1B8291EEB95FACCD1357A66D
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: B775A3833C3CD9FD78981E371D4DECE0
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync
Frame ID: 72C2C4D76A796D3D3A661E53B7E2A4DD
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 39EC7845449C9260B7BAC4CA8A038DFD
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=444378f5-313e-4e98-911d-0410ef28a266-tuct8a0f573&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 01812A680554FB3FCCF861C079D2C658
Requests: 1 HTTP requests in this frame

Frame: https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 797890AE003516DFD4F2B33020C86D66
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=undefined&d=https://webfonts.ffonts.net/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: FFC76C0760F776A589F0E901FB89F059
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=undefined&d=https://webfonts.ffonts.net/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 00814015C9A17D027CCB01CA8A68D9BA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Lato Black WebFont - FFonts.net

Page Statistics

318
Requests

85 %
HTTPS

37 %
IPv6

69
Domains

107
Subdomains

73
IPs

10
Countries

2845 kB
Transfer

8128 kB
Size

50
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://www.whatfontis.com/
Title: What Font Is

Search URL Search Domain Scan URL

URL: https://www.ffonts.net/Lato-Black.font
Title: Back to Font page

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://webfonts.ffonts.net/Lato-Black.font

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=https://webfonts.ffonts.net/Lato-Black.font+Lato+Black+WebFont

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https://webfonts.ffonts.net/Lato-Black.font

Search URL Search Domain Scan URL

URL: https://www.ffonts.net/
Title: ENEnglish

Search URL Search Domain Scan URL

URL: https://de.ffonts.net/
Title: DEDeutch

Search URL Search Domain Scan URL

URL: https://es.ffonts.net/
Title: ESEspanol

Search URL Search Domain Scan URL

URL: https://ro.ffonts.net/
Title: RORomana

Search URL Search Domain Scan URL

URL: https://fr.ffonts.net/
Title: FRFrancais

Search URL Search Domain Scan URL

URL: https://it.ffonts.net/
Title: ITItaliano

Search URL Search Domain Scan URL

URL: https://pt.ffonts.net/
Title: PRPortuguese

Search URL Search Domain Scan URL

URL: https://cn.ffonts.net/
Title: CHChinese

Search URL Search Domain Scan URL

URL: https://ru.ffonts.net/
Title: RURussian

Search URL Search Domain Scan URL

URL: https://ar.ffonts.net/
Title: ARArabic

Search URL Search Domain Scan URL

URL: https://jp.ffonts.net/
Title: JPJapanese

Search URL Search Domain Scan URL

URL: https://in.ffonts.net/
Title: INIndian

Search URL Search Domain Scan URL

URL: http://www.whatfontis.com/
Title: Font Finder

Search URL Search Domain Scan URL

URL: https://kreativfont.com/
Title: Kreativ Font

Search URL Search Domain Scan URL

URL: http://www.fontocean.com/
Title: Font Ocean

Search URL Search Domain Scan URL

URL: http://www.fontfreak.com/
Title: Fonts

Search URL Search Domain Scan URL

URL: http://www.free-fonts.com/
Title: Free Fonts

Search URL Search Domain Scan URL

URL: http://www.fontriver.com/
Title: Font River

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwebfonts.ffonts.net%2F&domain=webfonts.ffonts.net&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=XY_w-XxYZGZybUkyZ2RqTDk5Yk1LMGZuUWR5UmxodzJONW9FbTBlLzF0eDBiRVR3SFhvdEtoN0EzRVJPWW56NU5GaUxsN29aZ1M5TFpLNk5WV253L1Z1RXUwSXJaY1AySXR4ZURMUWs1TlgrRURITEZCMmtVbXliSTJ5eW5TVE5QTTNUT0RyZXdpcks4UVpkRzBwUkVidGZGY0g3cThPeEZmTGE2ZzVaTE9hVVpoQkxVY3orMXZvTHUwWi9OM052S0RKZUhWT3BMY1JFb010dkxjcGV6d1dKOG9ZUzYvY2xZeGw4WFR2SWZoeHc1NyswPXw&cppv=2

Request Chain 45

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-setupad&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu

Request Chain 49

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwebfonts.ffonts.net%2F&domain=webfonts.ffonts.net&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=9K518nwzaGdISitJWDJ2VUJtTS8vNEE1eDNiT0xPd0dHczU5MDFmRXlmclRwbnBBeS8yYVduaURXcW1jSElNS2prSzk4KzU5dlhrb1I0dVA5U2hZSENmaGlZbDE1cnI5Unh5ak90SDJQU0JMNXUyRS9wRk44WkJ5SEFoUlNHT0plUlhoTlB6bXZOQytMZDRKeGVFcVdHVlp4ZmVLdm5wbDl5end1akFZMjMrS2dSMHAzbndKQ1IrYXZsTW9XSnZ3YzM3ZUdTamVUbDE1Uld0dUpiVktPbkV0R2dEREVDU0crY0gvUnBuY3lVS1gxQW1rPXw&cppv=2

Request Chain 52

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-setupad&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu

Request Chain 56

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwebfonts.ffonts.net%2F&domain=webfonts.ffonts.net&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=Q6RU2HxwYzFKdFlZTWNWRUs4TFVtMkpFZzBWQWVBT0dOZnVYZzNHRmtHYTlIdkszN0xLWEVQYmlWenJpeGdyU2N6aWttWERraUtXMWV6QTJ2ZTJMcjhEOUZFcGUybkp0ZXQ3bktDc0xNejNSUDJobno5STZya25WcnRucU9PZFdhK3ZlK3VYaG44K1pIbUNUa2pkMEQwYTVaTDA4cHRYOGFZbHV1VEI4dW5qbXF1bjJ5Y1MrUnVuMUl1YTdFNHZNelY0NWhhSi9UUkNqc29ua3lkU0JJVm9vSytaK0FsbEtxRkZZWWJtVUdrc0NRTTFzPXw&cppv=2

Request Chain 59

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-setupad&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu

Request Chain 137

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://prebid-stag.setupad.net/setuid?bidder=sovrn&gdpr=1&gdpr_consent=&uid=bb982fccf43d76693d50dbd2

Request Chain 138

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://prebid-stag.setupad.net/setuid?bidder=sovrn&gdpr=1&gdpr_consent=&uid=bb982fccf43d76693d50dbd2

Request Chain 155

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dOSjNMNVktNC1CSkg=

Request Chain 156

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEM1591093Wg1niQj4zf9Ex4&google_cver=1

Request Chain 157

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/LGr3S06Nx-1eqyGahZPFPQ?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6233835538310646971

Request Chain 158

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=b45461a7-6fef-4e00-b674-68a921b00484

Request Chain 161

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KWNJ3L5Y-4-BJH&sigv=1&esig=2~a6c591d377f0fb4b528000308b377d71edcdc506

Request Chain 162

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGM5ZWM4MDc1NjFhNzlhOTYxY2RiYTQ0NDMxZGE3NTIyNjkzMGJhOA

Request Chain 199

https://a.tribalfusion.com/i.match?p=b10&u=18072662301623784059&redirect=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D111756%26nid%3D3856%26put%3D%24TF_USER_ID_ENC%24%26expires%3D180 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=111756&nid=3856&put=18072662301623784059&expires=180

Request Chain 201

https://dsum-sec.casalemedia.com/rrum?cm_dsp_id=131&external_user_id=18072662301623784059&cb=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db20%26u%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db20%26u%3D&cm_dsp_id=131&external_user_id=18072662301623784059&C=1 HTTP 302
https://a.tribalfusion.com/i.match?p=b20&u=Yadv8COuHfhFcq0TvqWBygAA

Request Chain 202

https://sync.search.spotxchange.com/partner?adv_id=8731&uid=18072662301623784059&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db19%26u%3D$SPOTX_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8731&uid=18072662301623784059&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db19%26u%3D$SPOTX_USER_ID&__user_check__=1&sync_id=79c09775-52a5-11ec-97b2-1384e0ef0206 HTTP 302
https://a.tribalfusion.com/i.match?p=b19&u=79c0970a-52a5-11ec-97b2-1384e0ef0206

Request Chain 203

https://a.tribalfusion.com/i.match?p=b24&u=18072662301623784059&redirect=https%3A%2F%2Fpublic-prod-dspcookiematching.dmxleo.com%2Fdspreply%3FdspId%3D15%26dspUserId%3D%24TF_USER_ID_ENC%24 HTTP 302
https://public-prod-dspcookiematching.dmxleo.com/dspreply?dspId=15&dspUserId=18072662301623784059 HTTP 307
https://public-prod-dspcookiematching.dmxleo.com/dspreply?dspId=15&dspUserId=18072662301623784059&cookieRequired=true

Request Chain 204

https://a.tribalfusion.com/i.match?p=b22&u=18072662301623784059&redirect=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dexponential%26partner_uid%3D%24TF_USER_ID_ENC%24 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=exponential&partner_uid=18072662301623784059

Request Chain 205

https://dpm.demdex.net/ibs:dpid=22054&dpuuid=18072662301623784059&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db13%26u%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22054&dpuuid=18072662301623784059&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db13%26u%3D%24%7BDD_UUID%7D HTTP 302
https://a.tribalfusion.com/i.match?p=b13&u=65676838459133964601478801428935479948

Request Chain 208

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%253A//simage2.pubmatic.com/AdServer/Pug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%2526piggybackCookie%253D18072662301623784059%2526r%253Dhttps%25253A//a.tribalfusion.com/i.match%25253Fp%25253Db11%252526u%25253D%252524%25257BPUBMATIC_UID%25257D HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%253A//simage2.pubmatic.com/AdServer/Pug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%2526piggybackCookie%253D18072662301623784059%2526r%253Dhttps%25253A//a.tribalfusion.com/i.match%25253Fp%25253Db11%252526u%25253D%252524%25257BPUBMATIC_UID%25257D&rdf=1 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw&piggybackCookie=18072662301623784059&r=https%3A//a.tribalfusion.com/i.match%3Fp%3Db11%26u%3D%24%7BPUBMATIC_UID%7D HTTP 302
https://a.tribalfusion.com/i.match?p=b11&u=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F

Request Chain 211

https://pixel.advertising.com/ups/57628/sync?uid=18072662301623784059&_origin=1&redir=true HTTP 302
https://pixel.advertising.com/ups/57628/sync?uid=18072662301623784059&_origin=1&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/57628/sync?uid=18072662301623784059&_origin=1&redir=true&apid=UP79e588cf-52a5-11ec-a81f-06c961e645ba HTTP 302
https://a.tribalfusion.com/i.match?p=b17&u=UP79e588cf-52a5-11ec-a81f-06c961e645ba

Request Chain 212

https://aa.agkn.com/adscores/g.pixel?sid=9212295768&_puid=18072662301623784059 HTTP 302
https://a.tribalfusion.com/i.match?p=b23&u=164881103987000219656

Request Chain 223

https://cm.g.doubleclick.net/pixel?google_nid=exp&google_cm&google_sc&google_ula=2786954&google_hm=18072662301623784059 HTTP 302
https://a.tribalfusion.com/i.match?p=b6&u=adx&google_gid=CAESEMmPKficajz_n_sz7TcCGTw&google_cver=1&google_ula=2786954,0

Request Chain 224

https://tags.bluekai.com/site/4229?id=18072662301623784059&redir=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db3%26u%3D%24_BK_UUID HTTP 302
https://a.tribalfusion.com/i.match?p=b3&u=$_BK_UUID

Request Chain 282

https://c1.adform.net/serving/cookie/match?party=14&cid=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F

Request Chain 283

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1418811660511071063

Request Chain 285

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7036716032266205336

Request Chain 286

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=Yadv8wAIraNalABR HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yadv8wAIraNalABR&gdpr=0&gdpr_consent=&_test=Yadv8wAIraNalABR

Request Chain 288

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

Request Chain 289

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2685852313 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2685852313

Request Chain 290

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=2sXqZUHqavNmNYqu2BayX6ME

Request Chain 294

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=444378f5-313e-4e98-911d-0410ef28a266-tuct8a0f573&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 296

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=S4xn-p5xSgO22f75NtBPjw%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 297

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b45461a7-6fef-4e00-b674-68a921b00484

Request Chain 299

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEI4QzY3RkEtOUU3MS00QTAzLUI2RDktRkVGOTM2RDA0RjhG&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 300

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEH-yAY6KitMpUNTjZKFMlWE&google_cver=1

Request Chain 302

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:b45461a7-6fef-4e00-b674-68a921b00484&gdpr=0&gdpr_consent=

Request Chain 303

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7456456566637907742

Request Chain 304

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=

Request Chain 305

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3604086807526404106&gdpr=0&gdpr_consent=

Request Chain 306

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=hy3RwYd61sWcKYSTiH6dxocr1ZCcJYDOhSpv5vkM

Request Chain 308

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-xJYZTftE2uVdcuSVz1F9ddVne0CubnY-~A&gdpr=0&gdpr_consent=

Request Chain 309

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_user_id=0b21188b-9ce2-42e1-a25e-5d5d038195e3

Request Chain 310

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3500546326807151105&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 312

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

318 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request Lato-Black.font Show response
webfonts.ffonts.net/ 55 KB
11 KB 159ms
87ms Document
text/html 95.216.234.12
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.234.12 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.12.234.216.95.clients.your-server.de

Software

Resource Hash

b339776b5d5fc473d9a6654ee12b7a33067f47c205f6714f07743303e67181d6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN

GET
H2 200 all.css
d144mzi0q5mijx.cloudfront.net/test/css/ 246 KB
38 KB 87ms
56ms Stylesheet
text/css 2600:9000:2156:2400:1:c815:1b40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d144mzi0q5mijx.cloudfront.net/test/css/all.css

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:2400:1:c815:1b40:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

0929ca1b40b95c50c0476bbbe79666bfced5eea2cf6a488d0e6a17223fc69798

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
last-modified: Mon, 01 Feb 2021 09:35:06 GMT
x-amz-cf-pop: FRA50-C1
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css
via: 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
cache-control: max-age=31104000, private
accept-ranges: bytes
content-length: 38942
x-amz-cf-id: CnCgs55RaGhWfQhkYnMNpPc99K30_jy1-PxuHRAxFRbF_h1XPUEp1g==
expires: Sat, 26 Nov 2022 12:51:57 GMT

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
1 KB 38ms
15ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans&display=swap

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a73461ad2eb2853c2e1a93781e56d513275a44a7e6e4c9a3cda7a6fda0bdc3a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 01 Dec 2021 12:21:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 01 Dec 2021 12:51:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Dec 2021 12:51:57 GMT

GET
H2 200 index.php
webfonts.ffonts.net/ 955 B
721 B 84ms
83ms Stylesheet
text/css 95.216.234.12
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://webfonts.ffonts.net/index.php?p=css&id=32157

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.234.12 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.12.234.216.95.clients.your-server.de

Software

Resource Hash

d238699370b7526a7aaf28a71a05e63f65f00b3fded35717831e051cac9ac24e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/Lato-Black.font
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 index.php
webfonts.ffonts.net/ 519 B
535 B 62ms
61ms Stylesheet
text/css 95.216.234.12
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://webfonts.ffonts.net/index.php?p=csss&id=13879

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.234.12 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.12.234.216.95.clients.your-server.de

Software

Resource Hash

f306f186f768e851b8445d6f47cf68c5c9ac5569dd468d9f34178c9341a89ee0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/Lato-Black.font
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 index.php
webfonts.ffonts.net/ 579 B
541 B 108ms
108ms Stylesheet
text/css 95.216.234.12
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://webfonts.ffonts.net/index.php?p=csss&id=13880

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.234.12 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.12.234.216.95.clients.your-server.de

Software

Resource Hash

ec907d5c1baad33474208ea9f67cb8ddafdaf3dfdb85ffa4ab5979aa8478680a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/Lato-Black.font
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 index.php
webfonts.ffonts.net/ 609 B
546 B 131ms
131ms Stylesheet
text/css 95.216.234.12
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://webfonts.ffonts.net/index.php?p=csss&id=13881

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.234.12 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.12.234.216.95.clients.your-server.de

Software

Resource Hash

88360e455fffc64f7e87e260f019b93b33a94f46a491a6cc6f33eccc8642530a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/Lato-Black.font
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 78 KB
27 KB 45ms
15ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe917a5ef00f3ba444fe50063ece8266ac0e6d684945f6a7e031617415d5e20b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1060 / 347 of 1000 / last-modified: 1638361254"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26843
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Dec 2021 12:51:57 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
51 KB 68ms
40ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d03238dfc043e20593c01a5e6e120831b5d16b05ba81e137be668b3dee54ad79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51207
x-xss-protection: 0
server: cafe
etag: 11086757382956800708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 01 Dec 2021 12:51:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 47ms
18ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-9036721-1

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c621ac4819ac962fca64ea4882a7fcdb4a3c123061396ddfb774f209f8f3e6d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36142
x-xss-protection: 0
last-modified: Wed, 01 Dec 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 01 Dec 2021 12:51:57 GMT

GET
H2 200 spacer.gif
d144mzi0q5mijx.cloudfront.net/images/ 43 B
408 B 108ms
108ms Image
image/gif 2600:9000:2156:2400:1:c815:1b40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://d144mzi0q5mijx.cloudfront.net/images/spacer.gif

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:2400:1:c815:1b40:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
via: 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
last-modified: Tue, 24 Aug 2004 08:09:54 GMT
x-amz-cf-pop: FRA50-C1
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: max-age=31104000, private
accept-ranges: bytes
content-length: 43
x-amz-cf-id: CAH6Se3j7rKWzpt7gVWnEQBQQ9GlkeybkAY_ReviQEXCJJdEjHgf7Q==
expires: Sat, 26 Nov 2022 12:51:57 GMT

GET
H2 200 all.2.js Show response
d144mzi0q5mijx.cloudfront.net/test/js/ 150 KB
45 KB 117ms
116ms Script
application/javascript 2600:9000:2156:2400:1:c815:1b40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d144mzi0q5mijx.cloudfront.net/test/js/all.2.js

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:2400:1:c815:1b40:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

b970b6deca6abfdf4dc6455df1329c7e9086e454f5ec3c99b40910bec7b6108c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
last-modified: Thu, 21 Jan 2021 18:15:33 GMT
x-amz-cf-pop: FRA50-C1
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
cache-control: max-age=31536000, private
accept-ranges: bytes
content-length: 45412
x-amz-cf-id: dCHY2uokQUyP3Znsuvo6ftXPi0rFIEK_0gp7hlUSVMVE1F2nAFHHVQ==
expires: Thu, 01 Dec 2022 12:51:57 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 60ms
15ms Script
application/javascript 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-121.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Wed, 01 Dec 2021 12:51:57 GMT
x-host: s7.addthis.com
content-length: 116382

GET
H2 200 logo-ffonts.png
d144mzi0q5mijx.cloudfront.net/test/images/ 2 KB
2 KB 110ms
110ms Image
image/png 2600:9000:2156:2400:1:c815:1b40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://d144mzi0q5mijx.cloudfront.net/test/images/logo-ffonts.png

Requested by

Host: d144mzi0q5mijx.cloudfront.net
URL: https://d144mzi0q5mijx.cloudfront.net/test/css/all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:2400:1:c815:1b40:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

0b9aee99a671a8bde72ca256d20838fad407f01a4a355e8eb6e217822f0c83af

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d144mzi0q5mijx.cloudfront.net/test/css/all.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
via: 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
last-modified: Thu, 10 Dec 2020 20:43:00 GMT
x-amz-cf-pop: FRA50-C1
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31104000, private
accept-ranges: bytes
content-length: 1749
x-amz-cf-id: D2aifcT3i1HGG_BT-9FkgWZv0eao0h6gtdxa7ju0N0WMYp2LRjs0WQ==
expires: Sat, 26 Nov 2022 12:51:57 GMT

GET
H2 200 ui.svg
d144mzi0q5mijx.cloudfront.net/i/ 21 KB
7 KB 111ms
111ms Image
image/svg+xml 2600:9000:2156:2400:1:c815:1b40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://d144mzi0q5mijx.cloudfront.net/i/ui.svg

Requested by

Host: d144mzi0q5mijx.cloudfront.net
URL: https://d144mzi0q5mijx.cloudfront.net/test/css/all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:2400:1:c815:1b40:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

f6bbbc58328e644c5eba7be1d2bfecf2ec07d38c33ba1b8cf9e8e8d8ed383e83

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d144mzi0q5mijx.cloudfront.net/test/css/all.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
last-modified: Wed, 29 Mar 2017 21:12:07 GMT
x-amz-cf-pop: FRA50-C1
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
via: 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
cache-control: max-age=31104000, private
accept-ranges: bytes
content-length: 6968
x-amz-cf-id: e27wJHKfw7TV3Y_9S__VgCGb0DkL99y3hLKqOIYa479pUtoA8Sfclw==
expires: Sat, 26 Nov 2022 12:51:57 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v27/ 16 KB
17 KB 31ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://webfonts.ffonts.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 13:44:20 GMT
x-content-type-options: nosniff
age: 428857
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16692
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:32:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 26 Nov 2022 13:44:20 GMT

GET
H2 200 adx Show response
pubads.g.doubleclick.net/gampad/ 57 KB
14 KB 94ms
56ms XHR
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/adx?iu=/147246189/ffonts.net_300x600_left_sticky_DFP&sz=300x600&t=Placement_type%3Dserving&1638363117772

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

eb49faef8a20f4241eec4b545a0553acff93c4179b0713370f8a7f0ce7597453

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13524
x-xss-protection: 0
google-lineitem-id: 5435899422
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138346369437
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Lato-Black.ttf.woff
webfonts.ffonts.net/webfonts/L/A/Lato-Black/ 47 KB
48 KB 31ms
30ms Font
application/font-woff 95.216.234.12
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://webfonts.ffonts.net/webfonts/L/A/Lato-Black/Lato-Black.ttf.woff

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/index.php?p=css&id=32157

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.234.12 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.12.234.216.95.clients.your-server.de

Software

Resource Hash

192ed66777fc3ad5e8893e65e3fe3455ff04798dc11846b7150fd96717f4a61d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://webfonts.ffonts.net/index.php?p=css&id=32157
Origin: https://webfonts.ffonts.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
vary: User-Agent
last-modified: Fri, 24 Feb 2012 11:42:59 GMT
x-frame-options: SAMEORIGIN
content-type: application/font-woff
cache-control: max-age=31104000
accept-ranges: bytes
content-length: 48544
expires: Sat, 26 Nov 2022 12:51:57 GMT

GET
H2 200 Sombras-Jed.ttf.woff
webfonts.ffonts.net/webfonts/S/O/Sombras-Jed/ 15 KB
15 KB 30ms
30ms Font
application/font-woff 95.216.234.12
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://webfonts.ffonts.net/webfonts/S/O/Sombras-Jed/Sombras-Jed.ttf.woff

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/index.php?p=csss&id=13879

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.234.12 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.12.234.216.95.clients.your-server.de

Software

Resource Hash

c12e5053441decbdfd592d5514766382f40572789ba8c46d40746f22d012dcdd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://webfonts.ffonts.net/index.php?p=csss&id=13879
Origin: https://webfonts.ffonts.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
vary: User-Agent
last-modified: Fri, 24 Feb 2012 00:12:46 GMT
x-frame-options: SAMEORIGIN
content-type: application/font-woff
cache-control: max-age=31104000
accept-ranges: bytes
content-length: 14872
expires: Sat, 26 Nov 2022 12:51:57 GMT

GET
H2 200 Mister-Loopy-Fill.ttf.woff
webfonts.ffonts.net/webfonts/M/I/Mister-Loopy-Fill/ 16 KB
16 KB 30ms
30ms Font
application/font-woff 95.216.234.12
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://webfonts.ffonts.net/webfonts/M/I/Mister-Loopy-Fill/Mister-Loopy-Fill.ttf.woff

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/index.php?p=csss&id=13880

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.234.12 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.12.234.216.95.clients.your-server.de

Software

Resource Hash

71ed257e4b156a08f760e8210c87743706596497b6aba79c79724f0bf200319b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://webfonts.ffonts.net/index.php?p=csss&id=13880
Origin: https://webfonts.ffonts.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
vary: User-Agent
last-modified: Fri, 24 Feb 2012 00:12:50 GMT
x-frame-options: SAMEORIGIN
content-type: application/font-woff
cache-control: max-age=31104000
accept-ranges: bytes
content-length: 16108
expires: Sat, 26 Nov 2022 12:51:57 GMT

GET
H2 200 Mister-Loopy-Regular.ttf.woff
webfonts.ffonts.net/webfonts/M/I/Mister-Loopy-Regular/ 35 KB
35 KB 49ms
49ms Font
application/font-woff 95.216.234.12
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://webfonts.ffonts.net/webfonts/M/I/Mister-Loopy-Regular/Mister-Loopy-Regular.ttf.woff

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/index.php?p=csss&id=13881

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.234.12 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.12.234.216.95.clients.your-server.de

Software

Resource Hash

caae85e94d4aded836428f3ac7a5f0cef0b09cd84ebddb44d0f65fc88c4b5060

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://webfonts.ffonts.net/index.php?p=csss&id=13881
Origin: https://webfonts.ffonts.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
vary: User-Agent
last-modified: Fri, 24 Feb 2012 00:12:53 GMT
x-frame-options: SAMEORIGIN
content-type: application/font-woff
cache-control: max-age=31104000
accept-ranges: bytes
content-length: 35708
expires: Sat, 26 Nov 2022 12:51:57 GMT

GET
H2 200 adx Show response
pubads.g.doubleclick.net/gampad/ 57 KB
13 KB 54ms
53ms XHR
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/adx?iu=/147246189/ffonts.net_160x600_sticky_DFP&sz=160x600&t=Placement_type%3Dserving&1638363117841

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

fd59309035d7587b663c15421ef8f1059957a5ca196e879b8cd72d52758cb65b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13469
x-xss-protection: 0
google-lineitem-id: 5381648375
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138359670143
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 flags_2x.png
d144mzi0q5mijx.cloudfront.net/i/ 4 KB
4 KB 41ms
41ms Image
image/png 2600:9000:2156:2400:1:c815:1b40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://d144mzi0q5mijx.cloudfront.net/i/flags_2x.png

Requested by

Host: d144mzi0q5mijx.cloudfront.net
URL: https://d144mzi0q5mijx.cloudfront.net/test/css/all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:2400:1:c815:1b40:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

69ada733de1303defaf9f14aa858c5e2088f7b976af2e62a6f7932af840b28fc

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d144mzi0q5mijx.cloudfront.net/test/css/all.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
via: 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
last-modified: Wed, 29 Mar 2017 21:23:34 GMT
x-amz-cf-pop: FRA50-C1
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31104000, private
accept-ranges: bytes
content-length: 3593
x-amz-cf-id: nF2QsjRHG1fy-Vg91Wvp3wg0SGz-g78g9OqMIdZETFz_UtzKchVo2A==
expires: Sat, 26 Nov 2022 12:51:57 GMT

GET
H2 200 pubads_impl_2021111801.js Show response
securepubads.g.doubleclick.net/gpt/ 345 KB
117 KB 42ms
16ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111801.js?31063845

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

0f9c649592b9f0b610c746da1ed7a7fb0c95b828c427e807ffa656773d734e53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118624
x-xss-protection: 0
last-modified: Thu, 18 Nov 2021 09:34:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Dec 2021 12:51:57 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 173 B
394 B 19ms
17ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=webfonts.ffonts.net

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

3b4854350456f43704f227d592622a24d66b01aad6e747b1aa7470ab607ef585

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118
x-xss-protection: 0
expires: Wed, 01 Dec 2021 12:51:57 GMT

GET
H2 200 adx Show response
pubads.g.doubleclick.net/gampad/ 56 KB
13 KB 57ms
56ms XHR
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/adx?iu=/147246189/ffonts.net_970x90_anchor_desktop_1_DFP&sz=970x90&t=Placement_type%3Dserving&1638363117891

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

594066ebcfb2404413b97d17ce76d04c760e23cd0280fded895d0d31b89af13b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13319
x-xss-protection: 0
google-lineitem-id: 5360398274
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138360099667
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 45ms
7ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-9036721-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6650
date: Wed, 01 Dec 2021 11:01:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 01 Dec 2021 13:01:07 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111150101/ 271 KB
97 KB 57ms
33ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7766349947687093&plah=webfonts.ffonts.net&bust=31063760

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a259baa44d6c3c08c9b8ad761119ca79731b27595a0a8b9dbeb87b02de92e7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99665
x-xss-protection: 0
server: cafe
etag: 17629328520561306712
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 01 Dec 2021 12:51:57 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/ Frame DE46 11 KB
5 KB 46ms
7ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 01 Dec 2021 06:55:30 GMT
expires: Wed, 15 Dec 2021 06:55:30 GMT
content-type: text/html; charset=UTF-8
etag: 16478831307880631077
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4883
x-xss-protection: 0
age: 21387
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 stpd201221.js Show response
stpd.cloud/assets/postbid/ Frame C05A 463 KB
142 KB 84ms
36ms Script
application/javascript 2606:4700:3108::ac42:2b03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/assets/postbid/stpd201221.js
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b03 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbdac823938b140735189041f4f6bdc9c12ae46510c594c36a7ef34e4cacaf76

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-md5: UPMA+dy3nglRLSveNIVHTg==
age: 4270
x-ms-lease-status: unlocked
last-modified: Wed, 01 Dec 2021 07:39:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WZtmLto7s1IW14Sn0bODXbR%2BT%2BQ4m9iEsm7cjDtnOs8HmBS4HZzQWUbIvEUxwhuumj25dKejqkD7Zf0qaxqDFwmEXpu%2FYtjVoOd0HdG3rVJOM5w0FHxCM%2BbpNnQ1rVW5cSxWoPkN8Xs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-ms-request-id: 67cbde58-e01e-002b-7586-e67f5b000000
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6b6c732f9eeb375b-MXP

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 94ms
29ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=57189
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
H2 200 stpd201221.js Show response
stpd.cloud/assets/postbid/ Frame C08C 463 KB
142 KB 50ms
48ms Script
application/javascript 2606:4700:3108::ac42:2b03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/assets/postbid/stpd201221.js
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b03 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbdac823938b140735189041f4f6bdc9c12ae46510c594c36a7ef34e4cacaf76

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-md5: UPMA+dy3nglRLSveNIVHTg==
age: 4270
x-ms-lease-status: unlocked
last-modified: Wed, 01 Dec 2021 07:39:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fc5B9Kta4s3HCDr6C8nuOoeVBhpqUVsi5YfBAp1lGGEc7OUqOh5D0CekryYNhIdi%2BXaABoQQ6cmum0IlaxW1vkkwLq%2Fl0c66Iv4FS59QFOgR66iEPASXpDGId8KXtAtozRIKOX0shwg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-ms-request-id: 67cbde58-e01e-002b-7586-e67f5b000000
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6b6c732faf23375b-MXP

GET
H2 200 stpd201221.js Show response
stpd.cloud/assets/postbid/ Frame DC76 463 KB
142 KB 72ms
71ms Script
application/javascript 2606:4700:3108::ac42:2b03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/assets/postbid/stpd201221.js
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b03 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbdac823938b140735189041f4f6bdc9c12ae46510c594c36a7ef34e4cacaf76

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-md5: UPMA+dy3nglRLSveNIVHTg==
age: 4270
x-ms-lease-status: unlocked
last-modified: Wed, 01 Dec 2021 07:39:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FplLpJlkTp6%2FkVVKyQEgK0YZ5CUdILuC8IUx3tXZpZj2Y78wlQtpAXTI8PMmoo5aSkW%2BnWzX335lhbW5N3ABQLFImxl%2F%2FABELFZBQWmAnYSzJqbyvfJNrJs9rWvL3ocw4hZICDx0CPI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-ms-request-id: 67cbde58-e01e-002b-7586-e67f5b000000
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6b6c732fcf5a375b-MXP

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 68ms
22ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=webfonts.ffonts.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111801.js?31063845

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 375ms
82ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=webfonts.ffonts.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111801.js?31063845

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 51ms
15ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=692759534&t=pageview&_s=1&dl=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&ul=en-us&de=UTF-8&dt=Lato%20Black%20WebFont%20-%20FFonts.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1247588977&gjid=189201617&cid=190856743.1638363118&tid=UA-9036721-1&_gid=1428945928.1638363118&_r=1&gtm=2ouba1&z=625632980

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 35ms
7ms Image
image/gif 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=692759534&t=event&_s=2&dl=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&ul=en-us&de=UTF-8&dt=Lato%20Black%20WebFont%20-%20FFonts.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=V21&ea=display&el=de&ev=0&_u=YEBAAUABAAAAAC~&jid=&gjid=&cid=190856743.1638363118&tid=UA-9036721-1&_gid=1428945928.1638363118&gtm=2ouba1&z=1474382172

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 20:52:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 57551
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 37 KB
10 KB 196ms
179ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2991471355930297&correlator=3287369104034930&output=ldjh&impl=fifs&eid=31063845%2C31063182%2C44755509&vrg=2021111801&ptt=17&sc=1&sfv=1-0-38&ecs=20211201&iu_parts=12900770%2CFF_728x90_top%2CFF728_90tribal%2CFF_details_middle%2CFF_300x600_left_2&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%2C728x90%2C728x90%2C300x600%7C300x250&cookie_enabled=1&bc=31&abxe=1&lmt=1638363118&dt=1638363118152&dlt=1638363117569&idt=477&frm=20&biw=1600&bih=1200&oid=2&adxs=424%2C426%2C426%2C33&adys=98%2C3164%2C905%2C4556&adks=3766281543%2C2969236952%2C589654146%2C462831078&ucis=1%7C2%7C3%7C4&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&vis=1&dmc=8&scr_x=0&scr_y=0&psz=830x90%7C830x4%7C830x4%7C346x0&msz=728x-1%7C826x0%7C826x0%7C346x0&ga_vid=190856743.1638363118&ga_sid=1638363118&ga_hid=692759534&ga_fc=true&fws=0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0&btvi=0%7C1%7C0%7C2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111801.js?31063845

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

47ba5d5addbb2322f285feddc4a4e7d0e7d35b2e512224d3486fbc99d1ee0d6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10028
x-xss-protection: 0
google-lineitem-id: -2,48672010,-2,5132492528
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,26564369050,-2,138276912635
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
eff2b3f65c9c2302ee2dc69e1a471950.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2ECA 6 KB
4 KB 102ms
18ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://eff2b3f65c9c2302ee2dc69e1a471950.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111801.js?31063845

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 01 Dec 2021 12:51:58 GMT
expires: Thu, 01 Dec 2022 12:51:58 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ca-pub-7766349947687093 Show response
fundingchoicesmessages.google.com/i/ 80 KB
29 KB 87ms
42ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-7766349947687093?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111150101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7766349947687093&plah=webfonts.ffonts.net&bust=31063760

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f215b68d8af9c008639df391468c5634dc962ed8b5f4dd229799936a1a3194ff

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vUevD+ZaQEZWsjKXzOb/uQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-vUevD+ZaQEZWsjKXzOb/uQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-vUevD+ZaQEZWsjKXzOb/uQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-vUevD+ZaQEZWsjKXzOb/uQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 70ms
21ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwebfonts.ffonts.net%2F&domain=webfonts.ffonts.net&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://webfonts.ffonts.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://webfonts.ffonts.net
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1808
date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame C05A 134 KB
36 KB 63ms
10ms Script
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: qkOcdGsoDUMvfWusL4m2BAijBZa3LkSN
content-encoding: gzip
etag: 1e39d25f07f5619925357b752ab10d04
age: 704
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1HBJVC19HG19QDKA85WX
date: Wed, 01 Dec 2021 12:40:50 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: LbagAP-ptU8g5TvuwtrRYPwTd_cWb5OOMjwWK34MoFUm3qgUArJPKA==

GET
H2 200 localstore.js Show response
script.4dex.io/ Frame C05A 483 B
555 B 90ms
34ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3
content-type: application/javascript
x-amz-request-id: tx20fcbba173164c66b29ed-0061961d50
x-amz-id-2: tx20fcbba173164c66b29ed-0061961d50
last-modified: Thu, 18 Nov 2021 09:29:40 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6UMZWdQoXyXLbWj1NXQN2wrJ%2B2NKmyOMx%2Ber1krQHgBYW8AU2dO7%2BVc%2Bes8tY%2BbM5ZJC1NyS5V85c1a3bbsaSN79mSOha1rqJm0ECz4bPMb76JLrRzPc4IG5iSWEnzvvWdT76DWfvSSeO2n3"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 1637227780937425
cache-control: public, max-age=1800
cf-ray: 6b6c73315e0a4ee5-FRA
expires: Wed, 01 Dec 2021 13:21:58 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame C05A
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwebfonts.ffonts.net%2F&domain=webfonts.ffonts.net&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=XY_w-XxYZGZybUkyZ2RqTDk5Yk1LMGZuUWR5UmxodzJONW9FbTBlLzF0eDBiRVR3SFhvdEtoN0EzRVJPWW56NU5GaUxsN29aZ1M5TFpLNk5WV253L1Z1RXUwSXJaY1AySXR4ZURMUWs1TlgrRURITEZCMmtVbXliSTJ5eW...

345 B
598 B

94ms
39ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=XY_w-XxYZGZybUkyZ2RqTDk5Yk1LMGZuUWR5UmxodzJONW9FbTBlLzF0eDBiRVR3SFhvdEtoN0EzRVJPWW56NU5GaUxsN29aZ1M5TFpLNk5WV253L1Z1RXUwSXJaY1AySXR4ZURMUWs1TlgrRURITEZCMmtVbXliSTJ5eW5TVE5QTTNUT0RyZXdpcks4UVpkRzBwUkVidGZGY0g3cThPeEZmTGE2ZzVaTE9hVVpoQkxVY3orMXZvTHUwWi9OM052S0RKZUhWT3BMY1JFb010dkxjcGV6d1dKOG9ZUzYvY2xZeGw4WFR2SWZoeHc1NyswPXw&cppv=2

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2663e96e969aae2dfb105817e81aa09703f2d6afa94fe0a6c8c7bb09b4fce089

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Wed, 01 Dec 2021 12:51:58 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3189
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Wed, 01 Dec 2021 12:51:58 GMT
location: https://mug.criteo.com/sid?cpp=XY_w-XxYZGZybUkyZ2RqTDk5Yk1LMGZuUWR5UmxodzJONW9FbTBlLzF0eDBiRVR3SFhvdEtoN0EzRVJPWW56NU5GaUxsN29aZ1M5TFpLNk5WV253L1Z1RXUwSXJaY1AySXR4ZURMUWs1TlgrRURITEZCMmtVbXliSTJ5eW5TVE5QTTNUT0RyZXdpcks4UVpkRzBwUkVidGZGY0g3cThPeEZmTGE2ZzVaTE9hVVpoQkxVY3orMXZvTHUwWi9OM052S0RKZUhWT3BMY1JFb010dkxjcGV6d1dKOG9ZUzYvY2xZeGw4WFR2SWZoeHc1NyswPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1844
content-length: 482
expires: 0

POST
H/1.1 200 481.json Show response
id5-sync.com/g/v2/ Frame C05A 213 B
537 B 83ms
11ms XHR
application/json 51.89.7.205
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.7.205 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p28.id5-sync.com

Software

Resource Hash

983a8e31a519b41d2606188246f57165a4385caeffde7c3503746691eac854d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://webfonts.ffonts.net
Date: Wed, 01 Dec 2021 12:51:49 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame C05A 78 KB
26 KB 39ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a089e15ed323f589e0d965e5a2655555bc1bc9e35ac28f66aba03687b9cd1618

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1060 / 823 of 1000 / last-modified: 1638361093"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26848
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Dec 2021 12:51:58 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 73B8
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-setupad&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu

281 B
554 B

45ms
12ms

Document
text/html

23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 26 Oct 2021 17:01:05 GMT
ETag: "40334-119-5cf446c48f640"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 01 Dec 2021 12:51:58 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Date: Wed, 01 Dec 2021 12:51:58 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 40ms
22ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwebfonts.ffonts.net%2F&domain=webfonts.ffonts.net&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://webfonts.ffonts.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://webfonts.ffonts.net
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1481
date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame C08C 134 KB
36 KB 46ms
24ms Script
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: qkOcdGsoDUMvfWusL4m2BAijBZa3LkSN
content-encoding: gzip
etag: 1e39d25f07f5619925357b752ab10d04
age: 704
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1HBJVC19HG19QDKA85WX
date: Wed, 01 Dec 2021 12:40:50 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: boQK_K6l0cfcw9vKE8qWS639DvNAr-sRGh_FIqk-yhsLj_hlY0smhw==

GET
H2 200 localstore.js Show response
script.4dex.io/ Frame C08C 483 B
958 B 46ms
23ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3
content-type: application/javascript
x-amz-request-id: tx20fcbba173164c66b29ed-0061961d50
x-amz-id-2: tx20fcbba173164c66b29ed-0061961d50
last-modified: Thu, 18 Nov 2021 09:29:40 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H3VMv0zeOpNgmMKD4tIqnYdvGs1RD2IBw2ZUXCRExvtTSjgAvkAqoq7AuYP9Rr0doU2MKj4eg55l9fuWuNncByi42EMiWcLJe7iM3JIV5QoMIT4i%2BUigDfpMQnWnp1BcGFLqD1fZRYMYfYeh"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 1637227780937425
cache-control: public, max-age=1800
cf-ray: 6b6c73315e0e4ee5-FRA
expires: Wed, 01 Dec 2021 13:21:58 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame C08C
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwebfonts.ffonts.net%2F&domain=webfonts.ffonts.net&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=9K518nwzaGdISitJWDJ2VUJtTS8vNEE1eDNiT0xPd0dHczU5MDFmRXlmclRwbnBBeS8yYVduaURXcW1jSElNS2prSzk4KzU5dlhrb1I0dVA5U2hZSENmaGlZbDE1cnI5Unh5ak90SDJQU0JMNXUyRS9wRk44WkJ5SEFoUl...

345 B
602 B

93ms
38ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=9K518nwzaGdISitJWDJ2VUJtTS8vNEE1eDNiT0xPd0dHczU5MDFmRXlmclRwbnBBeS8yYVduaURXcW1jSElNS2prSzk4KzU5dlhrb1I0dVA5U2hZSENmaGlZbDE1cnI5Unh5ak90SDJQU0JMNXUyRS9wRk44WkJ5SEFoUlNHT0plUlhoTlB6bXZOQytMZDRKeGVFcVdHVlp4ZmVLdm5wbDl5end1akFZMjMrS2dSMHAzbndKQ1IrYXZsTW9XSnZ3YzM3ZUdTamVUbDE1Uld0dUpiVktPbkV0R2dEREVDU0crY0gvUnBuY3lVS1gxQW1rPXw&cppv=2

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

6d4114b46f492655729126d0585dc2f0bc9c4a99c7cc332e0e46e05c35f3ba7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Wed, 01 Dec 2021 12:51:57 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2486
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Wed, 01 Dec 2021 12:51:57 GMT
location: https://mug.criteo.com/sid?cpp=9K518nwzaGdISitJWDJ2VUJtTS8vNEE1eDNiT0xPd0dHczU5MDFmRXlmclRwbnBBeS8yYVduaURXcW1jSElNS2prSzk4KzU5dlhrb1I0dVA5U2hZSENmaGlZbDE1cnI5Unh5ak90SDJQU0JMNXUyRS9wRk44WkJ5SEFoUlNHT0plUlhoTlB6bXZOQytMZDRKeGVFcVdHVlp4ZmVLdm5wbDl5end1akFZMjMrS2dSMHAzbndKQ1IrYXZsTW9XSnZ3YzM3ZUdTamVUbDE1Uld0dUpiVktPbkV0R2dEREVDU0crY0gvUnBuY3lVS1gxQW1rPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1701
content-length: 482
expires: 0

POST
H/1.1 200 481.json Show response
id5-sync.com/g/v2/ Frame C08C 213 B
537 B 73ms
14ms XHR
application/json 51.89.7.205
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.7.205 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p28.id5-sync.com

Software

Resource Hash

b164da3ed590408b615a8c9a637c5366b57ffeedb88cb64f8b2a16f110097a04

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://webfonts.ffonts.net
Date: Wed, 01 Dec 2021 12:51:49 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame C08C 78 KB
26 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f77d7891e5c65f93a63918e35bb4f0ebdf4f7b2b2b1e08aafaddb0f49aa8fefc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1060 / 143 of 1000 / last-modified: 1638361254"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26875
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Dec 2021 12:51:58 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame CC2B
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-setupad&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu

281 B
554 B

37ms
12ms

Document
text/html

23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 26 Oct 2021 17:01:05 GMT
ETag: "40334-119-5cf446c48f640"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 01 Dec 2021 12:51:58 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Date: Wed, 01 Dec 2021 12:51:58 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 23ms
22ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwebfonts.ffonts.net%2F&domain=webfonts.ffonts.net&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://webfonts.ffonts.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://webfonts.ffonts.net
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1380
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame DC76 134 KB
36 KB 11ms
11ms Script
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: qkOcdGsoDUMvfWusL4m2BAijBZa3LkSN
content-encoding: gzip
etag: 1e39d25f07f5619925357b752ab10d04
age: 704
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1HBJVC19HG19QDKA85WX
date: Wed, 01 Dec 2021 12:40:50 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 1EIz3gdQ3XQeHpkaxV0eYSXY90aX20cWCDn_Q3FzC3lyduXY2UVOhQ==

GET
H2 200 localstore.js Show response
script.4dex.io/ Frame DC76 483 B
561 B 23ms
22ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3
content-type: application/javascript
x-amz-request-id: tx20fcbba173164c66b29ed-0061961d50
x-amz-id-2: tx20fcbba173164c66b29ed-0061961d50
last-modified: Thu, 18 Nov 2021 09:29:40 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DpFC6M0duwUeVapFwpc12AKRG3XkJ23yOEwDVM%2BF%2BVD9DNizNW2rwYk6VL%2BuxcIRcGVYdAhrJO%2Bmevhn3Gs8SLWakeoyy%2BhLcNBoZgey%2FOSvioJSRvBjB4Xej0G1OrYQrZv9L%2FQI8%2ByI03ZV"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 1637227780937425
cache-control: public, max-age=1800
cf-ray: 6b6c73316e6b4ee5-FRA
expires: Wed, 01 Dec 2021 13:21:58 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame DC76
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwebfonts.ffonts.net%2F&domain=webfonts.ffonts.net&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=Q6RU2HxwYzFKdFlZTWNWRUs4TFVtMkpFZzBWQWVBT0dOZnVYZzNHRmtHYTlIdkszN0xLWEVQYmlWenJpeGdyU2N6aWttWERraUtXMWV6QTJ2ZTJMcjhEOUZFcGUybkp0ZXQ3bktDc0xNejNSUDJobno5STZya25WcnRucU...

344 B
600 B

97ms
42ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=Q6RU2HxwYzFKdFlZTWNWRUs4TFVtMkpFZzBWQWVBT0dOZnVYZzNHRmtHYTlIdkszN0xLWEVQYmlWenJpeGdyU2N6aWttWERraUtXMWV6QTJ2ZTJMcjhEOUZFcGUybkp0ZXQ3bktDc0xNejNSUDJobno5STZya25WcnRucU9PZFdhK3ZlK3VYaG44K1pIbUNUa2pkMEQwYTVaTDA4cHRYOGFZbHV1VEI4dW5qbXF1bjJ5Y1MrUnVuMUl1YTdFNHZNelY0NWhhSi9UUkNqc29ua3lkU0JJVm9vSytaK0FsbEtxRkZZWWJtVUdrc0NRTTFzPXw&cppv=2

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

d30f320707f306eef2f7e2de871f539732aa725fa8bf292a9f16a923ec2bb194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Wed, 01 Dec 2021 12:51:58 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 10790
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Wed, 01 Dec 2021 12:51:57 GMT
location: https://mug.criteo.com/sid?cpp=Q6RU2HxwYzFKdFlZTWNWRUs4TFVtMkpFZzBWQWVBT0dOZnVYZzNHRmtHYTlIdkszN0xLWEVQYmlWenJpeGdyU2N6aWttWERraUtXMWV6QTJ2ZTJMcjhEOUZFcGUybkp0ZXQ3bktDc0xNejNSUDJobno5STZya25WcnRucU9PZFdhK3ZlK3VYaG44K1pIbUNUa2pkMEQwYTVaTDA4cHRYOGFZbHV1VEI4dW5qbXF1bjJ5Y1MrUnVuMUl1YTdFNHZNelY0NWhhSi9UUkNqc29ua3lkU0JJVm9vSytaK0FsbEtxRkZZWWJtVUdrc0NRTTFzPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1927
content-length: 482
expires: 0

POST
H/1.1 200 481.json Show response
id5-sync.com/g/v2/ Frame DC76 213 B
537 B 37ms
13ms XHR
application/json 51.89.7.205
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.7.205 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p28.id5-sync.com

Software

Resource Hash

70cbd771bb0e7851303bbf5772c6abbc7f554b642ddb4ffe24b3341758144834

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://webfonts.ffonts.net
Date: Wed, 01 Dec 2021 12:51:49 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame DC76 78 KB
26 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b09faee964e8aafc9425f379292ea8da0aef81090cab0a29a913d0e0cee4939e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1060 / 198 of 1000 / last-modified: 1638361254"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26849
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Dec 2021 12:51:58 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 82D6
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-setupad&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu

281 B
554 B

37ms
23ms

Document
text/html

23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 26 Oct 2021 17:01:05 GMT
ETag: "40334-119-5cf446c48f640"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 01 Dec 2021 12:51:58 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Date: Wed, 01 Dec 2021 12:51:58 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
441 B 152ms
84ms XHR
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-9036721-1&cid=190856743.1638363118&jid=1247588977&gjid=189201617&_gid=1428945928.1638363118&_u=YEBAAUAAAAAAAC~&z=1551567674

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 01 Dec 2021 12:51:58 GMT
content-type: text/plain
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame C05A 672 B
919 B 207ms
79ms XHR
application/json 2606:4700:20::ac43:44a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:44a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69a62946d5e9e76a92f84066604a9f0f5665a88fecb5dc26ee2d42ae0bbe3ede

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a7W5mhaFJ3kTHUCaFHYzs3crzHeIko0DCw%2BUALo3y%2BgzIiAiIYwXnqMMnkDA6uhESRkydwB%2FCVOFmzY697w3gJ%2FD6PLhkO55Jj%2BuMB2aUcKD9%2FRw7A%2Bh1nDdEbQr05HpKiWQ0VOya2FGf7NDpvA93ctnnSgK"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6b6c73328c69374b-MXP
expires: 0

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame C05A 2 KB
2 KB 298ms
172ms XHR
application/json 2606:4700:20::ac43:44a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:44a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39a0d09b3dbb7215c1bc39fec8eb5dca5f914073d33b3aaf2d19f0e632daba87

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EenzjWnc2TSuItro2%2BtM%2Bpy2cAVQg44dGLq6tw45xUWobLMQbHq2U8aQ69YY3XZQ6LPu03wlJ1SBJIMePRmPa9NPEoAcEuhKtWopUL%2FtK7zHZ4iA4LoqnR164UzPo%2FhZvsOGhuC3W3TzwYGIzj61PkVciumj"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6b6c73328c6d374b-MXP
expires: 0

GET
H2 200 arj Show response
setupad-d.openx.net/w/1.0/ Frame C05A 73 B
144 B 130ms
58ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://setupad-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=81920be8-740a-4537-adea-413c8481c8cb&nocache=1638363118347&pubcid=83510b7a-b594-4b69-98f6-3d9bb0289b3a&schain=1.0%2C1!setupad.com%2C67%2C1%2C%2C%2C&aus=300x600%2C300x250%2C300x300%2C160x600%2C250x600%2C120x600%2C240x400%2C240x500%2C250x360%2C250x500%2C200x600%2C240x600&divIds=div-custom-ad-1638363117954-0&auid=541185968
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: 1980d964fa7f00b6f0af3753c8dd8935fbc3e089fe228e96e4cd9775213c39bc

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ Frame C05A 0
35 B 202ms
52ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://webfonts.ffonts.net
access-control-allow-credentials: true
cf-ray: 6b6c7332bcc835c5-MAN
access-control-allow-headers: Content-Type, Origin

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame C05A 0
181 B 140ms
18ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://webfonts.ffonts.net
date: Wed, 01 Dec 2021 12:51:58 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame C05A 1 KB
1 KB 224ms
104ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=268776&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2213553a9fe203391%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22setupad.com%22%2C%22sid%22%3A%2267%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2214d1036dc72318e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_300x600_left_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%221596c60e25ff7c5%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_300x600_left_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%221623f47ac86275d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_300x600_left_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A300%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%2217cb9ebafd5929%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_300x600_left_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%22183861c1a016eb2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_300x600_left_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A250%2C%22h%22%3A600%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%2219ac96b0bed3642%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_300x600_left_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A120%2C%22h%22%3A600%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%222037deb94653041%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_300x600_left_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A240%2C%22h%22%3A400%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%2221002ef736cd66c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_300x600_left_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A240%2C%22h%22%3A500%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%222220fb582e161b4%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_300x600_left_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A250%2C%22h%22%3A360%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%222338f3f4304c969%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_300x600_left_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A250%2C%22h%22%3A500%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%2224a1b7dd737efac%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_300x600_left_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A200%2C%22h%22%3A600%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%222591f5da11637fb%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_300x600_left_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A240%2C%22h%22%3A600%2C%22topframe%22%3A0%7D%7D%5D%7D
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1d9f1314aad4e23a11aeb915671888b179293c9d6da48616406e84a5d9fde0eb

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.232.23.178], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://webfonts.ffonts.net
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 1033
x-ak-client-geo: 12
expires: Wed, 01 Dec 2021 12:51:58 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C05A 139 B
824 B 144ms
37ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

44cad15f46103d11b3509d78cb456e47b3dc71b81e7ef7701f8803e6181230d3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:51:58 GMT
X-Proxy-Origin: 185.232.23.178; 185.232.23.178; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 5d48c864-d7c2-4952-a60b-f6b3c8ab07b5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame C05A 24 B
524 B 143ms
26ms XHR
application/json 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.21.0-pre
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 44bd5aac289b020d10d4373635da493cbdb905a772da3207efbad13f40172f8e

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 01 Dec 2021 12:51:58 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

POST
H2 200 prebid Show response
mp.4dex.io/ Frame C05A 118 B
528 B 178ms
63ms XHR
application/json 2606:4700::6812:372
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mp.4dex.io/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a75899e5ecd7dc79b42209c86188cfe14653d5c6eae932d491faf5190bc2e10a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
expires: 0
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
strict-transport-security: max-age=63072000
cf-ray: 6b6c7332a9df0e26-MXP
x-err: Validating the Prebid Request adunits. Sampled or No valid non-debug AdUnits

POST
H/1.1 400
Bad Request auction Show response
rtb.adxpremium.services/openrtb2/ Frame C05A 66 B
386 B 1570ms
35ms XHR
text/plain 135.125.163.79
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.125.163.79 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3190286.ip-135-125-163.eu
Software: /
Resource Hash: 4660d6d6c688c038bb48fb2428351c6e43847ba2cd8106cbf428c773e8c82f3c

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:59 GMT
vary: Origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 66
expires: 0

POST
H2 204 / Show response
hb.emxdgt.com/ Frame C05A 0
160 B 129ms
17ms XHR
text/plain 3.120.57.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=3000&ts=1638363118385&src=pbjs
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.57.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-57-46.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://webfonts.ffonts.net
date: Wed, 01 Dec 2021 12:51:58 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame C05A 0
62 B 186ms
75ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://webfonts.ffonts.net
date: Wed, 01 Dec 2021 12:51:57 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame C05A 268 B
1 KB 715ms
344ms XHR
application/json 2602:803:c002:200::113
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13606&site_id=179158&zone_id=1796568&size_id=15&alt_size_ids=9%2C8%2C10%2C17%2C32%2C48%2C126%2C179&rp_schain=1.0,1!setupad.com,67,1,,,&eid_pubcid.org=83510b7a-b594-4b69-98f6-3d9bb0289b3a%5E1&rf=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&tk_flint=pbjs_lite_v4.21.0-pre&x_source.tid=81920be8-740a-4537-adea-413c8481c8cb&p_screen_res=1600x1200&rp_secure=1&slots=1&rand=0.21728249335934735
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c002:200::113 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 2161350732cb1db293da98d573b2c7dfc0226780894cff7983093c6026c27741

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:51:59 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 268
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame C05A 18 B
288 B 169ms
60ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.21.0-pre&cb=92196209211
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C05A 139 B
824 B 107ms
10ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

010b6118955ff22451b95baec97e3776a033cb340624a07c9fb2130e2bca93de

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:51:58 GMT
X-Proxy-Origin: 185.232.23.178; 185.232.23.178; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 7112cb16-c994-4d82-9821-b40a9dd815d9
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame C05A 171 B
570 B 208ms
92ms XHR
application/json 185.86.138.16
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:57 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 4%3b9%3b101
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

GET
H2 200 / Show response
adx.adform.net/adx/ Frame C05A 5 B
450 B 199ms
91ms XHR
application/json 37.157.4.24
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTg1MjE3NiZ0cmFuc2FjdGlvbklkPTgxOTIwYmU4LTc0MGEtNDUzNy1hZGVhLTQxM2M4NDgxYzhjYg%3D%3D&pt=gross&stid=8a1ddc6a-3cd3-4ddb-ab37-c1c631b180ca&fd=1&eids=eyJwdWJjaWQub3JnIjp7IjgzNTEwYjdhLWI1OTQtNGI2OS05OGY2LTNkOWJiMDI4OWIzYSI6WzFdfX0%3D

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame C08C 1 KB
700 B 155ms
82ms XHR
application/json 2606:4700:20::ac43:44a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:44a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20ded8704cf9843b4024ee9cf2064f6eddefb27a0d339db1b7d47033b59f3f9a

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5Py7SNzQFOPzWyiBJADI4DAiUAKtRg9ai2ne%2ByPRRoruwLvvLG9CM9wr0up5VCkaZCGAXWk6BeoTKqscKNdfTFyz28%2Fjg26VyjodOaty3tQ407I1s%2FzPsSvGYb%2Fz9i283qoWODJFskscV0l11MAH0NJp%2B6K"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6b6c73328c71374b-MXP
expires: 0

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame C08C 194 B
454 B 210ms
137ms XHR
application/json 2606:4700:20::ac43:44a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:44a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f781890b35e24f5b21afe3eabe0be452b619047727970a2968edd13383626002

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PAAnkImPhAD8PWXOPOxfi%2F3KkU%2B1PtznqKJPI5wEbI5SrAgj4qnc11zkPVpav7adzBNWhE2maxHE5LP10C7s3%2FCQuDGtMFYL9uV9XQGJRYDsLIRb4zE2JseECpn5CLXcRR0aG8QvjZCbYWEb28hr3YrC3xRw"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6b6c73328c74374b-MXP
expires: 0

POST
H2 204 / Show response
hb.emxdgt.com/ Frame C08C 0
160 B 113ms
16ms XHR
text/plain 3.120.57.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=3000&ts=1638363118399&src=pbjs
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.57.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-57-46.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://webfonts.ffonts.net
date: Wed, 01 Dec 2021 12:51:58 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame C08C 18 B
288 B 234ms
137ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.21.0-pre&cb=99964273044
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 204 v1 Show response
dmx.districtm.io/b/ Frame C08C 0
286 B 149ms
52ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://webfonts.ffonts.net
access-control-allow-credentials: true
cf-ray: 6b6c7332bccb35c5-MAN
access-control-allow-headers: Content-Type, Origin

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame C08C 0
118 B 148ms
51ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://webfonts.ffonts.net
date: Wed, 01 Dec 2021 12:51:58 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 arj Show response
setupad-d.openx.net/w/1.0/ Frame C08C 72 B
381 B 75ms
58ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://setupad-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=c86de30c-86e4-401c-b5ae-148a586bc98f&nocache=1638363118401&pubcid=83510b7a-b594-4b69-98f6-3d9bb0289b3a&schain=1.0%2C1!setupad.com%2C67%2C1%2C%2C%2C&aus=160x600%2C120x600%2C140x600&divIds=div-custom-ad-1638363118016-0&auid=541157896
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: a86df7c0164458673004ed0d1f419a318f9573015a59f718de7d6d4003fccf7a

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame C08C 171 B
570 B 242ms
133ms XHR
application/json 185.86.138.16
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 4%3b16%3b67
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H2 200 prebid Show response
mp.4dex.io/ Frame C08C 118 B
277 B 177ms
81ms XHR
application/json 2606:4700::6812:372
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mp.4dex.io/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a540ce8ffa4ecaa24064a905a805c9722a9a737c54d6506136bed74af1d903a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
x-warn: Validating the Prebid Request adunit sizes. 1 unsupported banner sizes for adUnit: div-custom-ad-1638363118016-0, Selecting bids. No selected bids
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
strict-transport-security: max-age=63072000
cf-ray: 6b6c7332a9e70e26-MXP
server: cloudflare
expires: 0

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame C08C 1 KB
1 KB 181ms
89ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=268776&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2227ebacf036b25fe%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22setupad.com%22%2C%22sid%22%3A%2267%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22289d710057889a6%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_160x600_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%2229978703c2b591d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_160x600_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A120%2C%22h%22%3A600%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%2230c444919d652ea%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_160x600_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A140%2C%22h%22%3A600%2C%22topframe%22%3A0%7D%7D%5D%7D
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f8b2ba2fa05745c8c1d02d50ed130cb81873e0cb51e30cdddc7fdad436dfbc49

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.232.23.178], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://webfonts.ffonts.net
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 1033
x-ak-client-geo: 12
expires: Wed, 01 Dec 2021 12:51:58 GMT

POST
H/1.1 400
Bad Request auction Show response
rtb.adxpremium.services/openrtb2/ Frame C08C 66 B
386 B 1591ms
77ms XHR
text/plain 135.125.163.79
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.125.163.79 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3190286.ip-135-125-163.eu
Software: /
Resource Hash: 34e8d61b27ceb3379885d35340957b110d19d579512293a9662a3ee2aae3d346

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:59 GMT
vary: Origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 66
expires: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame C08C 259 B
1 KB 697ms
333ms XHR
application/json 2602:803:c002:200::113
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13606&site_id=179158&zone_id=1010108&size_id=9&alt_size_ids=8&rp_schain=1.0,1!setupad.com,67,1,,,&eid_pubcid.org=83510b7a-b594-4b69-98f6-3d9bb0289b3a%5E1&rf=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&tk_flint=pbjs_lite_v4.21.0-pre&x_source.tid=c86de30c-86e4-401c-b5ae-148a586bc98f&p_screen_res=1600x1200&rp_secure=1&slots=1&rand=0.6690955233137756
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c002:200::113 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 4686d56763f1a1c32ea252c66645491a08e25fb5de9f10a4465400e54cfbc8df

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:51:59 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 259
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame C08C 5 B
450 B 171ms
78ms XHR
application/json 37.157.4.24
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNjA5NyZ0cmFuc2FjdGlvbklkPWM4NmRlMzBjLTg2ZTQtNDAxYy1iNWFlLTE0OGE1ODZiYzk4Zg%3D%3D&pt=gross&stid=03710c52-0442-46c4-837d-98e2dd11c015&fd=1&eids=eyJwdWJjaWQub3JnIjp7IjgzNTEwYjdhLWI1OTQtNGI2OS05OGY2LTNkOWJiMDI4OWIzYSI6WzFdfX0%3D

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame C08C 0
181 B 85ms
19ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://webfonts.ffonts.net
date: Wed, 01 Dec 2021 12:51:58 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame C08C 94 B
749 B 179ms
88ms XHR
application/json 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.21.0-pre
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 0d4ac358662918743c2b38b010a42525446ca79554e4d85623119edf25f3de2f

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 01 Dec 2021 12:51:58 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C08C 145 B
1 KB 276ms
196ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

6f77cc2f25a0a7e30e5b7da72979805339eaaca505308f2b70d023f39a4f3510

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:51:58 GMT
X-Proxy-Origin: 185.232.23.178; 185.232.23.178; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 9e6c51de-6528-4597-9c0d-105f3a52a55f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C08C 138 B
823 B 86ms
8ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

70c741dc6384f7ec0cdb9e55036889f7d79be728519bc177e0f97bfd9aa10e07

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:51:58 GMT
X-Proxy-Origin: 185.232.23.178; 185.232.23.178; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 11ecbe00-4a12-4f6a-a6ba-4fd62e6f0497
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 138
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame DC76 1 KB
704 B 133ms
86ms XHR
application/json 2606:4700:20::ac43:44a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:44a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20ded8704cf9843b4024ee9cf2064f6eddefb27a0d339db1b7d47033b59f3f9a

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dVVari5r%2BuPfqeVBMdVCyOCfbRr0HFHmO%2BnM9ZP4DEkqq6Ic9JdfpOHTN8YJRMtxZ3CYmyDvg7v%2Fi0FKklUnWdD6nJJTIJNahIFRJOfE%2FO8RCZXZAXVnPl8hIEC%2B22bueP0bw8STQXsUhFlHwSFTwhS8dszP"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6b6c73328c6e374b-MXP
expires: 0

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame DC76 193 B
445 B 198ms
152ms XHR
application/json 2606:4700:20::ac43:44a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:44a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca4f4bcc2a2373db7136da2549ebfcf2f746299f8c63b30d0d80e7b2214cf038

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2FeIGpqlhRga8ox%2Bonan7HZ%2BvN3gJ4Q48NjT1elOKNQL68NzphrS%2FxY58%2BXyBnuMUpr1u9FJvnAeLxBpYJEoENo%2BVdWIK5n8qe0g2AKmUNZqazx2j4pvIlILLqJNXLpDDz28Gdnolx5CNMx%2BGZ8FyHFek%2BZp"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6b6c73328c70374b-MXP
expires: 0

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame DC76 37 B
334 B 159ms
89ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=268776&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22134fdcb9d8dc71b%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22setupad.com%22%2C%22sid%22%3A%2267%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2214f934f53bd3d6c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_970x90_anchor_desktop_1%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%2215c799f0e2e3ce9%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_970x90_anchor_desktop_1%22%7D%2C%22banner%22%3A%7B%22w%22%3A950%2C%22h%22%3A90%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%2216b3c3071adc3b4%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_970x90_anchor_desktop_1%22%7D%2C%22banner%22%3A%7B%22w%22%3A900%2C%22h%22%3A90%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%2217bb8c299fadc8c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_970x90_anchor_desktop_1%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%2218b600757c9ebfe%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268776%22%2C%22sid%22%3A%22ffonts.net_970x90_anchor_desktop_1%22%7D%2C%22banner%22%3A%7B%22w%22%3A768%2C%22h%22%3A90%2C%22topframe%22%3A0%7D%7D%5D%7D
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7a6d6ea1b16f9ff6f512645b40252a81ec1df91b5d5dce96d39700015993a920

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.232.23.178], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://webfonts.ffonts.net
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 12
expires: Wed, 01 Dec 2021 12:51:58 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ Frame DC76 0
36 B 124ms
54ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://webfonts.ffonts.net
access-control-allow-credentials: true
cf-ray: 6b6c7332bccc35c5-MAN
access-control-allow-headers: Content-Type, Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame DC76 16 KB
8 KB 195ms
133ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

3c5a9346f0fe8e2e74fb8bbc30fea9a5149e3f606777081c1a18199811c354b3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 01 Dec 2021 12:51:58 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.232.23.178; 185.232.23.178; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: fc652190-7c48-4ac3-9c5b-b2b260ef9a14
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame DC76 5 B
451 B 141ms
72ms XHR
application/json 37.157.4.24
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgxNTg2OCZ0cmFuc2FjdGlvbklkPTE3M2IzNmI0LTE3MmEtNGQ2Yi04Nzk3LWMwNTk2NzQ0ZTNmNQ%3D%3D&pt=gross&stid=cf67da1b-d63b-4196-8edf-494aa0709546&fd=1&eids=eyJpZDUtc3luYy5jb20iOnsiMCI6WzFdfSwicHViY2lkLm9yZyI6eyI4MzUxMGI3YS1iNTk0LTRiNjktOThmNi0zZDliYjAyODliM2EiOlsxXX19

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame DC76 171 B
569 B 197ms
117ms XHR
application/json 185.86.138.16
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 4%3b8%3b49
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame DC76 24 B
524 B 138ms
43ms XHR
application/json 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.21.0-pre
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 3985c50b3882ef396e409b7c0a8c5745a1e451adf2b8eda3e84ce3df446d1dfb

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 01 Dec 2021 12:51:58 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame DC76 0
62 B 126ms
58ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://webfonts.ffonts.net
date: Wed, 01 Dec 2021 12:51:57 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
mp.4dex.io/ Frame DC76 118 B
305 B 144ms
77ms XHR
application/json 2606:4700::6812:372
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mp.4dex.io/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b5c6df3d95603757e24f51e21cf5c3d3db53ab0da1f077b82f92c9ba097f907

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
x-warn: Validating the Prebid Request adunit sizes. 3 unsupported banner sizes for adUnit: div-custom-ad-1638363118034-0, Selecting bids. No selected bids
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
strict-transport-security: max-age=63072000
cf-ray: 6b6c7332a9eb0e26-MXP
server: cloudflare
expires: 0

GET
H2 200 arj Show response
setupad-d.openx.net/w/1.0/ Frame DC76 72 B
144 B 46ms
46ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://setupad-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=173b36b4-172a-4d6b-8797-c0596744e3f5&nocache=1638363118432&id5id=0&pubcid=83510b7a-b594-4b69-98f6-3d9bb0289b3a&schain=1.0%2C1!setupad.com%2C67%2C1%2C%2C%2C&aus=970x90%2C950x90%2C900x90%2C728x90%2C768x90&divIds=div-custom-ad-1638363118034-0&auid=541157895
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: f31fc9d79b6f01f8b2213567764b387fba1bf3335a97be85db6d60e3624ab3a7

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame DC76 0
181 B 58ms
19ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://webfonts.ffonts.net
date: Wed, 01 Dec 2021 12:51:58 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 400
Bad Request auction Show response
rtb.adxpremium.services/openrtb2/ Frame DC76 65 B
385 B 1574ms
53ms XHR
text/plain 135.125.163.79
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.125.163.79 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3190286.ip-135-125-163.eu
Software: /
Resource Hash: e6677531b045f3b266ecc07884af8b8e0fe4e1b7a92ad624f9f296985c017f48

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:59 GMT
vary: Origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 65
expires: 0

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame DC76 18 B
288 B 123ms
59ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.21.0-pre&cb=33037038689
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 204 / Show response
hb.emxdgt.com/ Frame DC76 0
161 B 75ms
12ms XHR
text/plain 3.120.57.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=3000&ts=1638363118434&src=pbjs
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.57.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-57-46.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://webfonts.ffonts.net
date: Wed, 01 Dec 2021 12:51:58 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame DC76 139 B
824 B 114ms
57ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

f93676b1fc478004a0c1ba4e600213f2e22aca34f14ad67e97083f0aaa8d43d7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:51:58 GMT
X-Proxy-Origin: 185.232.23.178; 185.232.23.178; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: e0a89eb7-a68f-4b49-87dd-ea37e18ccc10
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame DC76 260 B
1 KB 563ms
226ms XHR
application/json 2602:803:c002:200::113
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13606&site_id=179158&zone_id=1722012&size_id=2&alt_size_ids=55&rp_schain=1.0,1!setupad.com,67,1,,,&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=83510b7a-b594-4b69-98f6-3d9bb0289b3a%5E1&rf=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&tk_flint=pbjs_lite_v4.21.0-pre&x_source.tid=173b36b4-172a-4d6b-8797-c0596744e3f5&p_screen_res=1600x1200&rp_secure=1&slots=1&rand=0.1499894391458736
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c002:200::113 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 311472ef673b626bc08f74a8daaf75db2d9783b9aafd3a5940d736385bf8b1f3

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:51:58 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 260
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H3 204 AGSKWxVXMmb-kYmyfJKokqvO-sqrp54RWcbY5JKUkb_jr204z6Yw5CFo2a9ckFtDQWzk76olWNHVXbMGoo5LO9Xrjqo= Show response
fundingchoicesmessages.google.com/el/ 0
26 B 70ms
26ms XHR
text/html 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVXMmb-kYmyfJKokqvO-sqrp54RWcbY5JKUkb_jr204z6Yw5CFo2a9ckFtDQWzk76olWNHVXbMGoo5LO9Xrjqo=?pvid=A59967CB-E298-4E9F-BCAF-36DAC2D71167&anonid=9D1A3AAD-70AA-4ECB-9552-1C87DA5D00FC

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.jBGPDRMou8E.es5.O/d=1/rs=AJlcJMzkT2N-B90OfeK8IWsDz8RN3NbzVg/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-A/9BIa+maoq6jsyq8ya+rg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-A/9BIa+maoq6jsyq8ya+rg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-A/9BIa+maoq6jsyq8ya+rg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-A/9BIa+maoq6jsyq8ya+rg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWm4_WEedKIsA87WJI-L87G3EwoozD5MajZy7ENqzL6eAT79UodWdVOrcrSV8hDTBoMgFgC0ZlXQNNXcCf-4AE= Show response
fundingchoicesmessages.google.com/f/ 244 KB
50 KB 99ms
61ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWm4_WEedKIsA87WJI-L87G3EwoozD5MajZy7ENqzL6eAT79UodWdVOrcrSV8hDTBoMgFgC0ZlXQNNXcCf-4AE=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjM4MzYzMTE4LDUyNzAwMDAwMF0sIkE1OTk2N0NCLUUyOTgtNEU5Ri1CQ0FGLTM2REFDMkQ3MTE2NyIsIjlEMUEzQUFELTcwQUEtNEVDQi05NTUyLTFDODdEQTVEMDBGQyIsbnVsbCxbbnVsbCxbN11dLCJodHRwczovL3dlYmZvbnRzLmZmb250cy5uZXQvTGF0by1CbGFjay5mb250IixudWxsLFtdXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf91c2834701bf26099bff2442dcc48f666536b1c7ec0c5be654fa9e8c82cce5

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-x07LFkVvfyWNzVC9+1ow4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-x07LFkVvfyWNzVC9+1ow4A' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-x07LFkVvfyWNzVC9+1ow4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-x07LFkVvfyWNzVC9+1ow4A' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame C05A 0
314 B 29ms
29ms XHR
text/plain 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwebfonts.ffonts.net&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 08:53:56 GMT
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
server: Server
age: 14281
x-cache: Hit from cloudfront
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: asrn_obAEC93ZPww37f_iLZCGIRRzrDbKCH1RK9zScSKF8rMynXj3A==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ Frame C05A 23 B
493 B 68ms
66ms XHR
text/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&pid=9yITzZqUIkuqM&cb=0&ws=300x150&v=7.71.1&t=1000&slots=%5B%7B%22sd%22%3A%22div-custom-ad-1638363117954-0%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x300%22%2C%22160x600%22%2C%22250x600%22%2C%22120x600%22%2C%22240x400%22%2C%22240x500%22%2C%22250x360%22%2C%22250x500%22%2C%22200x600%22%2C%22240x600%22%5D%2C%22sn%22%3A%22%2F147246189%2Fffonts.net_300x600_left_sticky%22%7D%5D&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.95.188 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-95-188.fra50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA50-C1
x-amz-rid: N3VMD9FVK6MMM6NKC0SA
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://webfonts.ffonts.net
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: F8GbKgn16y-nvISpnN2aaCu1u4YeEu9xn2FBQVDsRPYFa9pWkUwiqA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame C05A 6 KB
3 KB 55ms
19ms XHR
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: gYbY2ORQY5Qmsyt0ob0SiGH6tjIhuo4B
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 10127
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Tue, 09 Nov 2021 22:55:20 GMT
server: AmazonS3
date: Wed, 01 Dec 2021 10:03:12 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: gvhgnQBCM2uh5jVO6bPh75LQ5xqDHzC8cNSMR8pdN52cMT16hi-udg==

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 77ms
19ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1088
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
vary: Accept-Encoding

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 77ms
19ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1042
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
vary: Accept-Encoding

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 78ms
19ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1187
date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame DC76 0
314 B 27ms
25ms XHR
text/plain 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwebfonts.ffonts.net&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 08:53:56 GMT
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
server: Server
age: 14281
x-cache: Hit from cloudfront
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 58UOW9TjZcESKJoxytdbGcen5APWZv_NLQo4RWfSL4TmBfGeVFNwGw==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ Frame DC76 23 B
495 B 57ms
55ms XHR
text/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&pid=UT6GVUG8p2UxO&cb=0&ws=300x150&v=7.71.1&t=1000&slots=%5B%7B%22sd%22%3A%22div-custom-ad-1638363118034-0%22%2C%22s%22%3A%5B%22970x90%22%2C%22950x90%22%2C%22900x90%22%2C%22728x90%22%2C%22768x90%22%5D%2C%22sn%22%3A%22%2F147246189%2C12900770%2Fffonts.net_970x90_anchor_desktop_1%22%7D%5D&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.95.188 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-95-188.fra50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA50-C1
x-amz-rid: QRK8JTXBTYPQX6A1WWXC
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://webfonts.ffonts.net
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: GFhRqM1w4SNDWogwwqhm5uPm9JHVk8sj1YtvewBBi4KdUEfAflTSYg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame DC76 6 KB
3 KB 47ms
19ms XHR
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: gYbY2ORQY5Qmsyt0ob0SiGH6tjIhuo4B
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
x-amz-cf-pop: FRA50-C1
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Tue, 09 Nov 2021 22:55:20 GMT
server: AmazonS3
date: Wed, 01 Dec 2021 12:51:58 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-id: elyfhMA0iIRP7ja543_xD4pTelBKweQBq0kmNKoHoZ2ALcLQ5urZTw==

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame C08C 0
313 B 22ms
19ms XHR
text/plain 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwebfonts.ffonts.net&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 08:53:56 GMT
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
server: Server
age: 14281
x-cache: Hit from cloudfront
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: ttZKtCCY4tZ83DvAM-aYrdHKAksjBaQpXtqjxRqQ-osnQ3pk2WizuQ==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ Frame C08C 23 B
495 B 55ms
53ms XHR
text/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&pid=YsxHm3KI7G55i&cb=0&ws=160x150&v=7.71.1&t=1000&slots=%5B%7B%22sd%22%3A%22div-custom-ad-1638363118016-0%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%2C%22140x600%22%5D%2C%22sn%22%3A%22%2F147246189%2C12900770%2Fffonts.net_160x600_sticky%22%7D%5D&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.95.188 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-95-188.fra50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA50-C1
x-amz-rid: BW3QR0VJV935N4CPR0Z6
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://webfonts.ffonts.net
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: _GyTHfUsQVGDR4XQsoIiuqgUljdLPGw3ennDqkLxZhqPBwiBZg2AcQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame C08C 6 KB
3 KB 40ms
19ms XHR
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: gYbY2ORQY5Qmsyt0ob0SiGH6tjIhuo4B
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 10127
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Tue, 09 Nov 2021 22:55:20 GMT
server: AmazonS3
date: Wed, 01 Dec 2021 10:03:12 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: cXQ4kzB39PcJEmRW_diKCngPi8zMHDMD-WSkRPGRspeacax_CiypYw==

GET
H2 200 adagio.js Show response
script.4dex.io/ Frame C05A 71 KB
22 KB 50ms
23ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8854752a74f17180183321d2dba6179fda1d37cd626d436d2236dfb797e57fb8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1131325
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx9ef923c43db748a8bbec0-0061961f89
x-amz-id-2: tx9ef923c43db748a8bbec0-0061961f89
last-modified: Thu, 18 Nov 2021 09:29:40 GMT
server: cloudflare
etag: W/"ade00d0c7876260b60ee0cd4912d02bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iTesTXafHRBHI5sC8m3GPd1WZqW9YEdDUi7MTB%2BYDOiJ1%2BVCxb0HxNMcwyUgKqP1acp884oALkxGvmWGWW%2F3h0NX9qy98OBMjeR6WgDysrDbaBsPercDbeAA0qxs2ZmacvW5Hy88yaV8eQ5c"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1637227779984125
cf-ray: 6b6c73333f0edfb7-FRA
access-control-allow-headers: Authorization

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A02B 0
0 51ms
48ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu4cO3Sfmn5kKIhx-hWUAO6CHdGutUH_XEXB6dJDCP6igoIwdXdEkuKHJy9TEz1t6ruTixqXP9E3KUlMig4CneOrCjxYJr-zRF-kk5TxekqwFeTE5ktYWHX0_ypiCSdLCFE2t1F7b9RkLwgf7csFoyiEP8rbW8-djoOdyxF-xxoru2k5jBMVZ_ryOVAPLag6w6cINmMO1EWs_Hk611mkshfIH1KNkEweQi4e6Urhx-97bPONWLHDY6g04hM80hFbVT4V5Py1yvp2eo6fIpYuqgfQtPXnZzvXKRUOABT2m6BGy2DUfMaATOsKg&sai=AMfl-YQQh1c82RGSaPYVMA8UjNUg5pacoMAuaiLzF2tEe6-gQWJPVkvKxrn3xmuAKnhdBuUkKlj6OllLtsIZFCy7C46Tg9sthJxaU1fwzpSZJ4rsZRs2y1vkEWLIBFUfDlY&sig=Cg0ArKJSzOcAJzRjCodSEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Dec 2021 12:51:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 01 Dec 2021 12:51:58 GMT

GET
H2 200 tags.js Show response
tags.expo9.exponential.com/tags/FFontsnet/ROS/ Frame A02B 59 KB
14 KB 1042ms
976ms Script
application/x-javascript 2606:4700::6812:517
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.expo9.exponential.com/tags/FFontsnet/ROS/tags.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111801.js?31063845
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:517 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f7e9a4f93c6b2971ead8376a186ceab280a6128d6a2f3a51f93ea3f5e6c659f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:59 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
p3p: CP="NOI DEVo TAIa OUR BUS"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 14137
x-function: 151
last-modified: Wed, 11 Aug 2021 04:08:51 GMT
server: cloudflare
x-reuse-index: 1
etag: 7842166884405915754
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=3600, private
cf-ray: 6b6c73338ec6374c-MXP
expires: Wed, 01 Dec 2021 13:51:59 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A02B 119 KB
36 KB 27ms
24ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111801.js?31063845

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Dec 2021 12:51:58 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B7C6 0
0 50ms
50ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsua22xhiKsbYG2d94rzruJ3eu7emyRaULQ3K9yNz2uQp7tJ2NCkHHBRetKdTNrcA_ExmkrYjxngqAlHbolPmE9KINqgnQ7ce6wFNfcAVpbO23TKoEOXSMkvJmARFPUq8tc7oD4dr2hKpS1q8_VBcpj-CiLd-oDnKuzswcvE6_HGSGJCFlfo_EtHzvgOw-AntKJJQuPI9WuUAzB9iqYExeKdMHHbLIvUx0XhCToMzx_pUsidRSAZR4lG3Qs2m4rVLDqNzeU3bN4VNRClNTklWC6TxvUAcqo00OVZSBTsWa3geo1PCpjUd07bPdrGNOu1lQ&sai=AMfl-YSjWZ8ozg7zPLGNrCeSLlAtxbaNuEFAk0KC3IPKeFDERpG_p8EsaP5n0YsA28xFYo_Rho5wvZZH8ymesuDz_5K_dHs43_VDYzyKW_f96hoIPKKWIFXE-2r3SmUlDw8&sig=Cg0ArKJSzATOL4MCnjsMEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Dec 2021 12:51:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 01 Dec 2021 12:51:58 GMT

GET
H2 200 tags.js Show response
tags.expo9.exponential.com/tags/FFontsnet/ROS/ Frame B7C6 59 KB
14 KB 1032ms
976ms Script
application/x-javascript 2606:4700::6812:517
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.expo9.exponential.com/tags/FFontsnet/ROS/tags.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111801.js?31063845
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:517 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f7e9a4f93c6b2971ead8376a186ceab280a6128d6a2f3a51f93ea3f5e6c659f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:59 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
p3p: CP="NOI DEVo TAIa OUR BUS"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 14137
x-function: 151
last-modified: Wed, 11 Aug 2021 04:08:51 GMT
server: cloudflare
x-reuse-index: 1
etag: 7842166884405915754
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=3600, private
cf-ray: 6b6c73338ec7374c-MXP
expires: Wed, 01 Dec 2021 13:51:59 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B7C6 119 KB
36 KB 45ms
43ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111801.js?31063845

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Dec 2021 12:51:58 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame CC2B 32 KB
10 KB 14ms
13ms Script
text/html 23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 65445aacbafe7ae9e7c21a38e05b09e0b8af45eb6c11e4bd0a4816d836d016ca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 01 Dec 2021 12:51:58 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Nov 2021 00:01:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=73385
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9511
Expires: Thu, 02 Dec 2021 09:15:03 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 73B8 32 KB
10 KB 17ms
16ms Script
text/html 23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 65445aacbafe7ae9e7c21a38e05b09e0b8af45eb6c11e4bd0a4816d836d016ca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 01 Dec 2021 12:51:58 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Nov 2021 00:01:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=73385
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9511
Expires: Thu, 02 Dec 2021 09:15:03 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 82D6 32 KB
10 KB 22ms
21ms Script
text/html 23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 65445aacbafe7ae9e7c21a38e05b09e0b8af45eb6c11e4bd0a4816d836d016ca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 01 Dec 2021 12:51:58 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Nov 2021 00:01:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=73385
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9511
Expires: Thu, 02 Dec 2021 09:15:03 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 7175 14 KB
5 KB 131ms
30ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=1&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D1%26gdpr_consent%3D%26uid%3D
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=37255
expires: Wed, 01 Dec 2021 23:12:53 GMT
date: Wed, 01 Dec 2021 12:51:58 GMT
vary: Accept-Encoding

GET
H2

400

setuid
prebid-stag.setupad.net/ Frame C08C
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID&sovrn_retry=true
https://prebid-stag.setupad.net/setuid?bidder=sovrn&gdpr=1&gdpr_consent=&uid=bb982fccf43d76693d50dbd2

36 B
36 B

56ms
55ms

Image
text/plain

2606:4700:20::ac43:44a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=sovrn&gdpr=1&gdpr_consent=&uid=bb982fccf43d76693d50dbd2
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H2
Server: 2606:4700:20::ac43:44a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 248c5c260b8061ece6b0d78fb45760c32e728018cd13b8e44557f9de44d3ebb0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J387QlmnD7UjKIbsZMZ93eMKBm5w5MjB6KjYOaIHfycYTcS%2FAlyeGV%2FFCqoK241kECSegmYPdBQYA0cwVERTm6osoO3NldHibCXrR0ujaJluQ%2B%2FwITlm5krfJM8b%2FMllonyiHeCjyDzpSrW32WRcr4jDAY16"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
cf-ray: 6b6c7333f84f374b-MXP
content-length: 36
expires: 0

Redirect headers

Date: Wed, 01 Dec 2021 12:51:58 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://prebid-stag.setupad.net/setuid?bidder=sovrn&gdpr=1&gdpr_consent=&uid=bb982fccf43d76693d50dbd2
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H2

400

setuid
prebid-stag.setupad.net/ Frame DC76
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID&sovrn_retry=true
https://prebid-stag.setupad.net/setuid?bidder=sovrn&gdpr=1&gdpr_consent=&uid=bb982fccf43d76693d50dbd2

36 B
36 B

63ms
63ms

Image
text/plain

2606:4700:20::ac43:44a2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=sovrn&gdpr=1&gdpr_consent=&uid=bb982fccf43d76693d50dbd2
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H2
Server: 2606:4700:20::ac43:44a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 248c5c260b8061ece6b0d78fb45760c32e728018cd13b8e44557f9de44d3ebb0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:59 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=enxg3IxRrIHNukjUqyp0dpeZuSGXj%2FsHNLyo%2F0werF3Fu21SvgZf2t07QTjbCQrF5XrkudlFkodlDpr79VOMAE%2B69gUn6CBeZyZmIOToDNjUrEBPu%2Fk4309L7iaO%2B4PqfKuu0DFXm1Ix%2BBZJJ0bWvM1dx0KH"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
cf-ray: 6b6c7335ed23374b-MXP
content-length: 36
expires: 0

Redirect headers

Date: Wed, 01 Dec 2021 12:51:58 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://prebid-stag.setupad.net/setuid?bidder=sovrn&gdpr=1&gdpr_consent=&uid=bb982fccf43d76693d50dbd2
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H2 200 adagio.js Show response
script.4dex.io/ Frame C08C 71 KB
22 KB 33ms
32ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8854752a74f17180183321d2dba6179fda1d37cd626d436d2236dfb797e57fb8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1131325
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx9ef923c43db748a8bbec0-0061961f89
x-amz-id-2: tx9ef923c43db748a8bbec0-0061961f89
last-modified: Thu, 18 Nov 2021 09:29:40 GMT
server: cloudflare
etag: W/"ade00d0c7876260b60ee0cd4912d02bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QURKYBZBjdrHAncdJOKiSlLy4bf5y87%2FNqz9ME%2F1IQ0MmquMdYccpzWbvoieB83QW%2FhC7tqMjm1Ct7D2D8XCzaUmgZcZmlZjcNpkjcSmabezbRtwUqVrCrLM83WSF1Tkc83i8KdxR%2BOVYFXU"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1637227779984125
cf-ray: 6b6c73334f1bdfb7-FRA
access-control-allow-headers: Authorization

GET
H2 200 adagio.js Show response
script.4dex.io/ Frame DC76 71 KB
22 KB 40ms
39ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8854752a74f17180183321d2dba6179fda1d37cd626d436d2236dfb797e57fb8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1131325
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx9ef923c43db748a8bbec0-0061961f89
x-amz-id-2: tx9ef923c43db748a8bbec0-0061961f89
last-modified: Thu, 18 Nov 2021 09:29:40 GMT
server: cloudflare
etag: W/"ade00d0c7876260b60ee0cd4912d02bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LTD7giTi3OQntoAGssqSAHXKB1DA37T8EfES3ZOo1fvj6bB3f6fMz%2BnncO0vv8ktWChX1BPT%2BFQFzDxYwuZh4G1GgXRv2KzsxIXOK2DWzZEBADfgk8%2F02HVopMtdEBORFfeSUS%2BSayDlVex8"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1637227779984125
cf-ray: 6b6c73334f1cdfb7-FRA
access-control-allow-headers: Authorization

GET
H3 200 pubads_impl_2021111701.js Show response
securepubads.g.doubleclick.net/gpt/ Frame DC76 345 KB
116 KB 17ms
16ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js?31063842

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

8d8aa9c2c3798099cba43890c7808bfb34b70dbc853177ef287b50bc28161911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118578
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 09:34:38 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Dec 2021 12:51:58 GMT

GET
H3 200 pubads_impl_2021111701.js Show response
securepubads.g.doubleclick.net/gpt/ Frame C05A 345 KB
116 KB 23ms
21ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

8d8aa9c2c3798099cba43890c7808bfb34b70dbc853177ef287b50bc28161911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118578
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 09:34:38 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Dec 2021 12:51:58 GMT

GET
H3 200 pubads_impl_2021113001.js Show response
securepubads.g.doubleclick.net/gpt/ Frame C08C 348 KB
117 KB 28ms
28ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021113001.js?31063843

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

465b31f84196ddfdd21c859a1460c95d70093d91e3ae5ce5c688c398b9dc20f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119680
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 13:53:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Dec 2021 12:51:58 GMT

GET
H3 200 css
fonts.googleapis.com/ 54 KB
3 KB 52ms
25ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorIabTcfV2ClientJs.de.UlBfsWCqMBc.es5.O/d=1/rs=AJlcJMwLq3pe8YXw1OHDBAcMdWzrIUckNw/m=iabtcfv2wallscript

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9925babee5b2459d5c5b331cb20984e100de2511993a2d8bbca20627c8fbbaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 01 Dec 2021 12:51:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 01 Dec 2021 12:51:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Dec 2021 12:51:58 GMT

POST
H3 204 AGSKWxXaWCyjL2eRaiJxE9QtAU3hW5okEz_P0XfqZlsUCrbkOaNCYTw0rdVhS-kI0mAETE3tSIf-h-wQzB_ZPX1gPt7mRJxv_AHh4msPaQWUSyVg6s5GubTpGq1VrsZSDg-oa7_tQPX9TST4RsfSY1D7oIj1nWi4WZNtH3IlpiSOyzyEbwgb-6lR0MZ-6SUW Show response
fundingchoicesmessages.google.com/el/ 0
26 B 30ms
29ms XHR
text/html 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXaWCyjL2eRaiJxE9QtAU3hW5okEz_P0XfqZlsUCrbkOaNCYTw0rdVhS-kI0mAETE3tSIf-h-wQzB_ZPX1gPt7mRJxv_AHh4msPaQWUSyVg6s5GubTpGq1VrsZSDg-oa7_tQPX9TST4RsfSY1D7oIj1nWi4WZNtH3IlpiSOyzyEbwgb-6lR0MZ-6SUW?dmid=ce6e4246ef484a1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-GZDmZSG6r+2nRmw8Uf5WQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-GZDmZSG6r+2nRmw8Uf5WQA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://webfonts.ffonts.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-GZDmZSG6r+2nRmw8Uf5WQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-GZDmZSG6r+2nRmw8Uf5WQA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v117/ 116 KB
116 KB 30ms
15ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v117/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5d100945f5ec292fa9a3bf294212c7de3a425fb856dd4016d20a28110fce02d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://webfonts.ffonts.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 23:33:30 GMT
x-content-type-options: nosniff
age: 47908
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118576
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 23:08:33 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Nov 2022 23:33:30 GMT

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 26ms
12ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://webfonts.ffonts.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 13:52:02 GMT
x-content-type-options: nosniff
age: 428396
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 26 Nov 2022 13:52:02 GMT

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 21ms
8ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://webfonts.ffonts.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 21:26:28 GMT
x-content-type-options: nosniff
age: 141930
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 29 Nov 2022 21:26:28 GMT

GET
H2 204 um
cs.emxdgt.com/ Frame CBFB 0
0 94ms
14ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?ssp=pbs&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Demx_digital%26uid%3D%24UID
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

content-type: text/html
date: Wed, 01 Dec 2021 12:51:57 GMT
content-length: 0

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 7175 0
42 B 74ms
23ms Script
text/plain 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=99588431&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=1&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D1%26gdpr_consent%3D%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:57 GMT
content-length: 0

GET
H2 200 cookie
cm.adform.net/ Frame C05A 43 B
106 B 78ms
20ms Image
image/gif 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:58 GMT
server: nginx
content-length: 43
content-type: image/gif

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/ Frame C05A 0
239 B 35ms
9ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/sync.php?p=prebid
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

GET
H2 204 um
cs.emxdgt.com/ Frame EF20 0
0 9ms
8ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?ssp=pbs&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Demx_digital%26uid%3D%24UID
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

content-type: text/html
date: Wed, 01 Dec 2021 12:51:58 GMT
content-length: 0

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame CC2B 0
239 B 60ms
9ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=pbs-setupad
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Content-Type: image/gif

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame CC2B
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dOSjNMNVktNC1CSkg=

170 B
243 B

46ms
31ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dOSjNMNVktNC1CSkg=

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dOSjNMNVktNC1CSkg=
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame CC2B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEM1591093Wg1niQj4zf9Ex4&google_cver=1

0
239 B

15ms
9ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEM1591093Wg1niQj4zf9Ex4&google_cver=1
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEM1591093Wg1niQj4zf9Ex4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame CC2B
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/LGr3S06Nx-1eqyGahZPFPQ?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6233835538310646971

0
239 B

9ms
9ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6233835538310646971
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

Redirect headers

date: Wed, 01 Dec 2021 12:51:59 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6233835538310646971
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame CC2B
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=b45461a7-6fef-4e00-b674-68a921b00484

0
239 B

12ms
12ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=b45461a7-6fef-4e00-b674-68a921b00484
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

Redirect headers

Date: Wed, 01 Dec 2021 12:51:59 GMT
Server: MT3 4133 baa842e master zrh-pixel-x27 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=b45461a7-6fef-4e00-b674-68a921b00484
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 01 Dec 2021 12:51:58 GMT

GET
H2 503 btu4jd3a
sync-tm.everesttech.net/upi/pid/ Frame CC2B 0
177 B 39ms
8ms Image
text/plain 151.101.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:59 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1638363119.300195,VS0,VE0
x-cache: MISS
cache-control: no-cache
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-hhn4033-HHN

GET
H2 451 709414.gif
id.rlcdn.com/ Frame CC2B 0
0 34ms
15ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2

204

v1
ads.yahoo.com/cms/ Frame CC2B
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KWNJ3L5Y-4-BJH&sigv=1&esig=2~a6c591d377f0fb4b528000308b377d71edcdc506

0
445 B

76ms
21ms

Image
text/plain

2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KWNJ3L5Y-4-BJH&sigv=1&esig=2~a6c591d377f0fb4b528000308b377d71edcdc506

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:59 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KWNJ3L5Y-4-BJH&sigv=1&esig=2~a6c591d377f0fb4b528000308b377d71edcdc506
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame CC2B
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGM5ZWM4MDc1NjFhNzlhOTYxY2RiYTQ0NDMxZGE3NTIyNjkzMGJhOA

170 B
232 B

46ms
32ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGM5ZWM4MDc1NjFhNzlhOTYxY2RiYTQ0NDMxZGE3NTIyNjkzMGJhOA

Requested by

Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:51:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGM5ZWM4MDc1NjFhNzlhOTYxY2RiYTQ0NDMxZGE3NTIyNjkzMGJhOA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 displayAd.js Show response
s.tribalfusion.com/ Frame B7C6 677 B
663 B 266ms
217ms Script
application/x-javascript 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/displayAd.js?dver=0.9&th=8394563596
Requested by: Host: tags.expo9.exponential.com
URL: https://tags.expo9.exponential.com/tags/FFontsnet/ROS/tags.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5da4af1f69294fb9b6b2b70a753f6d6aa3c311e1f1d84234e91350cc32638adf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:59 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
p3p: CP="NOI DEVo TAIa OUR BUS"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 330
x-function: 153
last-modified: Wed, 11 Aug 2021 04:08:51 GMT
server: cloudflare
x-reuse-index: 658
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: private
cf-ray: 6b6c733a08a40e06-MXP
expires: Tue, 01 Mar 2022 12:51:59 GMT

GET
H2 200 displayAd.js Show response
s.tribalfusion.com/ Frame A02B 677 B
1015 B 200ms
200ms Script
application/x-javascript 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/displayAd.js?dver=0.9&th=8394563596
Requested by: Host: tags.expo9.exponential.com
URL: https://tags.expo9.exponential.com/tags/FFontsnet/ROS/tags.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd1578f8cd9e8c8ddb18eb65f3600674a596c5d38c2c15af7e9d273742d9f55d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:51:59 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
p3p: CP="NOI DEVo TAIa OUR BUS"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 330
x-function: 153
last-modified: Wed, 11 Aug 2021 04:08:51 GMT
server: cloudflare
x-reuse-index: 656
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: private
cf-ray: 6b6c733a08af0e06-MXP
expires: Tue, 01 Mar 2022 12:51:59 GMT

GET
H3 200 j.ad Show response
s.tribalfusion.com/ Frame A02B 8 KB
4 KB 242ms
201ms Script
application/x-javascript 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=8394563596&tagKey=3525434971&site=ffontsnet&adSpace=ros&center=1&env=display&size=728x90,468x60&busted=1&url=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&f=1&p=3042571&tKey=ajmneM2bJ5WbjDWmM3PEn23UQGSDTCdy&a=1&adContainerId=richmedia_2&rnd=3047230
Requested by: Host: tags.expo9.exponential.com
URL: https://tags.expo9.exponential.com/tags/FFontsnet/ROS/tags.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad429b6e062657e79045534c83d152b2ba993afda1fed76ec3df5130f36d17b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
p3p: CP="NOI DEVo TAIa OUR BUS"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3236
pragma: no-cache
x-function: 101
server: cloudflare
x-reuse-index: 2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: private, no-cache, no-store, proxy-revalidate
cf-ray: 6b6c733b9c8c59b3-MXP
expires: 0

GET
H3 200 j.ad Show response
s.tribalfusion.com/ Frame B7C6 3 KB
2 KB 248ms
221ms Script
application/x-javascript 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=8394563596&tagKey=3525434971&site=ffontsnet&adSpace=ros&center=1&env=display&size=300x600&busted=1&url=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&f=1&p=3042571&tKey=admneM1sromqbS3bYUVFbD1pMlSDT4kD&a=3&adContainerId=richmedia_4&rnd=3040767
Requested by: Host: tags.expo9.exponential.com
URL: https://tags.expo9.exponential.com/tags/FFontsnet/ROS/tags.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62d6e5e4044bdad9109082fa345eb4b27346485391c4d9c8f9f82c39515266fa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
p3p: CP="NOI DEVo TAIa OUR BUS"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1451
pragma: no-cache
x-function: 101
server: cloudflare
x-reuse-index: 20
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: private, no-cache, no-store, proxy-revalidate
cf-ray: 6b6c733b9c8f59b3-MXP
expires: 0

GET
H2 200 tf_adChoice11.js Show response
cdnx.tribalfusion.com/media/common/adChoice/ Frame A02B 4 KB
1 KB 69ms
58ms Script
application/x-javascript 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnx.tribalfusion.com/media/common/adChoice/tf_adChoice11.js
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9ebddedcebd351bb4e992c15921ef1378358eb1e02a8bae03d249506f2cd11a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 69125
p3p: CP="NOI DEVo TAIa OUR BUS"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-function: 301
last-modified: Mon, 22 Mar 2021 08:13:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public
cf-ray: 6b6c733ceec30e06-MXP
expires: Tue, 31 Dec 2030 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame A02B 2 KB
1 KB 125ms
32ms Script
application/javascript 2a02:26f0:12d:587::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=3758893&cmp=26685424&plc=318592136&sid=6596925&dvregion=0&unit=728x90
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=8394563596&tagKey=3525434971&site=ffontsnet&adSpace=ros&center=1&env=display&size=728x90,468x60&busted=1&url=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&f=1&p=3042571&tKey=ajmneM2bJ5WbjDWmM3PEn23UQGSDTCdy&a=1&adContainerId=richmedia_2&rnd=3047230
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:12d:587::4469 Berlin, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 44216edbcf372158d065f2c7062712c9c829648c355066e7cd14242843005d81

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 01 Dec 2021 12:52:00 GMT
Content-Encoding: gzip
Last-Modified: Wed, 17 Nov 2021 13:07:12 GMT
Server: Microsoft-IIS/10.0
ETag: "e066f48b4dbd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1168

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame B7C6 2 KB
1 KB 126ms
38ms Script
application/javascript 2a02:26f0:12d:587::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=3758893&cmp=26685469&plc=317717880&sid=6596925&dvregion=0&unit=300x600
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=8394563596&tagKey=3525434971&site=ffontsnet&adSpace=ros&center=1&env=display&size=300x600&busted=1&url=https%3A%2F%2Fwebfonts.ffonts.net%2FLato-Black.font&f=1&p=3042571&tKey=admneM1sromqbS3bYUVFbD1pMlSDT4kD&a=3&adContainerId=richmedia_4&rnd=3040767
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:12d:587::4469 Berlin, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 44216edbcf372158d065f2c7062712c9c829648c355066e7cd14242843005d81

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 01 Dec 2021 12:52:00 GMT
Content-Encoding: gzip
Last-Modified: Wed, 17 Nov 2021 13:07:12 GMT
Server: Microsoft-IIS/10.0
ETag: "e066f48b4dbd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1168

GET
H/1.1 200
OK dvbs_src_internal100.js Show response
cdn.doubleverify.com/ Frame A02B 56 KB
18 KB 33ms
32ms Script
application/javascript 2a02:26f0:12d:587::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal100.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=3758893&cmp=26685424&plc=318592136&sid=6596925&dvregion=0&unit=728x90
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:12d:587::4469 Berlin, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 49a070133915e05e9b7723d25d8f07b12dda78f7d89c5334176329b5dc8019a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 01 Dec 2021 12:52:00 GMT
Content-Encoding: gzip
Last-Modified: Wed, 17 Nov 2021 13:07:26 GMT
Server: Microsoft-IIS/10.0
ETag: "0fb3411b4dbd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18242

GET
H/1.1 200
OK dvbs_src_internal100.js Show response
cdn.doubleverify.com/ Frame B7C6 56 KB
18 KB 42ms
41ms Script
application/javascript 2a02:26f0:12d:587::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal100.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=3758893&cmp=26685469&plc=317717880&sid=6596925&dvregion=0&unit=300x600
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:12d:587::4469 Berlin, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 49a070133915e05e9b7723d25d8f07b12dda78f7d89c5334176329b5dc8019a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 01 Dec 2021 12:52:00 GMT
Content-Encoding: gzip
Last-Modified: Wed, 17 Nov 2021 13:07:26 GMT
Server: Microsoft-IIS/10.0
ETag: "0fb3411b4dbd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18242

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame A02B 1 KB
869 B 114ms
13ms Script
text/javascript 213.254.244.20
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_7547742966&jsTagObjCallback=__tagObject_callback_7547742966&num=6&ctx=3758893&cmp=26685424&plc=318592136&sid=6596925&advid=&adsrv=&unit=728x90&isdvvid=&uid=7547742966&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&brid=0&brver=&bridua=3&dup=null&chro=1&hist=2&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&srcurlD=0&ssl=1&refD=1&htmlmsging=1&m1=13&noc=12&fcifrms=13&brh=2&fwc=0&fcl=768&flt=13&fec=4905&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=148&eparams=DC4FC%3Dl9EEADTbpTauTauH637%40%3FED%5D77%40%3FED%5D%3F6ETau%7B2E%40%5Cq%3D24%3C%5D7%40%3FEU2%3F4r92%3A%3Fl9EEADTbpTauTauH637%40%3FED%5D77%40%3FED%5D%3F6ETar9EEADTbpTauTauH637%40%3FED%5D77%40%3FED%5D%3F6E&dvp_exetime=6.50&callbackName=__verify_callback_7547742966
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal100.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.20 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: 00ab9bc7845dcef30d800b11234646a87d954b217e13f4e835597b466e35eead

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
X-DV-Response: 1
Content-Encoding: gzip
Date: Wed, 01 Dec 2021 12:52:00 GMT
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 11/30/2021 12:52:00 PM

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame B7C6 1 KB
871 B 88ms
13ms Script
text/javascript 213.254.244.20
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_910859757288&jsTagObjCallback=__tagObject_callback_910859757288&num=6&ctx=3758893&cmp=26685469&plc=317717880&sid=6596925&advid=&adsrv=&unit=300x600&isdvvid=&uid=910859757288&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&brid=0&brver=&bridua=3&dup=null&chro=1&hist=2&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&srcurlD=0&ssl=1&refD=1&htmlmsging=1&m1=13&noc=12&fcifrms=13&brh=2&fwc=0&fcl=768&flt=13&fec=4905&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=148&eparams=DC4FC%3Dl9EEADTbpTauTauH637%40%3FED%5D77%40%3FED%5D%3F6ETau%7B2E%40%5Cq%3D24%3C%5D7%40%3FEU2%3F4r92%3A%3Fl9EEADTbpTauTauH637%40%3FED%5D77%40%3FED%5D%3F6ETar9EEADTbpTauTauH637%40%3FED%5D77%40%3FED%5D%3F6E&dvp_exetime=4.50&callbackName=__verify_callback_910859757288
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal100.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.20 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: c29c6d9039b1ba64c9b85ecf62e4636fd7bbfbb623162889aa9ebeeaa1a6ed71

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
X-DV-Response: 1
Content-Encoding: gzip
Date: Wed, 01 Dec 2021 12:52:00 GMT
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 11/30/2021 12:52:00 PM

POST
H/1.1 200
OK bsevent.gif
tps20521.doubleverify.com/ Frame A02B 807 B
1 KB 211ms
8ms Ping
image/gif 213.254.244.20
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20521.doubleverify.com/bsevent.gif?impid=917b760ab83345de80586188f67cc61e&vfdur=115&cbust=1638363120415846
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal100.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.20 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:52:00 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 860
Expires: 11/30/2021 12:52:00 PM

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame A085 640 B
893 B 812ms
811ms Document
text/html 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aImT09TTQaSTYZdSsbAQUmmPHndVcQS2rXxmtaqYqmu4dnBSVBF46JLpW6nTdB80bMi1FBf0aqqPrBHUFQSVdU0nFJsRb7M1qFN4aUh2aU2oTbIYUF6UdbQnmfKpGMwoWMK3TZbe3dAn46vZbprYLXcvVYGF51sJwpaFW5FU2VUnEUAMTPqb2ScYnQdFv1tZbuVmvp3GZbVYrQZcTAmp4PYbR6MK4WZbO0cbLMTAJoh7kqp&mediaDataID=2713736&mediaName=frame.html
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2165dd5e8f16091a3b892b2ef1eb372b18e251f6c5577e991c84071188e61ce

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 102
x-reuse-index: 1
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate
vary: Accept-Encoding
expires: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c733ead4459b3-MXP
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame F264 660 B
912 B 188ms
188ms Document
text/html 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aJmT09ScUsStZbM0W7tTmnw4sJ2YbMLUmTw4A39Q6bB4WYnXHrJnt2N4PvT5GM9Vc3lUsbeRPFxWtZbWUbjP3rArVErqTa3iSEBHRcQZbRrZatPHviVcY24bqunWqq0qqp2tnZaQVrF46vIpHXtVWjaXFv8YrYg1TEsPUrEWFQSVdJ3orZbxPbrp1EZbs4aYd4EURmE7IXFYgTd7UmmrInGrtmHfJ5EZb73GTrSpbMn3NpQa&mediaDataID=9148826&mediaName=frame.html
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d74321a8280c2e857b7b39f615995fefd377a8444793fd08df7a00764fc878d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 102
x-reuse-index: 102
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate
vary: Accept-Encoding
expires: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c733ead4659b3-MXP
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame F66A 705 B
937 B 177ms
177ms Document
text/html 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aKmT091E3t3TZbi4aY5nEnB1rjaUWjQnPQBnVnnpHnC5EYl5dEt5PvKmF3JXsvS1cQTXV7xnTvW5FZbVVU7ZcWPMYQqM2SVYOQHUt0HvtT6QM4sYUXUMKUPqm56Zb9R67K2HYy0HBJntiM4ABR3sQbTGY7WGMhS6rvWWvTWbjP3r2oUqnvVaJ8STvKSVbZbPUZavRWMiVcf25bysmWesXqyN4dbZdSGrZa4BjZaNTEHo5NVt8&mediaDataID=5436426&mediaName=frame.html
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dbb8d7fbb495f0a8d87cf9789a8b29cfd7f6cb4f8e78daf55a9e9652a0260d9f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 102
x-reuse-index: 50
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate
vary: Accept-Encoding
expires: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c733ead4959b3-MXP
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 3627 690 B
929 B 186ms
185ms Document
text/html 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aLmT09STYZcQVJLRberRWUbUVfU5b2nnWZaOXauu3dMESG7C26MZcotXmUdfcXUvc1UZb7XqitRbJEWFJYVdYWmbZbsQbjp1qQN5EUc5T73oTJG1rZbfTtjSnmUIms7nmHrJ3TY83dmt5PJJmUbZd0GUUYGU00cvumaJU5bvUTU7ZcWP74REMQQVZbmStYN1tnsWAQp2c3UYbBAUPmt46Q7P6fH4WZbOXWBAnVuvSS38n2UhJV&mediaDataID=8039566&mediaName=frame.html
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f07af7968c463a88883a027dd4f9e1fbbf53f5eca96f3c6905280f67c040464

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 102
x-reuse-index: 13
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate
vary: Accept-Encoding
expires: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c733ebd5259b3-MXP
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 7321 656 B
903 B 181ms
181ms Document
text/html 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=ammT092avYoTbD1bZb6UHjQoA3ZamGUmpHQJ3T3g2ter3AjIpbQZbXVfVXVM10sfvpTj25F3VVFnHUPf4PTrQQsQmPHZbuYHjwVAbn3GB00UvZbVmqw56Q8PABG3dZbqXW3AntIn5mBP5c3bUGJcUcBjRmUNUHFTTFZb15U6nUaMvVEJbSTYFScQZdRrZatRHMkWVQ54UyxnWuyYTqN2WvGQG7B2mJHmdXyTcr6TVrUmNYtFx&mediaDataID=6530936&mediaName=frame.html
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8dff814e9f10ab89597646428d659cfcaf8c6855b74094bfcafa98c72303826c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 102
x-reuse-index: 73
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate
vary: Accept-Encoding
expires: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c733ebd6a59b3-MXP
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame DE0B 623 B
864 B 796ms
796ms Document
text/html 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aomT09T6Mu4sY4XUUAVAXp2Pn6PAZbI3WrO0HQLmdEv36UW3cY9TsJ7VVFlR6UxWdQ5Wbb03b2nUabpVEYlQE3IRcJZdRFixRH7kVcbP2FTrodiOXqyM4tMCPsrH2mUHotZaOTHQ8XrY7XrYeXaIoRFYBUrB0WHv2oFjoRFbNYTFs3TZba4T75oTBDXb77WWJXmPrBmsjvpdrE3qQe3tap3AvGprbEXtZbQUUYjm7Aw67&mediaDataID=4056396&mediaName=frame.html
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 828a23f16d7d9f6f6f55e4a7dc110d9a6fb84691352b37dea3c79af62d8f3972

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 102
x-reuse-index: 1
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate
vary: Accept-Encoding
expires: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c733ebd6c59b3-MXP
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame B1D7 762 B
962 B 177ms
177ms Document
text/html 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=apmT09oTbD1rZb8WWfToPbIpGUtmWnE2Er73d6r4A7ZbprnK0V3SYsF01sBynafV5UQ4TUfEWA73RTj1Qs3MQdJu0H7rTPnn3cBWYbZbZaVmXq2PUeQP7A3HvM1dBLpdAo5mU05cj9Tsv8VGMfPPvMUHUQUUMY2UipUEQmTEYlQEBZdQVJCPFuqPHU8VcQQ2UTxmteOYEam3HvCQsfF4m3KmdXyVWQhXTZbbUcFXpZaSbfA&mediaDataID=6546596&mediaName=frame.html
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41c01a951020f48c542a32ff8122b4dccb0301a4eb6ed84f0cd1ad4c560fa8cf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 102
x-reuse-index: 30
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate
vary: Accept-Encoding
expires: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c733ebd6d59b3-MXP
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 3374 683 B
920 B 189ms
189ms Document
text/html 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aqmT09PHvdUVMU4bTmndZas0q2n3WjEQVZbZa46YZapdAtVWFb0r3dYFYl1TZamRUYEWUUQTdQ3mrQoRFMqYTUy5EJf5Tv5oafKXUUhTtMWoA3ZdpGvwptrF3Evk2Hmr3AbGnbnHXVfSYsrY1cvwpTFQ3rUPVbnHVmQ5RqYXSs3MQdUOYt7uVPbN4srVXbMZaUPXw4AQeQPnJ3tQo0d3JndIO36BY3sjgTWjc1U7YnnnW19&mediaDataID=6807466&mediaName=frame.html
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08697f1c683c2350eb289018dc53bb4d46d2a275c33776aeb3ccd174fd4560f9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 102
x-reuse-index: 5
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate
vary: Accept-Encoding
expires: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c733ebd7059b3-MXP
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 156E 645 B
898 B 195ms
195ms Document
text/html 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=armUCk4sY40UUZaTA6n5AM7R6FG3dBq1HvAntZav46YR3svaVsMaWsMkS6MOUWUTWrfR5rEoWqjmTEBbQEQFSGZbZdQF6qPtrkVVb35r6qodAn0qmp2dUDPs7E5AJZcmWeOUWYe0bYcYU7l1aqtRFFHWUUYWtr0orZbxQbJtYErr3TBh5aMQnafKYrU9WHbXmPfKpGUwpWQF5q3k2Wmq5mvJpFfJXs3QYVQ40cZbnpTv45UFWQbjrifnChg&mediaDataID=5578346&mediaName=frame.html
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 604037968a245c4f5fae53daeafe79375d8d32cb76d14c5a86ccdbe0b6c8cb34

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 102
x-reuse-index: 21
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate
vary: Accept-Encoding
expires: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c733ebd7259b3-MXP
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
DATA 200
OK truncated
/ Frame A02B 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f4a388a3234ae316bd3680065bda88e40313acea24aca92b566678614c31bc38

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame A02B 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c6ba1ea1e84a255cf232844f63136d171ffea36d2879db40577dd8176d044f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK bsevent.gif
tps20521.doubleverify.com/ Frame B7C6 807 B
1 KB 182ms
17ms Ping
image/gif 213.254.244.20
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20521.doubleverify.com/bsevent.gif?impid=0551581a258c43138fe8991b2f5267dd&vfdur=89&cbust=1638363120453560
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal100.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.20 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:52:00 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 860
Expires: 11/30/2021 12:52:00 PM

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame D4FF 828 B
990 B 180ms
180ms Document
text/html 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=axmT09Vmqn2PU8PmJD3tnsXWrDmHIM4PvY5cM7UcQcUcfiPAnxUtFQTFF33UZamUqvxTEQbQTBZaQGYIPbevRWM7VcMR2rmondqMYEey4dQBSGjZa5AUJpt6rUdQ60brkYFZb60qqqRrvCTrBXTtrXmUBtPrrtXqrt3afj2qnRmEMC1rZbfUtMUoA3ZbnVfspt3J3TQ72HyM46bLnFvZbXGMW1cFVXGvnnb3UQcYdmSiVek&mediaDataID=6719746&mediaName=frame.html
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e864724666bf19d335005e3762275d63007b3bf5c28fa1db71cc907edfd9e829

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 102
x-reuse-index: 6
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate
vary: Accept-Encoding
expires: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c733fe85a59b3-MXP
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame B02F 594 B
856 B 190ms
190ms Document
text/html 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aymT09oAnKpGvnpd7C3EYe5tEn3PBZcmF3EXVvQXc33XGjOpEZbW3FFPWrJDWmn3REnSSsUtQtUyYdnoVmrp2c3XYbUZcVAyp26ZbgQPMF4WvnXWYAndTN5AvP4Gj7VcUjWsf7RAFxUtrRTUM15b6tWTMrVqJcPanZcQcjLRbevRW7cUVM54r6sodAtYEXv2dQZdQVfZa5AFEpHEnTdZb8XbM91UY9XaqMRTjGYc3enuDWFy&mediaDataID=6347136&mediaName=frame.html
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7195ba0c91471ea5a058ab29fa3ada2217b616707a15ee64d965bf52492ed0e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 102
x-reuse-index: 112
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate
vary: Accept-Encoding
expires: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c733fe85e59b3-MXP
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame EF7E 582 B
850 B 191ms
191ms Document
text/html 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aMmT09odiq0qmw4trCSVvF2mvLmtioTHfhXrvbXUBeXa6pPrMEUFB5WHn0mFBoRU7y1T3s5TUj2qfXmEjIYbJaTtbUomvIpV7uptfG5Evl5teN4mjZcpFUIYsfQ1cYV0VjonEvW3FrSWbnFUA31Par3QGZbqPHbNYHFnTmrp2cB50UUDTAit2PMbQAFF4HvO0H3AmWPn4A3T5Gn9Tc36UcM8PPFoUV7VYG7hoZcZaXZc9&mediaDataID=7665496&mediaName=frame.html
Requested by: Host: webfonts.ffonts.net
URL: https://webfonts.ffonts.net/Lato-Black.font
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cabb9dedf77f277b8388b9533d5c21687f8f921b30ed6a5384b61aa31a3e8acd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 102
x-reuse-index: 14
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate
vary: Accept-Encoding
expires: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c733fe86259b3-MXP
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
DATA 200
OK truncated
/ Frame B7C6 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f4a388a3234ae316bd3680065bda88e40313acea24aca92b566678614c31bc38

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B7C6 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7242d775eca8d7869f6a61d0e7962ce3a5665fbd4ca11e5402807c6ce6a5617

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame F66A 13 KB
5 KB 93ms
69ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aKmT091E3t3TZbi4aY5nEnB1rjaUWjQnPQBnVnnpHnC5EYl5dEt5PvKmF3JXsvS1cQTXV7xnTvW5FZbVVU7ZcWPMYQqM2SVYOQHUt0HvtT6QM4sYUXUMKUPqm56Zb9R67K2HYy0HBJntiM4ABR3sQbTGY7WGMhS6rvWWvTWbjP3r2oUqnvVaJ8STvKSVbZbPUZavRWMiVcf25bysmWesXqyN4dbZdSGrZa4BjZaNTEHo5NVt8&mediaDataID=5436426&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://s.tribalfusion.com/
Origin: https://s.tribalfusion.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b6c73404a423140-FRA

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame B1D7 13 KB
5 KB 88ms
64ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=apmT09oTbD1rZb8WWfToPbIpGUtmWnE2Er73d6r4A7ZbprnK0V3SYsF01sBynafV5UQ4TUfEWA73RTj1Qs3MQdJu0H7rTPnn3cBWYbZbZaVmXq2PUeQP7A3HvM1dBLpdAo5mU05cj9Tsv8VGMfPPvMUHUQUUMY2UipUEQmTEYlQEBZdQVJCPFuqPHU8VcQQ2UTxmteOYEam3HvCQsfF4m3KmdXyVWQhXTZbbUcFXpZaSbfA&mediaDataID=6546596&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://s.tribalfusion.com/
Origin: https://s.tribalfusion.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b6c73405a483140-FRA

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame 7321 13 KB
5 KB 111ms
88ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=ammT092avYoTbD1bZb6UHjQoA3ZamGUmpHQJ3T3g2ter3AjIpbQZbXVfVXVM10sfvpTj25F3VVFnHUPf4PTrQQsQmPHZbuYHjwVAbn3GB00UvZbVmqw56Q8PABG3dZbqXW3AntIn5mBP5c3bUGJcUcBjRmUNUHFTTFZb15U6nUaMvVEJbSTYFScQZdRrZatRHMkWVQ54UyxnWuyYTqN2WvGQG7B2mJHmdXyTcr6TVrUmNYtFx&mediaDataID=6530936&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://s.tribalfusion.com/
Origin: https://s.tribalfusion.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b6c73405a513140-FRA

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame F264 13 KB
5 KB 94ms
71ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aJmT09ScUsStZbM0W7tTmnw4sJ2YbMLUmTw4A39Q6bB4WYnXHrJnt2N4PvT5GM9Vc3lUsbeRPFxWtZbWUbjP3rArVErqTa3iSEBHRcQZbRrZatPHviVcY24bqunWqq0qqp2tnZaQVrF46vIpHXtVWjaXFv8YrYg1TEsPUrEWFQSVdJ3orZbxPbrp1EZbs4aYd4EURmE7IXFYgTd7UmmrInGrtmHfJ5EZb73GTrSpbMn3NpQa&mediaDataID=9148826&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://s.tribalfusion.com/
Origin: https://s.tribalfusion.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b6c73404a473140-FRA

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame 3627 13 KB
5 KB 88ms
65ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aLmT09STYZcQVJLRberRWUbUVfU5b2nnWZaOXauu3dMESG7C26MZcotXmUdfcXUvc1UZb7XqitRbJEWFJYVdYWmbZbsQbjp1qQN5EUc5T73oTJG1rZbfTtjSnmUIms7nmHrJ3TY83dmt5PJJmUbZd0GUUYGU00cvumaJU5bvUTU7ZcWP74REMQQVZbmStYN1tnsWAQp2c3UYbBAUPmt46Q7P6fH4WZbOXWBAnVuvSS38n2UhJV&mediaDataID=8039566&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://s.tribalfusion.com/
Origin: https://s.tribalfusion.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b6c73405a4f3140-FRA

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame 3374 13 KB
5 KB 114ms
92ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aqmT09PHvdUVMU4bTmndZas0q2n3WjEQVZbZa46YZapdAtVWFb0r3dYFYl1TZamRUYEWUUQTdQ3mrQoRFMqYTUy5EJf5Tv5oafKXUUhTtMWoA3ZdpGvwptrF3Evk2Hmr3AbGnbnHXVfSYsrY1cvwpTFQ3rUPVbnHVmQ5RqYXSs3MQdUOYt7uVPbN4srVXbMZaUPXw4AQeQPnJ3tQo0d3JndIO36BY3sjgTWjc1U7YnnnW19&mediaDataID=6807466&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://s.tribalfusion.com/
Origin: https://s.tribalfusion.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b6c73405a4b3140-FRA

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame 156E 13 KB
5 KB 92ms
70ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=armUCk4sY40UUZaTA6n5AM7R6FG3dBq1HvAntZav46YR3svaVsMaWsMkS6MOUWUTWrfR5rEoWqjmTEBbQEQFSGZbZdQF6qPtrkVVb35r6qodAn0qmp2dUDPs7E5AJZcmWeOUWYe0bYcYU7l1aqtRFFHWUUYWtr0orZbxQbJtYErr3TBh5aMQnafKYrU9WHbXmPfKpGUwpWQF5q3k2Wmq5mvJpFfJXs3QYVQ40cZbnpTv45UFWQbjrifnChg&mediaDataID=5578346&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://s.tribalfusion.com/
Origin: https://s.tribalfusion.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b6c73404a453140-FRA

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame F66A
Redirect Chain

https://a.tribalfusion.com/i.match?p=b10&u=18072662301623784059&redirect=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D111756%26nid%3D3856%26put%3D%24TF_USER_ID_ENC%24%26expires%3D180
https://pixel.rubiconproject.com/tap.php?v=111756&nid=3856&put=18072662301623784059&expires=180

0
239 B

9ms
9ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=111756&nid=3856&put=18072662301623784059&expires=180
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aKmT091E3t3TZbi4aY5nEnB1rjaUWjQnPQBnVnnpHnC5EYl5dEt5PvKmF3JXsvS1cQTXV7xnTvW5FZbVVU7ZcWPMYQqM2SVYOQHUt0HvtT6QM4sYUXUMKUPqm56Zb9R67K2HYy0HBJntiM4ABR3sQbTGY7WGMhS6rvWWvTWbjP3r2oUqnvVaJ8STvKSVbZbPUZavRWMiVcf25bysmWesXqyN4dbZdSGrZa4BjZaNTEHo5NVt8&mediaDataID=5436426&mediaName=frame.html
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:00 GMT
cf-cache-status: DYNAMIC
x-function: 209
server: cloudflare
x-reuse-index: 5141
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6b6c73405e640e06-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://pixel.rubiconproject.com/tap.php?v=111756&nid=3856&put=18072662301623784059&expires=180
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame B1D7 43 B
131 B 25ms
19ms Image
image/gif 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=b9f5c7de-85f6-48cc-ba86-351b90373b6b&r=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db12%26redirect%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537141727%2526val%253D%2524TF_USER_ID_ENC%2524%26u%3D
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=apmT09oTbD1rZb8WWfToPbIpGUtmWnE2Er73d6r4A7ZbprnK0V3SYsF01sBynafV5UQ4TUfEWA73RTj1Qs3MQdJu0H7rTPnn3cBWYbZbZaVmXq2PUeQP7A3HvM1dBLpdAo5mU05cj9Tsv8VGMfPPvMUHUQUUMY2UipUEQmTEYlQEBZdQVJCPFuqPHU8VcQQ2UTxmteOYEam3HvCQsfF4m3KmdXyVWQhXTZbbUcFXpZaSbfA&mediaDataID=6546596&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

i.match
a.tribalfusion.com/ Frame 7321
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?cm_dsp_id=131&external_user_id=18072662301623784059&cb=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db20%26u%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db20%26u%3D&cm_dsp_id=131&external_user_id=18072662301623784059&C=1
https://a.tribalfusion.com/i.match?p=b20&u=Yadv8COuHfhFcq0TvqWBygAA

43 B
590 B

206ms
205ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b20&u=Yadv8COuHfhFcq0TvqWBygAA
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=ammT092avYoTbD1bZb6UHjQoA3ZamGUmpHQJ3T3g2ter3AjIpbQZbXVfVXVM10sfvpTj25F3VVFnHUPf4PTrQQsQmPHZbuYHjwVAbn3GB00UvZbVmqw56Q8PABG3dZbqXW3AntIn5mBP5c3bUGJcUcBjRmUNUHFTTFZb15U6nUaMvVEJbSTYFScQZdRrZatRHMkWVQ54UyxnWuyYTqN2WvGQG7B2mJHmdXyTcr6TVrUmNYtFx&mediaDataID=6530936&mediaName=frame.html
Protocol: H2
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:00 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6b6c734108070e06-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:52:00 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://a.tribalfusion.com/i.match?p=b20&u=Yadv8COuHfhFcq0TvqWBygAA
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 255
Expires: Wed, 01 Dec 2021 12:52:00 GMT

GET
H2

200

i.match
a.tribalfusion.com/ Frame F264
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=8731&uid=18072662301623784059&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db19%26u%3D$SPOTX_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=8731&uid=18072662301623784059&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db19%26u%3D$SPOTX_USER_ID&__user_check__=1&sync_id=79c09775-52a5-11e...
https://a.tribalfusion.com/i.match?p=b19&u=79c0970a-52a5-11ec-97b2-1384e0ef0206

43 B
566 B

197ms
197ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b19&u=79c0970a-52a5-11ec-97b2-1384e0ef0206
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aJmT09ScUsStZbM0W7tTmnw4sJ2YbMLUmTw4A39Q6bB4WYnXHrJnt2N4PvT5GM9Vc3lUsbeRPFxWtZbWUbjP3rArVErqTa3iSEBHRcQZbRrZatPHviVcY24bqunWqq0qqp2tnZaQVrF46vIpHXtVWjaXFv8YrYg1TEsPUrEWFQSVdJ3orZbxPbrp1EZbs4aYd4EURmE7IXFYgTd7UmmrInGrtmHfJ5EZb73GTrSpbMn3NpQa&mediaDataID=9148826&mediaName=frame.html
Protocol: H2
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:00 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6b6c7340efc70e06-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Wed, 01 Dec 2021 12:52:00 GMT
Server: nginx
Location: https://a.tribalfusion.com/i.match?p=b19&u=79c0970a-52a5-11ec-97b2-1384e0ef0206
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 84
Connection: keep-alive
Content-Length: 43

GET
H2

200

dspreply
public-prod-dspcookiematching.dmxleo.com/ Frame 3627
Redirect Chain

https://a.tribalfusion.com/i.match?p=b24&u=18072662301623784059&redirect=https%3A%2F%2Fpublic-prod-dspcookiematching.dmxleo.com%2Fdspreply%3FdspId%3D15%26dspUserId%3D%24TF_USER_ID_ENC%24
https://public-prod-dspcookiematching.dmxleo.com/dspreply?dspId=15&dspUserId=18072662301623784059
https://public-prod-dspcookiematching.dmxleo.com/dspreply?dspId=15&dspUserId=18072662301623784059&cookieRequired=true

0
115 B

52ms
52ms

Image
text/plain

188.65.124.38
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://public-prod-dspcookiematching.dmxleo.com/dspreply?dspId=15&dspUserId=18072662301623784059&cookieRequired=true

Requested by

Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aLmT09STYZcQVJLRberRWUbUVfU5b2nnWZaOXauu3dMESG7C26MZcotXmUdfcXUvc1UZb7XqitRbJEWFJYVdYWmbZbsQbjp1qQN5EUc5T73oTJG1rZbfTtjSnmUIms7nmHrJ3TY83dmt5PJJmUbZd0GUUYGU00cvumaJU5bvUTU7ZcWP74REMQQVZbmStYN1tnsWAQp2c3UYbBAUPmt46Q7P6fH4WZbOXWBAnVuvSS38n2UhJV&mediaDataID=8039566&mediaName=frame.html

Protocol

Server

188.65.124.38 L'Haÿ-les-Roses, France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),

Reverse DNS

icscale-01-pub-ix7.vip.dailymotion.com

Software

nginx/1.15.6 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-dm-lb-name: icscale-01-02
date: Wed, 01 Dec 2021 12:52:01 GMT
server: nginx/1.15.6
content-length: 0
strict-transport-security: max-age=15724800; includeSubDomains

Redirect headers

location: /dspreply?dspId=15&dspUserId=18072662301623784059&cookieRequired=true
date: Wed, 01 Dec 2021 12:52:00 GMT
server: nginx/1.15.6
content-length: 113
strict-transport-security: max-age=15724800; includeSubDomains
x-dm-lb-name: icscale-01-02
content-type: text/html; charset=utf-8

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 3374
Redirect Chain

https://a.tribalfusion.com/i.match?p=b22&u=18072662301623784059&redirect=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dexponential%26partner_uid%3D%24TF_USER_ID_ENC%24
https://beacon.krxd.net/usermatch.gif?partner=exponential&partner_uid=18072662301623784059

0
338 B

117ms
28ms

Image
text/plain

52.31.243.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=exponential&partner_uid=18072662301623784059
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aqmT09PHvdUVMU4bTmndZas0q2n3WjEQVZbZa46YZapdAtVWFb0r3dYFYl1TZamRUYEWUUQTdQ3mrQoRFMqYTUy5EJf5Tv5oafKXUUhTtMWoA3ZdpGvwptrF3Evk2Hmr3AbGnbnHXVfSYsrY1cvwpTFQ3rUPVbnHVmQ5RqYXSs3MQdUOYt7uVPbN4srVXbMZaUPXw4AQeQPnJ3tQo0d3JndIO36BY3sjgTWjc1U7YnnnW19&mediaDataID=6807466&mediaName=frame.html
Protocol: H2
Server: 52.31.243.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-243-184.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
cache-control: private, no-cache, no-store
x-request-time: D=34 t=1638363120
x-served-by: beacon-n003-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:00 GMT
cf-cache-status: DYNAMIC
x-function: 209
server: cloudflare
x-reuse-index: 759
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6b6c73405e5c0e06-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://beacon.krxd.net/usermatch.gif?partner=exponential&partner_uid=18072662301623784059
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

i.match
a.tribalfusion.com/ Frame 156E
Redirect Chain

https://dpm.demdex.net/ibs:dpid=22054&dpuuid=18072662301623784059&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db13%26u%3D%24%7BDD_UUID%7D
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22054&dpuuid=18072662301623784059&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db13%26u%3D%24%7BDD_UUID%7D
https://a.tribalfusion.com/i.match?p=b13&u=65676838459133964601478801428935479948

43 B
557 B

196ms
196ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b13&u=65676838459133964601478801428935479948
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=armUCk4sY40UUZaTA6n5AM7R6FG3dBq1HvAntZav46YR3svaVsMaWsMkS6MOUWUTWrfR5rEoWqjmTEBbQEQFSGZbZdQF6qPtrkVVb35r6qodAn0qmp2dUDPs7E5AJZcmWeOUWYe0bYcYU7l1aqtRFFHWUUYWtr0orZbxQbJtYErr3TBh5aMQnafKYrU9WHbXmPfKpGUwpWQF5q3k2Wmq5mvJpFfJXs3QYVQ40cZbnpTv45UFWQbjrifnChg&mediaDataID=5578346&mediaName=frame.html
Protocol: H2
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:01 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6b6c734168d80e06-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

DCS: dcs-prod-irl1-2-v020-005beffd3.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: cJ5Tt4o3RF8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://a.tribalfusion.com/i.match?p=b13&u=65676838459133964601478801428935479948
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

POST
H3 200 rum Show response
s.tribalfusion.com/cdn-cgi/ Frame B1D7 0
169 B 25ms
24ms XHR
text/plain 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.tribalfusion.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://s.tribalfusion.com/p.media?clickID=apmT09oTbD1rZb8WWfToPbIpGUtmWnE2Er73d6r4A7ZbprnK0V3SYsF01sBynafV5UQ4TUfEWA73RTj1Qs3MQdJu0H7rTPnn3cBWYbZbZaVmXq2PUeQP7A3HvM1dBLpdAo5mU05cj9Tsv8VGMfPPvMUHUQUUMY2UipUEQmTEYlQEBZdQVJCPFuqPHU8VcQQ2UTxmteOYEam3HvCQsfF4m3KmdXyVWQhXTZbbUcFXpZaSbfA&mediaDataID=6546596&mediaName=frame.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://s.tribalfusion.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b6c7340db4c59b3-MXP
vary: Origin

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame D4FF 13 KB
5 KB 63ms
63ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=axmT09Vmqn2PU8PmJD3tnsXWrDmHIM4PvY5cM7UcQcUcfiPAnxUtFQTFF33UZamUqvxTEQbQTBZaQGYIPbevRWM7VcMR2rmondqMYEey4dQBSGjZa5AUJpt6rUdQ60brkYFZb60qqqRrvCTrBXTtrXmUBtPrrtXqrt3afj2qnRmEMC1rZbfUtMUoA3ZbnVfspt3J3TQ72HyM46bLnFvZbXGMW1cFVXGvnnb3UQcYdmSiVek&mediaDataID=6719746&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://s.tribalfusion.com/
Origin: https://s.tribalfusion.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b6c73410c0f3140-FRA

GET
H3

200

i.match
a.tribalfusion.com/ Frame D4FF
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%253A//simage2.pubmatic.com/AdServer/Pug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%2526piggybackCookie%253D180726623016...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%253A//simage2.pubmatic.com/AdServer/Pug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%2526piggybackCookie%253D180726623016...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw&piggybackCookie=18072662301623784059&r=https%3A//a.tribalfusion.com/i.match%3Fp%3Db11%26u%3D%24%7BPUBMATIC_U...
https://a.tribalfusion.com/i.match?p=b11&u=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F

43 B
837 B

183ms
183ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b11&u=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=axmT09Vmqn2PU8PmJD3tnsXWrDmHIM4PvY5cM7UcQcUcfiPAnxUtFQTFF33UZamUqvxTEQbQTBZaQGYIPbevRWM7VcMR2rmondqMYEey4dQBSGjZa5AUJpt6rUdQ60brkYFZb60qqqRrvCTrBXTtrXmUBtPrrtXqrt3afj2qnRmEMC1rZbfUtMUoA3ZbnVfspt3J3TQ72HyM46bLnFvZbXGMW1cFVXGvnnb3UQcYdmSiVek&mediaDataID=6719746&mediaName=frame.html
Protocol: H3
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:01 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6b6c73425fe659b3-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://a.tribalfusion.com/i.match?p=b11&u=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F
date: Wed, 01 Dec 2021 12:52:00 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug007:0:1145
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame B02F 13 KB
5 KB 57ms
56ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aymT09oAnKpGvnpd7C3EYe5tEn3PBZcmF3EXVvQXc33XGjOpEZbW3FFPWrJDWmn3REnSSsUtQtUyYdnoVmrp2c3XYbUZcVAyp26ZbgQPMF4WvnXWYAndTN5AvP4Gj7VcUjWsf7RAFxUtrRTUM15b6tWTMrVqJcPanZcQcjLRbevRW7cUVM54r6sodAtYEXv2dQZdQVfZa5AFEpHEnTdZb8XbM91UY9XaqMRTjGYc3enuDWFy&mediaDataID=6347136&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://s.tribalfusion.com/
Origin: https://s.tribalfusion.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b6c73412c473140-FRA

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame EF7E 13 KB
5 KB 61ms
61ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aMmT09odiq0qmw4trCSVvF2mvLmtioTHfhXrvbXUBeXa6pPrMEUFB5WHn0mFBoRU7y1T3s5TUj2qfXmEjIYbJaTtbUomvIpV7uptfG5Evl5teN4mjZcpFUIYsfQ1cYV0VjonEvW3FrSWbnFUA31Par3QGZbqPHbNYHFnTmrp2cB50UUDTAit2PMbQAFF4HvO0H3AmWPn4A3T5Gn9Tc36UcM8PPFoUV7VYG7hoZcZaXZc9&mediaDataID=7665496&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://s.tribalfusion.com/
Origin: https://s.tribalfusion.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b6c73412c493140-FRA

GET
H3

200

i.match
a.tribalfusion.com/ Frame B02F
Redirect Chain

https://pixel.advertising.com/ups/57628/sync?uid=18072662301623784059&_origin=1&redir=true
https://pixel.advertising.com/ups/57628/sync?uid=18072662301623784059&_origin=1&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/57628/sync?uid=18072662301623784059&_origin=1&redir=true&apid=UP79e588cf-52a5-11ec-a81f-06c961e645ba
https://a.tribalfusion.com/i.match?p=b17&u=UP79e588cf-52a5-11ec-a81f-06c961e645ba

43 B
844 B

187ms
186ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b17&u=UP79e588cf-52a5-11ec-a81f-06c961e645ba
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aymT09oAnKpGvnpd7C3EYe5tEn3PBZcmF3EXVvQXc33XGjOpEZbW3FFPWrJDWmn3REnSSsUtQtUyYdnoVmrp2c3XYbUZcVAyp26ZbgQPMF4WvnXWYAndTN5AvP4Gj7VcUjWsf7RAFxUtrRTUM15b6tWTMrVqJcPanZcQcjLRbevRW7cUVM54r6sodAtYEXv2dQZdQVfZa5AFEpHEnTdZb8XbM91UY9XaqMRTjGYc3enuDWFy&mediaDataID=6347136&mediaName=frame.html
Protocol: H3
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:01 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6b6c7342a8b159b3-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://a.tribalfusion.com/i.match?p=b17&u=UP79e588cf-52a5-11ec-a81f-06c961e645ba
date: Wed, 01 Dec 2021 12:52:01 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

i.match
a.tribalfusion.com/ Frame EF7E
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212295768&_puid=18072662301623784059
https://a.tribalfusion.com/i.match?p=b23&u=164881103987000219656

43 B
863 B

197ms
197ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b23&u=164881103987000219656
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aMmT09odiq0qmw4trCSVvF2mvLmtioTHfhXrvbXUBeXa6pPrMEUFB5WHn0mFBoRU7y1T3s5TUj2qfXmEjIYbJaTtbUomvIpV7uptfG5Evl5teN4mjZcpFUIYsfQ1cYV0VjonEvW3FrSWbnFUA31Par3QGZbqPHbNYHFnTmrp2cB50UUDTAit2PMbQAFF4HvO0H3AmWPn4A3T5Gn9Tc36UcM8PPFoUV7VYG7hoZcZaXZc9&mediaDataID=7665496&mediaName=frame.html
Protocol: H3
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:01 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6b6c73425fe459b3-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:00 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://a.tribalfusion.com/i.match?p=b23&u=164881103987000219656
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

POST
H3 200 rum Show response
s.tribalfusion.com/cdn-cgi/ Frame F66A 0
169 B 21ms
21ms XHR
text/plain 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.tribalfusion.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://s.tribalfusion.com/p.media?clickID=aKmT091E3t3TZbi4aY5nEnB1rjaUWjQnPQBnVnnpHnC5EYl5dEt5PvKmF3JXsvS1cQTXV7xnTvW5FZbVVU7ZcWPMYQqM2SVYOQHUt0HvtT6QM4sYUXUMKUPqm56Zb9R67K2HYy0HBJntiM4ABR3sQbTGY7WGMhS6rvWWvTWbjP3r2oUqnvVaJ8STvKSVbZbPUZavRWMiVcf25bysmWesXqyN4dbZdSGrZa4BjZaNTEHo5NVt8&mediaDataID=5436426&mediaName=frame.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://s.tribalfusion.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b6c7341bdfd59b3-MXP
vary: Origin

POST
H3 200 rum Show response
s.tribalfusion.com/cdn-cgi/ Frame F264 0
169 B 21ms
20ms XHR
text/plain 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.tribalfusion.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://s.tribalfusion.com/p.media?clickID=aJmT09ScUsStZbM0W7tTmnw4sJ2YbMLUmTw4A39Q6bB4WYnXHrJnt2N4PvT5GM9Vc3lUsbeRPFxWtZbWUbjP3rArVErqTa3iSEBHRcQZbRrZatPHviVcY24bqunWqq0qqp2tnZaQVrF46vIpHXtVWjaXFv8YrYg1TEsPUrEWFQSVdJ3orZbxPbrp1EZbs4aYd4EURmE7IXFYgTd7UmmrInGrtmHfJ5EZb73GTrSpbMn3NpQa&mediaDataID=9148826&mediaName=frame.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Wed, 01 Dec 2021 12:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://s.tribalfusion.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b6c73422f6559b3-MXP
vary: Origin

POST
H3 200 rum Show response
s.tribalfusion.com/cdn-cgi/ Frame 7321 0
169 B 23ms
23ms XHR
text/plain 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.tribalfusion.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://s.tribalfusion.com/p.media?clickID=ammT092avYoTbD1bZb6UHjQoA3ZamGUmpHQJ3T3g2ter3AjIpbQZbXVfVXVM10sfvpTj25F3VVFnHUPf4PTrQQsQmPHZbuYHjwVAbn3GB00UvZbVmqw56Q8PABG3dZbqXW3AntIn5mBP5c3bUGJcUcBjRmUNUHFTTFZb15U6nUaMvVEJbSTYFScQZdRrZatRHMkWVQ54UyxnWuyYTqN2WvGQG7B2mJHmdXyTcr6TVrUmNYtFx&mediaDataID=6530936&mediaName=frame.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://s.tribalfusion.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b6c73425ff159b3-MXP
vary: Origin

POST
H3 200 rum Show response
s.tribalfusion.com/cdn-cgi/ Frame 3374 0
169 B 20ms
19ms XHR
text/plain 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.tribalfusion.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://s.tribalfusion.com/p.media?clickID=aqmT09PHvdUVMU4bTmndZas0q2n3WjEQVZbZa46YZapdAtVWFb0r3dYFYl1TZamRUYEWUUQTdQ3mrQoRFMqYTUy5EJf5Tv5oafKXUUhTtMWoA3ZdpGvwptrF3Evk2Hmr3AbGnbnHXVfSYsrY1cvwpTFQ3rUPVbnHVmQ5RqYXSs3MQdUOYt7uVPbN4srVXbMZaUPXw4AQeQPnJ3tQo0d3JndIO36BY3sjgTWjc1U7YnnnW19&mediaDataID=6807466&mediaName=frame.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://s.tribalfusion.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b6c73425ff659b3-MXP
vary: Origin

POST
H3 200 rum Show response
s.tribalfusion.com/cdn-cgi/ Frame 3627 0
168 B 25ms
25ms XHR
text/plain 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.tribalfusion.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://s.tribalfusion.com/p.media?clickID=aLmT09STYZcQVJLRberRWUbUVfU5b2nnWZaOXauu3dMESG7C26MZcotXmUdfcXUvc1UZb7XqitRbJEWFJYVdYWmbZbsQbjp1qQN5EUc5T73oTJG1rZbfTtjSnmUIms7nmHrJ3TY83dmt5PJJmUbZd0GUUYGU00cvumaJU5bvUTU7ZcWP74REMQQVZbmStYN1tnsWAQp2c3UYbBAUPmt46Q7P6fH4WZbOXWBAnVuvSS38n2UhJV&mediaDataID=8039566&mediaName=frame.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://s.tribalfusion.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b6c7342a8a659b3-MXP
vary: Origin

POST
H3 200 rum Show response
s.tribalfusion.com/cdn-cgi/ Frame 156E 0
168 B 34ms
34ms XHR
text/plain 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.tribalfusion.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://s.tribalfusion.com/p.media?clickID=armUCk4sY40UUZaTA6n5AM7R6FG3dBq1HvAntZav46YR3svaVsMaWsMkS6MOUWUTWrfR5rEoWqjmTEBbQEQFSGZbZdQF6qPtrkVVb35r6qodAn0qmp2dUDPs7E5AJZcmWeOUWYe0bYcYU7l1aqtRFFHWUUYWtr0orZbxQbJtYErr3TBh5aMQnafKYrU9WHbXmPfKpGUwpWQF5q3k2Wmq5mvJpFfJXs3QYVQ40cZbnpTv45UFWQbjrifnChg&mediaDataID=5578346&mediaName=frame.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://s.tribalfusion.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b6c7342a8ac59b3-MXP
vary: Origin

POST
H3 200 rum Show response
s.tribalfusion.com/cdn-cgi/ Frame D4FF 0
169 B 20ms
20ms XHR
text/plain 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.tribalfusion.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://s.tribalfusion.com/p.media?clickID=axmT09Vmqn2PU8PmJD3tnsXWrDmHIM4PvY5cM7UcQcUcfiPAnxUtFQTFF33UZamUqvxTEQbQTBZaQGYIPbevRWM7VcMR2rmondqMYEey4dQBSGjZa5AUJpt6rUdQ60brkYFZb60qqqRrvCTrBXTtrXmUBtPrrtXqrt3afj2qnRmEMC1rZbfUtMUoA3ZbnVfspt3J3TQ72HyM46bLnFvZbXGMW1cFVXGvnnb3UQcYdmSiVek&mediaDataID=6719746&mediaName=frame.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://s.tribalfusion.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b6c73437b2659b3-MXP
vary: Origin

POST
H3 200 rum Show response
s.tribalfusion.com/cdn-cgi/ Frame EF7E 0
169 B 23ms
22ms XHR
text/plain 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.tribalfusion.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://s.tribalfusion.com/p.media?clickID=aMmT09odiq0qmw4trCSVvF2mvLmtioTHfhXrvbXUBeXa6pPrMEUFB5WHn0mFBoRU7y1T3s5TUj2qfXmEjIYbJaTtbUomvIpV7uptfG5Evl5teN4mjZcpFUIYsfQ1cYV0VjonEvW3FrSWbnFUA31Par3QGZbqPHbNYHFnTmrp2cB50UUDTAit2PMbQAFF4HvO0H3AmWPn4A3T5Gn9Tc36UcM8PPFoUV7VYG7hoZcZaXZc9&mediaDataID=7665496&mediaName=frame.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://s.tribalfusion.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b6c73439b6959b3-MXP
vary: Origin

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame DE0B 13 KB
5 KB 47ms
46ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aomT09T6Mu4sY4XUUAVAXp2Pn6PAZbI3WrO0HQLmdEv36UW3cY9TsJ7VVFlR6UxWdQ5Wbb03b2nUabpVEYlQE3IRcJZdRFixRH7kVcbP2FTrodiOXqyM4tMCPsrH2mUHotZaOTHQ8XrY7XrYeXaIoRFYBUrB0WHv2oFjoRFbNYTFs3TZba4T75oTBDXb77WWJXmPrBmsjvpdrE3qQe3tap3AvGprbEXtZbQUUYjm7Aw67&mediaDataID=4056396&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://s.tribalfusion.com/
Origin: https://s.tribalfusion.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b6c7343c9823140-FRA

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame A085 13 KB
5 KB 77ms
77ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aImT09TTQaSTYZdSsbAQUmmPHndVcQS2rXxmtaqYqmu4dnBSVBF46JLpW6nTdB80bMi1FBf0aqqPrBHUFQSVdU0nFJsRb7M1qFN4aUh2aU2oTbIYUF6UdbQnmfKpGMwoWMK3TZbe3dAn46vZbprYLXcvVYGF51sJwpaFW5FU2VUnEUAMTPqb2ScYnQdFv1tZbuVmvp3GZbVYrQZcTAmp4PYbR6MK4WZbO0cbLMTAJoh7kqp&mediaDataID=2713736&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://s.tribalfusion.com/
Origin: https://s.tribalfusion.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b6c7343c9843140-FRA

GET
H3

200

i.match
a.tribalfusion.com/ Frame DE0B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=exp&google_cm&google_sc&google_ula=2786954&google_hm=18072662301623784059
https://a.tribalfusion.com/i.match?p=b6&u=adx&google_gid=CAESEMmPKficajz_n_sz7TcCGTw&google_cver=1&google_ula=2786954,0

43 B
866 B

200ms
200ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=adx&google_gid=CAESEMmPKficajz_n_sz7TcCGTw&google_cver=1&google_ula=2786954,0
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aomT09T6Mu4sY4XUUAVAXp2Pn6PAZbI3WrO0HQLmdEv36UW3cY9TsJ7VVFlR6UxWdQ5Wbb03b2nUabpVEYlQE3IRcJZdRFixRH7kVcbP2FTrodiOXqyM4tMCPsrH2mUHotZaOTHQ8XrY7XrYeXaIoRFYBUrB0WHv2oFjoRFbNYTFs3TZba4T75oTBDXb77WWJXmPrBmsjvpdrE3qQe3tap3AvGprbEXtZbQUUYjm7Aw67&mediaDataID=4056396&mediaName=frame.html
Protocol: H3
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:01 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6b6c73441cb259b3-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://a.tribalfusion.com/i.match?p=b6&u=adx&google_gid=CAESEMmPKficajz_n_sz7TcCGTw&google_cver=1&google_ula=2786954,0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 332
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

i.match
a.tribalfusion.com/ Frame A085
Redirect Chain

https://tags.bluekai.com/site/4229?id=18072662301623784059&redir=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db3%26u%3D%24_BK_UUID
https://a.tribalfusion.com/i.match?p=b3&u=$_BK_UUID

43 B
894 B

194ms
193ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b3&u=$_BK_UUID
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aImT09TTQaSTYZdSsbAQUmmPHndVcQS2rXxmtaqYqmu4dnBSVBF46JLpW6nTdB80bMi1FBf0aqqPrBHUFQSVdU0nFJsRb7M1qFN4aUh2aU2oTbIYUF6UdbQnmfKpGMwoWMK3TZbe3dAn46vZbprYLXcvVYGF51sJwpaFW5FU2VUnEUAMTPqb2ScYnQdFv1tZbuVmvp3GZbVYrQZcTAmp4PYbR6MK4WZbO0cbLMTAJoh7kqp&mediaDataID=2713736&mediaName=frame.html
Protocol: H3
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:01 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6b6c734558b559b3-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://a.tribalfusion.com/i.match?p=b3&u=$_BK_UUID
Date: Wed, 01 Dec 2021 12:52:01 GMT
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B7C6 0
0 44ms
43ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssZtBd1XoVh2QE9OursXXzrTF1TK9khxFKlwLgIVS8wdmnunGJ3Io4zT0XoQcS3vEJ-4pOO4DBy4GcPbiWQcRbXN1Nlwf-xV3oWtdAs8AZ3J-vLslcbLUk8dX8Hn79sBOBpDl8IHaI441IsHv-D2UmYjB1_Azb13UYjUKcB3O1h2hrjYkSsx5uiLonRJ2jWVlsKgT-sCarYq0Z333rU6fMbSz0Vrmmpgnjkxmc_0Sj5sOvAyGGJVHEoYTKLlbziDnx5IC_BczbVAueueAO8dQHOU_-dGq9ePU97LgEdYCkp9magZljAR_a-bHzbSvAlXVx6&sai=AMfl-YQ7yPOleCAc4JmMVxymdwFdbgcXt4nBFhtfna6tiFn8yxf_Nk050O2fszbsRBGFp0Lyjo1N6-AVFvt9u2Nree6SsNUoEysQ7ZNNzTqpzS-Fq-baE65T2RzGzahlmW4&sig=Cg0ArKJSzKjp2gfGGplKEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Dec 2021 12:52:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 01 Dec 2021 12:52:01 GMT

POST
H3 200 rum Show response
s.tribalfusion.com/cdn-cgi/ Frame B02F 0
169 B 20ms
19ms XHR
text/plain 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.tribalfusion.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://s.tribalfusion.com/p.media?clickID=aymT09oAnKpGvnpd7C3EYe5tEn3PBZcmF3EXVvQXc33XGjOpEZbW3FFPWrJDWmn3REnSSsUtQtUyYdnoVmrp2c3XYbUZcVAyp26ZbgQPMF4WvnXWYAndTN5AvP4Gj7VcUjWsf7RAFxUtrRTUM15b6tWTMrVqJcPanZcQcjLRbevRW7cUVM54r6sodAtYEXv2dQZdQVfZa5AFEpHEnTdZb8XbM91UY9XaqMRTjGYc3enuDWFy&mediaDataID=6347136&mediaName=frame.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://s.tribalfusion.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b6c7343dc2559b3-MXP
vary: Origin

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame C05A 83 KB
26 KB 63ms
27ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
last-modified: Thu, 11 Nov 2021 06:35:11 GMT
server: nginx
etag: W/"618cb99f-14b33"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 02 Dec 2021 12:52:01 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame C08C 83 KB
26 KB 58ms
32ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
last-modified: Thu, 11 Nov 2021 06:35:11 GMT
server: nginx
etag: W/"618cb99f-14b33"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 02 Dec 2021 12:52:01 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame DC76 83 KB
26 KB 33ms
33ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
last-modified: Thu, 11 Nov 2021 06:35:11 GMT
server: nginx
etag: W/"618cb99f-14b33"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 02 Dec 2021 12:52:01 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame C05A 83 KB
26 KB 72ms
37ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
last-modified: Thu, 11 Nov 2021 06:35:11 GMT
server: nginx
etag: W/"618cb99f-14b33"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 02 Dec 2021 12:52:01 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame C08C 83 KB
26 KB 60ms
28ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
last-modified: Thu, 11 Nov 2021 06:35:11 GMT
server: nginx
etag: W/"618cb99f-14b33"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 02 Dec 2021 12:52:01 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame DC76 83 KB
26 KB 54ms
25ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
last-modified: Thu, 11 Nov 2021 06:35:11 GMT
server: nginx
etag: W/"618cb99f-14b33"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 02 Dec 2021 12:52:01 GMT

POST
H3 200 rum Show response
s.tribalfusion.com/cdn-cgi/ Frame DE0B 0
169 B 23ms
23ms XHR
text/plain 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.tribalfusion.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://s.tribalfusion.com/p.media?clickID=aomT09T6Mu4sY4XUUAVAXp2Pn6PAZbI3WrO0HQLmdEv36UW3cY9TsJ7VVFlR6UxWdQ5Wbb03b2nUabpVEYlQE3IRcJZdRFixRH7kVcbP2FTrodiOXqyM4tMCPsrH2mUHotZaOTHQ8XrY7XrYeXaIoRFYBUrB0WHv2oFjoRFbNYTFs3TZba4T75oTBDXb77WWJXmPrBmsjvpdrE3qQe3tap3AvGprbEXtZbQUUYjm7Aw67&mediaDataID=4056396&mediaName=frame.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://s.tribalfusion.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b6c734568cc59b3-MXP
vary: Origin

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A02B 0
0 43ms
43ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstbQuHfGhmc4ke8k5Izph_UNvqaQDswsnzxh_AEfjIVfHlQGnoqXwLjoHWQqVo_KBjfCSrDhhJfJY688oZ4uMHKgGWpDBtnAyJ45TiIjXr-LHqG6HTE36EfzuZiVRgbkU8Z2eQBFVbVLMF_G92LeiBfVYlNnd7RbfynJRdwXp8UQnfIXzSICWryJSrEZCy7PpTYk9ZZ4LLJeKF-oonmdEou4-Jy0_lpReFTi8L5XfpstO3m8OmF8OdhqkHONopW1cX9INobouO_ycbjTspkPUWlALcbX6QqC7DtU1o2gpGdVzDwJLiCrSEx2-49&sai=AMfl-YQQV4y9ozxk6WEbhlaY3kxDXcXA7VWOGg-HrmN2DoWrMEFMsmhuTvf9pw2FnQBz6cFhDpFUD6cvEWt6hQ7R8wnYR9xdh8-FIPtgl9GjVwcDwmht4tcgJxRvlCyC3YU&sig=Cg0ArKJSzF3mP84raSkbEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Dec 2021 12:52:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 01 Dec 2021 12:52:01 GMT

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ffonts/ 1 KB
706 B 83ms
75ms Script
application/javascript 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ffonts/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-121.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 70ec89e8137c9fd96d7bfa8aa4f3ebbcdee95d30044720da68bb5a2a22691e06

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
etag: 350787662--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=36, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 531

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 88 B
248 B 184ms
162ms Script
application/javascript 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=61a76fedc5670a98&bkl=0&bl=1&pdt=185&sid=61a76fedc5670a98&pub=ffonts&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=webfonts.ffonts.net&fp=Lato-Black.font&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1638363121698&jsl=1&uvs=61a76fed13c6a3d0000&skipb=1&callback=addthis.cbs.jsonp__5989694119852240
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-121.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e4ac0e6114ea6497f1321cf4fc654cff359b165691355c1c5509d952c406e96e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:01 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 88
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame FEE1 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 5914 71 KB
26 KB 20ms
20ms Document
text/html 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-121.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Wed, 01 Dec 2021 12:52:01 GMT
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 35ms
20ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111801.js?31063845

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

116e714814c50dfe7179f6327b848f35173d0b24198a3417b7b86dee7247f5cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9177
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 61EF 291 B
590 B 21ms
21ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=webfonts.ffonts.net&gdpr=1&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

baf437304d79006a4f050b871807483c921e783a2a91808ad4b8f77802cde740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 355
date: Wed, 01 Dec 2021 12:52:01 GMT
content-length: 321

POST
H3 200 rum Show response
s.tribalfusion.com/cdn-cgi/ Frame A085 0
168 B 21ms
21ms XHR
text/plain 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.tribalfusion.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://s.tribalfusion.com/p.media?clickID=aImT09TTQaSTYZdSsbAQUmmPHndVcQS2rXxmtaqYqmu4dnBSVBF46JLpW6nTdB80bMi1FBf0aqqPrBHUFQSVdU0nFJsRb7M1qFN4aUh2aU2oTbIYUF6UdbQnmfKpGMwoWMK3TZbe3dAn46vZbprYLXcvVYGF51sJwpaFW5FU2VUnEUAMTPqb2ScYnQdFv1tZbuVmvp3GZbVYrQZcTAmp4PYbR6MK4WZbO0cbLMTAJoh7kqp&mediaDataID=2713736&mediaName=frame.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://s.tribalfusion.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b6c7346cc3159b3-MXP
vary: Origin

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 64ms
25ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111801.js?31063845

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 01 Dec 2021 12:52:01 GMT

GET
H2 200 layers.fa6cd1947ce26e890d3d.js Show response
s7.addthis.com/static/ 263 KB
76 KB 17ms
17ms Script
application/javascript 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-121.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-41cf5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Wed, 01 Dec 2021 12:52:01 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77617

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 9DAA 12 KB
5 KB 23ms
7ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Wed, 01 Dec 2021 12:47:08 GMT
expires: Thu, 01 Dec 2022 12:47:08 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 293
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 897D 783 B
1 KB 41ms
17ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fc32c9c6281027c4ea610f015b57b6448844f58f749bfe2af72d419c894fb4ee

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hd1jn0XURHd/1Ck46SiodA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 01 Dec 2021 12:52:01 GMT
date: Wed, 01 Dec 2021 12:52:01 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-hd1jn0XURHd/1Ck46SiodA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 9DAA 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 10:58:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6808
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 10:58:33 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 897D 0
0 43ms
43ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111801&jk=2991471355930297&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 48ms
48ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111801&jk=2991471355930297&bg=!Y2ClYCTNAAZQLpa_UC47ACkAdvg8WlguG9-u_jl7qnT2gSHtTp-iJ5IocCR6YR8Gvqqp1Y7jUnhqWAIAAABoUgAAAApoAQeZAoUfka-BZMfPrtrt6awwC6UKY4WkIkeyJrNbI-o4kvoioMucp1KNhwt__fJKbyB7PuQ7_b5t6PEp5KN48_ebJYpQPrAk6Vpx2O9RFlk_Y-5TQwxMYzbd6etnBGxeyk-Tpekrze0YkLyGKScaXwvt942_T2FqQpAbAKY2pP0WeV6y9tL_rWlDY57Pl5Gw7sCzei-82HRGkJ3bKxKXTzUD9vkXwCj1yCZexDjzWH_MuBxvxfVIhykLau3hlpliJB4uFo8Mo6skPRyNyBs82-TWk1A6zqxbj-7f7NCudNWobnfIEJgMQEVGIqU-NHKv9nFAGpiulEsfJ7SweO0kpC_fIr3-0KIPpgQwcE-WahOazeEWOJeLDz6eP3Xzo4Cfucj5mi8EnuR0ZLQf9v5F5tW2cgngPEt8TcxVCmc8roGCiP0EbYrgCvcTsagKBnU7i6k0X4mPe4wJ2Nm10oT-QvNsCcLfgWq7IRR6pyNgbpM5S9m8fxT_oeeec3-eC_4pZfwpgGU1ul21G8kabD9evBMiLZJSIlvNhOUi0bKuR8TQw0mVrDUh8bUp-al72MONo3PG4yyaaLX3sp-jM15pJoAQTLn5IQqU6JuBlTvIETBUSv8Sq4Ovxouu3vTRsMJ1vW3QNNmmIE84VXLvEKlBhTqW1X6BvCJqSmwfj0ndMrwG_Xt0qxH2aLSQTJSXM5WlunS6EsKR3VI-FEpLsgEe7bl8JhXsOiGrdYqIfukBXtlXbhvqVrQSuDBp9iKasUkTBgGu6eXWEbBsKdO9BuxpZ-KVe3Ly4Z_MYNZMlQNVCv2nnLaU4FO7QVhRr3lP69P32T6VT29vIGm2E47M5Sldty_G_PjboWXy6vw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad_choices_i_UR.png
cdnx.tribalfusion.com/media/common//adChoice/icon/ Frame A02B 513 B
898 B 30ms
30ms Image
image/png 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnx.tribalfusion.com/media/common//adChoice/icon/ad_choices_i_UR.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1afa262e624f1634b15d619047f0addeb94a4f964711ae7d89997559ab75e77f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:02 GMT
cf-cache-status: HIT
age: 10044
p3p: CP="NOI DEVo TAIa OUR BUS"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 513
x-function: 301
last-modified: Mon, 22 Mar 2021 08:13:56 GMT
server: cloudflare
etag: 1616400836
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png; charset=utf-8
access-control-allow-origin: *
cache-control: public
accept-ranges: bytes
cf-ray: 6b6c7349ccf359b3-MXP
expires: Tue, 31 Dec 2030 00:00:00 GMT

GET
H3 200 ad_choices_UR.png
cdnx.tribalfusion.com/media/common//adChoice/icon/ Frame A02B 2 KB
2 KB 28ms
28ms Image
image/png 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnx.tribalfusion.com/media/common//adChoice/icon/ad_choices_UR.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69f04517e8026c40b59c45b86cce990587bd1480ed65a966767c49f3afb9683b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:02 GMT
cf-cache-status: HIT
age: 57602
p3p: CP="NOI DEVo TAIa OUR BUS"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1608
x-function: 301
last-modified: Mon, 22 Mar 2021 08:13:56 GMT
server: cloudflare
etag: 1616400836
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png; charset=utf-8
access-control-allow-origin: *
cache-control: public
accept-ranges: bytes
cf-ray: 6b6c7349ccf559b3-MXP
expires: Tue, 31 Dec 2030 00:00:00 GMT

POST
H/1.1 200
OK bsevent.gif
tps20521.doubleverify.com/ Frame A02B 807 B
1 KB 10ms
9ms Ping
image/gif 213.254.244.20
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20521.doubleverify.com/bsevent.gif?impid=917b760ab83345de80586188f67cc61e&pltfrm=Linux%20x86_64&cbust=1638363122416516
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal100.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.20 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:52:02 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 860
Expires: 11/30/2021 12:52:02 PM

POST
H/1.1 200
OK bsevent.gif
tps20521.doubleverify.com/ Frame B7C6 807 B
1 KB 9ms
8ms Ping
image/gif 213.254.244.20
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20521.doubleverify.com/bsevent.gif?impid=0551581a258c43138fe8991b2f5267dd&pltfrm=Linux%20x86_64&cbust=1638363122453637
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal100.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.20 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://webfonts.ffonts.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:52:02 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://webfonts.ffonts.net
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 860
Expires: 11/30/2021 12:52:02 PM

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame A33F 0
91 B 25ms
18ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/16.221.0
date: Wed, 01 Dec 2021 12:52:02 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 67EC 281 B
554 B 7ms
7ms Document
text/html 23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 26 Oct 2021 17:01:05 GMT
ETag: "40334-119-5cf446c48f640"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 01 Dec 2021 12:52:02 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 9CAF 52 KB
17 KB 38ms
7ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Sun, 28 Nov 2021 05:36:04 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 01 Dec 2021 12:52:02 GMT
Age: 29274
X-Served-By: cache-lga21976-LGA, cache-hhn4059-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 526022
X-Timer: S1638363123.998232,VS0,VE0
Vary: Accept-Encoding

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame CDCC 0
0 47ms
37ms Document
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:02 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin
access-control-allow-methods: GET, HEAD, POST, OPTIONS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 6b6c734eadf735c5-MAN

GET
H/1.1 200
OK check.html Show response
biddr.brealtime.com/ Frame 4DD5 926 B
1 KB 109ms
34ms Document
text/html 104.17.120.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Date: Wed, 01 Dec 2021 12:52:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: GxiHK5l/EuT6bODQVaJB/YwRSmhFLUSLRx+ap6EXsHOGoQSZel++0whkOZoRoGKBGOYM6OIIcwA=
x-amz-request-id: 29MRDBPWGB3DWFXN
Last-Modified: Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status: HIT
Age: 5783
Expires: Wed, 01 Dec 2021 12:53:03 GMT
Cache-Control: public, max-age=60
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6b6c734f180a3613-MAN
Content-Encoding: gzip

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame B55A 38 KB
14 KB 57ms
57ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

last-modified: Tue, 19 Oct 2021 10:00:01 GMT
etag: "1302647-96ae-5ceb1b98ba7c4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13882
content-type: text/html; charset=UTF-8
cache-control: public, max-age=23261
expires: Wed, 01 Dec 2021 19:19:44 GMT
date: Wed, 01 Dec 2021 12:52:03 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame A03F 2 KB
1 KB 80ms
25ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Wed, 01 Dec 2021 12:52:03 GMT
Connection: keep-alive

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 67EC 32 KB
10 KB 10ms
10ms Script
text/html 23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 65445aacbafe7ae9e7c21a38e05b09e0b8af45eb6c11e4bd0a4816d836d016ca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 01 Dec 2021 12:52:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Nov 2021 00:01:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=73381
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9511
Expires: Thu, 02 Dec 2021 09:15:03 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 66F2 281 B
554 B 8ms
7ms Document
text/html 23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 26 Oct 2021 17:01:05 GMT
ETag: "40334-119-5cf446c48f640"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 01 Dec 2021 12:52:03 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3 200 pd Show response
u.openx.net/w/1.0/ Frame B39E 0
35 B 30ms
19ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/16.221.0
date: Wed, 01 Dec 2021 12:52:03 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 1AE3 0
0 58ms
20ms Document
text/plain 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13401985
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Server: nginx
Date: Wed, 01 Dec 2021 12:52:03 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap3ams1

GET
H/1.1 200
OK check.html Show response
biddr.brealtime.com/ Frame 9F01 926 B
1 KB 100ms
42ms Document
text/html 104.17.120.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Date: Wed, 01 Dec 2021 12:52:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: UnQtnzFfm8+OaONA3VQI1OBBpR4kJGlEA/jE6+QrO8UpdFSdbo9AaBScCMkCgDcVww+/kCwHwo0=
x-amz-request-id: 5KT2J7P6RJW7Y85Z
Last-Modified: Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status: HIT
Age: 5718
Expires: Wed, 01 Dec 2021 12:53:03 GMT
Cache-Control: public, max-age=60
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6b6c734f3e79d208-MAN
Content-Encoding: gzip

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 21E0 38 KB
14 KB 43ms
42ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

last-modified: Tue, 19 Oct 2021 10:00:01 GMT
etag: "1302647-96ae-5ceb1b98ba7c4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13882
content-type: text/html; charset=UTF-8
cache-control: public, max-age=23261
expires: Wed, 01 Dec 2021 19:19:44 GMT
date: Wed, 01 Dec 2021 12:52:03 GMT
vary: Accept-Encoding

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame 5960 0
0 40ms
40ms Document
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:03 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin
access-control-allow-methods: GET, HEAD, POST, OPTIONS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 6b6c734ede3835c5-MAN

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 3750 52 KB
17 KB 9ms
9ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Sun, 28 Nov 2021 05:36:04 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 01 Dec 2021 12:52:03 GMT
Age: 29274
X-Served-By: cache-lga21976-LGA, cache-hhn4059-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 526023
X-Timer: S1638363123.011004,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 54C7 2 KB
1 KB 72ms
30ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Wed, 01 Dec 2021 12:52:03 GMT
Connection: keep-alive

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame 9123 0
0 32ms
31ms Document
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

date: Wed, 01 Dec 2021 12:52:03 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin
access-control-allow-methods: GET, HEAD, POST, OPTIONS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 6b6c734efe5735c5-MAN

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 03C8 281 B
554 B 8ms
7ms Document
text/html 23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 26 Oct 2021 17:01:05 GMT
ETag: "40334-119-5cf446c48f640"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 01 Dec 2021 12:52:03 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 4F59 2 KB
1 KB 58ms
25ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Wed, 01 Dec 2021 12:52:03 GMT
Connection: keep-alive

GET
H/1.1 200
OK check.html Show response
biddr.brealtime.com/ Frame 3D62 926 B
1 KB 81ms
32ms Document
text/html 104.17.120.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Date: Wed, 01 Dec 2021 12:52:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: GxiHK5l/EuT6bODQVaJB/YwRSmhFLUSLRx+ap6EXsHOGoQSZel++0whkOZoRoGKBGOYM6OIIcwA=
x-amz-request-id: 29MRDBPWGB3DWFXN
Last-Modified: Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status: HIT
Age: 5783
Expires: Wed, 01 Dec 2021 12:53:03 GMT
Cache-Control: public, max-age=60
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6b6c734f48453613-MAN
Content-Encoding: gzip

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 779A 38 KB
14 KB 47ms
47ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

last-modified: Tue, 19 Oct 2021 10:00:01 GMT
etag: "1302647-96ae-5ceb1b98ba7c4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13882
content-type: text/html; charset=UTF-8
cache-control: public, max-age=23261
expires: Wed, 01 Dec 2021 19:19:44 GMT
date: Wed, 01 Dec 2021 12:52:03 GMT
vary: Accept-Encoding

GET
H3 200 pd Show response
u.openx.net/w/1.0/ Frame 0F20 0
35 B 16ms
16ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/16.221.0
date: Wed, 01 Dec 2021 12:52:03 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 9B6E 52 KB
17 KB 32ms
32ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd201221.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://webfonts.ffonts.net/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Sun, 28 Nov 2021 05:36:04 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 01 Dec 2021 12:52:03 GMT
Age: 29274
X-Served-By: cache-lga21976-LGA, cache-hhn4059-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 526024
X-Timer: S1638363123.058649,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 66F2 32 KB
10 KB 9ms
9ms Script
text/html 23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 65445aacbafe7ae9e7c21a38e05b09e0b8af45eb6c11e4bd0a4816d836d016ca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 01 Dec 2021 12:52:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Nov 2021 00:01:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=73380
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9511
Expires: Thu, 02 Dec 2021 09:15:03 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 9CAF 0
733 B 8ms
7ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:52:03 GMT
X-Proxy-Origin: 185.232.23.178; 185.232.23.178; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: bb6712e0-de92-49be-83f7-556e870c4d2d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 03C8 32 KB
10 KB 10ms
9ms Script
text/html 23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 65445aacbafe7ae9e7c21a38e05b09e0b8af45eb6c11e4bd0a4816d836d016ca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 01 Dec 2021 12:52:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Nov 2021 00:01:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=73380
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9511
Expires: Thu, 02 Dec 2021 09:15:03 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame B55A 5 KB
6 KB 20ms
20ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=4469090&p=156191&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: c34475285d3f4c68d1f36f7922fb7f37f5225b9b0e2f81fa8f9af134e49ad942

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:03 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 3750 0
733 B 8ms
7ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:52:03 GMT
X-Proxy-Origin: 185.232.23.178; 185.232.23.178; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 139f2fe4-4a7e-48bb-84ea-e0280a695c5c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usermatch
ssum-sec.casalemedia.com/ Frame A7EC 54 B
326 B 72ms
30ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=undefined&d=https://webfonts.ffonts.net/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Vary: Is-Traffic-Usersync
Content-Length: 54
Expires: Wed, 01 Dec 2021 12:52:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 01 Dec 2021 12:52:03 GMT
Connection: keep-alive

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame 2CA1
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F

35 B
467 B

21ms
21ms

Document
image/gif

37.157.4.24
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 01 Dec 2021 12:52:03 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Wed, 01 Dec 2021 12:52:03 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET

Pug
image2.pubmatic.com/AdServer/ Frame A8DB
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1418811660511071063

0
0

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 80E8 43 B
334 B 50ms
14ms Document
image/gif 178.250.2.151

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 -, , ASN (),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Wed, 01 Dec 2021 12:52:02 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Wed, 01 Dec 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 637266

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame AB87
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7036716032266205336

42 B
383 B

19ms
18ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7036716032266205336
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 01 Dec 2021 12:52:03 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: lhrpug015:0:606
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Wed, 01 Dec 2021 12:52:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7036716032266205336

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame FBA4
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yadv8wAIraNalABR&gdpr=0&gdpr_consent=&_test=Yadv8wAIraNalABR

1 B
234 B

19ms
19ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yadv8wAIraNalABR&gdpr=0&gdpr_consent=&_test=Yadv8wAIraNalABR
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 01 Dec 2021 12:52:03 GMT
content-type: text/html; charset=utf-8
content-length: 1
x-lat: lhrpug021:0:613
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: Varnish
retry-after: 0
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yadv8wAIraNalABR&gdpr=0&gdpr_consent=&_test=Yadv8wAIraNalABR
accept-ranges: bytes
date: Wed, 01 Dec 2021 12:52:03 GMT
via: 1.1 varnish
x-served-by: cache-hhn4033-HHN
x-cache: HIT
x-cache-hits: 0
x-timer: S1638363123.471790,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET pm&gdpr=0&gdpr_consent=
match.prod.bidr.io/cookie-sync/ Frame E693 0
0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame EE13
Redirect Chain

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

0
108 B

21ms
17ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 01 Dec 2021 12:52:03 GMT
content-type: text/html; charset=utf-8
x-lat: lhrpug003:2:344
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length: 0
date: Wed, 01 Dec 2021 12:52:03 GMT
server: _

GET

generic
match.adsrvr.org/track/cmb/ Frame 5E64
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2685852313
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2685852313

0
0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame EADE
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=2sXqZUHqavNmNYqu2BayX6ME

42 B
525 B

33ms
13ms

Document
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=2sXqZUHqavNmNYqu2BayX6ME
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 01 Dec 2021 12:52:02 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: amspug016:0:309
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: openresty
date: Wed, 01 Dec 2021 12:52:03 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=2sXqZUHqavNmNYqu2BayX6ME
strict-transport-security: max-age=0; includeSubDomains;

GET
H2 404 dpe
ad4m.at/ad/ Frame B775 15 B
915 B 144ms
88ms Document
text/plain 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Wed, 01 Dec 2021 12:52:03 GMT
content-type: text/plain; charset=utf-8
content-length: 15
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c7350f9a35a0d-MXP

GET cookiesync
core.iprom.net/ Frame 72C2 0
0

GET
H/1.1 200
OK bridge
cm.adgrx.com/ Frame 39EC 43 B
408 B 226ms
29ms Document
image/gif 72.251.245.181

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.245.181 -, , ASN (),
Reverse DNS
Software: Cowboy /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

Date: Wed, 01 Dec 2021 12:52:03 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-8
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET

rtb-h
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 0181
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=444378f5-313e-4e98-911d-0410ef28a266-tuct8a0f573&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
0

GET
H3 200 i.match
a.tribalfusion.com/ Frame 7978 43 B
949 B 181ms
180ms Document
image/gif 2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Wed, 01 Dec 2021 12:52:03 GMT
content-type: image/gif; charset=utf-8
content-length: 43
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b6c7350a96a59b3-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame B55A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=S4xn-p5xSgO22f75NtBPjw%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

14 KB
14 KB

25ms
25ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:03 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:03 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3945-5c4c7cc02bd56"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=37250
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5054
expires: Wed, 01 Dec 2021 23:12:53 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame B55A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b45461a7-6fef-4e00-b674-68a921b00484

0
260 B

190ms
19ms

Image
text/plain

185.64.190.81

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b45461a7-6fef-4e00-b674-68a921b00484
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Server: 185.64.190.81 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 01 Dec 2021 12:52:03 GMT
Server: MT3 4133 baa842e master zrh-pixel-x31 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b45461a7-6fef-4e00-b674-68a921b00484
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 01 Dec 2021 12:52:02 GMT

GET /
pixel.onaudience.com/ Frame B55A 0
0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame B55A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEI4QzY3RkEtOUU3MS00QTAzLUI2RDktRkVGOTM2RDA0RjhG&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
110 B

177ms
15ms

Image
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:02 GMT
cache-control: no-store, no-cache, private
x-lat: amspug015:0:557
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame B55A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEH-yAY6KitMpUNTjZKFMlWE&google_cver=1

42 B
383 B

176ms
14ms

Image
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEH-yAY6KitMpUNTjZKFMlWE&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:02 GMT
cache-control: no-store, no-cache, private
x-lat: amspug020:0:596
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEH-yAY6KitMpUNTjZKFMlWE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame B55A 43 B
616 B 214ms
20ms Image
image/gif 169.50.137.182

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.182 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:03 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Tue, 30 Nov 2021 12:52:03 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame B55A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:b45461a7-6fef-4e00-b674-68a921b00484&gdpr=0&gdpr_consent=

42 B
341 B

19ms
18ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:b45461a7-6fef-4e00-b674-68a921b00484&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug019:0:469
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 01 Dec 2021 12:52:03 GMT
Server: MT3 4133 baa842e master zrh-pixel-x7 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:b45461a7-6fef-4e00-b674-68a921b00484&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 01 Dec 2021 12:52:02 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame B55A
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7456456566637907742

42 B
234 B

19ms
19ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7456456566637907742
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug013:0:624
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:03 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7456456566637907742
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET

generic
match.adsrvr.org/track/cmb/ Frame B55A
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=

0
0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame B55A
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3604086807526404106&gdpr=0&gdpr_consent=

42 B
364 B

174ms
14ms

Image
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3604086807526404106&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:03 GMT
cache-control: no-store, no-cache, private
x-lat: amspug014:0:431
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:52:03 GMT
X-Proxy-Origin: 185.232.23.178; 185.232.23.178; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 34112a55-5c3f-4196-a977-382c04d8446d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3604086807526404106&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame B55A
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=hy3RwYd61sWcKYSTiH6dxocr1ZCcJYDOhSpv5vkM

42 B
488 B

148ms
14ms

Image
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=hy3RwYd61sWcKYSTiH6dxocr1ZCcJYDOhSpv5vkM
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:01 GMT
cache-control: no-store, no-cache, private
x-lat: amspug002:0:533
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:03 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=hy3RwYd61sWcKYSTiH6dxocr1ZCcJYDOhSpv5vkM
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame B55A 43 B
874 B 41ms
39ms Image
image/gif 2a05:d018:d29:3602:73b0:42cb:776e:1ea4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3602:73b0:42cb:776e:1ea4 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:03 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET

SPug
image4.pubmatic.com/AdServer/ Frame B55A
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-xJYZTftE2uVdcuSVz1F9ddVne0CubnY-~A&gdpr=0&gdpr_consent=

0
0

GET

sync
rtb.mfadsrvr.com/ Frame B55A
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_user_id=0b21188b-9ce2-42e1-a25e-5d5d038195e3

0
0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame B55A
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3500546326807151105&gdpr=0&gdpr_consent=&us_privacy=

1 B
168 B

19ms
19ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3500546326807151105&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug014:0:444
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3500546326807151105&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Wed, 01 Dec 2021 12:52:02 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame B55A 0
104 B 139ms
16ms Image
text/plain 2a02:fa8:8806:20::2010

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:03 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame B55A
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

42 B
303 B

14ms
13ms

Image
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:52:02 GMT
cache-control: no-store, no-cache, private
x-lat: amspug009:0:646
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 01 Dec 2021 12:52:02 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET pubmaticmatch
match.adsby.bidtheatre.com/ Frame B55A 0
0

GET apn
ads.playground.xyz/usersync/ Frame B55A 0
0

GET d1ba4609
rtb.gumgum.com/getuid/ Frame B55A 0
0

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 9B6E 0
733 B 7ms
7ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Dec 2021 12:52:03 GMT
X-Proxy-Origin: 185.232.23.178; 185.232.23.178; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: b5676658-375d-49c5-b27a-127d31003817
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usermatch
ssum-sec.casalemedia.com/ Frame FFC7 54 B
326 B 64ms
25ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=undefined&d=https://webfonts.ffonts.net/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Vary: Is-Traffic-Usersync
Content-Length: 54
Expires: Wed, 01 Dec 2021 12:52:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 01 Dec 2021 12:52:03 GMT
Connection: keep-alive

GET
H/1.1 200
OK usermatch
ssum-sec.casalemedia.com/ Frame 0081 54 B
326 B 74ms
36ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=undefined&d=https://webfonts.ffonts.net/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Vary: Is-Traffic-Usersync
Content-Length: 54
Expires: Wed, 01 Dec 2021 12:52:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 01 Dec 2021 12:52:03 GMT
Connection: keep-alive

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Domain: image2.pubmatic.com
URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1418811660511071063

Domain: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=

Domain: match.adsrvr.org
URL: https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2685852313

Domain: core.iprom.net
URL: https://core.iprom.net/cookiesync

Domain: match.taboola.com
URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=444378f5-313e-4e98-911d-0410ef28a266-tuct8a0f573&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Domain: pixel.onaudience.com
URL: https://pixel.onaudience.com/?partner=214&mapped=4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F

Domain: match.adsrvr.org
URL: https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=

Domain: image4.pubmatic.com
URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-xJYZTftE2uVdcuSVz1F9ddVne0CubnY-~A&gdpr=0&gdpr_consent=

Domain: rtb.mfadsrvr.com
URL: https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_user_id=0b21188b-9ce2-42e1-a25e-5d5d038195e3

Domain: match.adsby.bidtheatre.com
URL: https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Domain: ads.playground.xyz
URL: https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID

Domain: rtb.gumgum.com
URL: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D

Verdicts & Comments Add Verdict or Comment

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

50 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
webfonts.ffonts.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: t0q901mrisebaaiavn5hpdv8l7
.ffonts.net/	1970-01-20 07:51:39	Name: tvff Value: 1
webfonts.ffonts.net/	1969-12-31 23:59:59	Name: SESSIONID Value: ff2
.ffonts.net/	1970-01-20 16:37:15	Name: _ga Value: GA1.2.190856743.1638363118
.ffonts.net/	1970-01-19 23:07:29	Name: _gid Value: GA1.2.1428945928.1638363118
.ffonts.net/	1970-01-19 23:06:03	Name: _gat_gtag_UA_9036721_1 Value: 1
webfonts.ffonts.net/	1970-01-19 23:06:04	Name: stpdOrigin Value: {"origin":"direct","referrer":"webfonts.ffonts.net","ex":"Wed, 01 Dec 2021 13:21:58 GMT"}
webfonts.ffonts.net/	1970-01-19 23:49:15	Name: _pbjs_userid_consent_data Value: 3524755945110770
.ffonts.net/	1970-01-20 07:51:39	Name: _pubcid Value: 83510b7a-b594-4b69-98f6-3d9bb0289b3a
.ffonts.net/	1970-01-20 08:27:39	Name: __gads Value: ID=5570de01a253bc6b-22b95fee16cc0071:T=1638363118:S=ALNI_MZpKaJ8x3gz3YOZVWLKoruWj022nQ
.lijit.com/	1970-01-20 07:51:39	Name: ljt_reader Value: bb982fccf43d76693d50dbd2
.doubleclick.net/	1970-01-20 08:27:39	Name: IDE Value: AHWqTUn3DS69yZsBM6Cvk1jYypRfU_HTRJwgXbNB8HpgK_VG7GCvheVak_-36LurTZg
.adnxs.com/	1970-01-20 01:15:39	Name: icu Value: ChgIjN1MEAoYASABKAEw7t-djQY4AUABSAEQ7t-djQYYAA..
.adnxs.com/	1970-01-20 01:15:39	Name: uuid2 Value: 3604086807526404106
webfonts.ffonts.net/	1970-01-20 08:27:39	Name: cto_bidid Value: aTHWk191cFdvN2dJMmJnQ1R0M3pFWElCMVVzMVpSd3pWbHRoNGtYdDRVQ0lGRkFOVW1WZjlSZ0d5U0Yyd3FoZ0E3cTRDbWVXWTc3SDZ0JTJGMU9ZNkhYS3FBY213JTNEJTNE
webfonts.ffonts.net/	1970-01-20 08:27:39	Name: cto_bundle Value: SRNVSV9nd0V0YyUyRmFkZzR1RmN5U0hNMTJ4JTJGaG1xeGJWQ3pIWUc0SER6biUyRklaMDZWNFFBcDNGZXptc0RQZHhMOW9NJTJCb1VlZEpoSWI5YWR2MjdrYXhjQVN5clBSUERQMG5ISGQ2SUpSenpESk95RVV6V1BoS0JJVmpJcUZaOUlJcXRTY0xv
.rubiconproject.com/	1969-12-31 23:59:59	Name: rsid Value: 1\|AIfsdBUO++vuGxiryvY4NyLqsLINffPD0ndRTZPwOWBzr4eVPwTuL9+dZLvlgeCkRh3C4GjGYWrGRQSWDHOtFAT+ngdUyQJYykllPZjhEHJw9y7GDs9f
.rubiconproject.com/	1970-01-20 07:51:39	Name: khaos Value: KWNJ3L5Y-4-BJH
.rubiconproject.com/	1970-01-20 07:51:39	Name: audit Value: 1\|mFVHqHkj5bHYUy27P5Q+G9proiWwdM6Zsj4aADY2PVKbi+2Td/xv7dldzJnsmW/FyPahX+EFlsabcvCtzVzOdU37TXVldATHAokthQGmMqWyqVI1k5poNA==
.mathtag.com/	1970-01-20 08:31:58	Name: uuid Value: b45461a7-6fef-4e00-b674-68a921b00484
.spotxchange.com/	1970-01-20 07:51:43	Name: audience Value: 79c0970a-52a5-11ec-97b2-1384e0ef0206
.casalemedia.com/	1970-01-20 07:51:39	Name: CMID Value: Yadv8COuHfhFcq0TvqWBygAA
.casalemedia.com/	1970-01-20 01:15:39	Name: CMPS Value: 5205
.casalemedia.com/	1970-01-20 01:15:39	Name: CMPRO Value: 1204
.casalemedia.com/	1970-01-19 23:07:29	Name: CMST Value: Yadv8GGnb-AA
.casalemedia.com/	1970-01-20 07:51:39	Name: CMRUM3 Value: 8361a76ff0276018072662301623784059
.demdex.net/	1970-01-20 03:25:15	Name: demdex Value: 65676838459133964601478801428935479948
.pubmatic.com/	1970-01-20 01:15:39	Name: KADUSERCOOKIE Value: 4B8C67FA-9E71-4A03-B6D9-FEF936D04F8F
.dpm.demdex.net/	1970-01-20 03:25:15	Name: dpm Value: 65676838459133964601478801428935479948
.advertising.com/	1970-01-20 07:53:05	Name: APID Value: UP79e588cf-52a5-11ec-a81f-06c961e645ba
.dmxleo.com/	1970-01-20 06:18:03	Name: dmxId Value: 230A9D56731042700OUBQGQMHEMBRBSJW
.agkn.com/	1970-01-20 07:51:39	Name: ab Value: 0001%3Ai4RT2OEE0XgmNZeVuqaSyVARDpWli6kH
.pubmatic.com/	1970-01-19 23:49:15	Name: KRTBCOOKIE_1051 Value: 22884-18072662301623784059
.pubmatic.com/	1970-01-19 23:49:15	Name: PugT Value: 1638363120
.pubmatic.com/	1970-01-20 01:15:39	Name: PUBMDCID Value: 3
.krxd.net/	1970-01-20 03:25:15	Name: _kuid_ Value: Og8MtNpI
.analytics.yahoo.com/	1970-01-20 07:53:05	Name: IDSYNC Value: 18gs~21uc
.yahoo.com/	1970-01-19 23:49:55	Name: APID Value: UP79e588cf-52a5-11ec-a81f-06c961e645ba
.yahoo.com/	1970-01-19 23:07:29	Name: APIDTS Value: 1638363121
.yahoo.com/	1970-01-20 07:52:00	Name: A3 Value: d=AQABBO9vp2ECEPgDHGh9H0VObrLMqm_vbGAFEgEBAQHBqGGxYQAAAAAA_eMAAA&S=AQAAAn9ATojRW77rjxNw92TVKKc
.tribalfusion.com/	1970-01-20 01:15:39	Name: ANON_ID Value: a9nSoXs2aFfpAJsbYK7Ls5htjCF0CtVuhFX4RiZc928pxvOix5T5TZcqasMVInFSUJewg4tvJb3D3FxAZbllJjaK3mEKCQ2alqskRVncYPZdE6XuULPabcmBBMFdepUwkUDiLPTvZdlq8ZcypOsYw35q2OAhjesDCjfMDWBbRuvHWF1GAiSnx3OHpdZdHIM4kqM0KYGneXiedWmBk2MJgTkUGvpSvjl
webfonts.ffonts.net/	1970-01-20 08:36:17	Name: __atuvc Value: 1%7C48
webfonts.ffonts.net/	1970-01-19 23:06:04	Name: __atuvs Value: 61a76fed13c6a3d0000
.addthis.com/	1970-01-20 08:36:17	Name: uvc Value: 1%7C48
.addthis.com/	1970-01-20 08:36:17	Name: loc Value: MDAwMDBFVURFTlcyMzE0MTg3MjAwMjAwMDBDSA==
.ads.pubmatic.com/	1970-01-19 23:07:29	Name: KCCH Value: YES
.pubmatic.com/	1970-01-20 01:15:39	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-19 23:07:29	Name: pi Value: 156191:3
.pubmatic.com/	1970-01-20 01:15:39	Name: DPSync3 Value: 1638403200%3A174%7C1639526400%3A201_197_219
.pubmatic.com/	1970-01-20 01:15:39	Name: SyncRTB3 Value: 1639526400%3A165_176_99_71_21_13_230_88_204_222_55_166_81_7_8_54_238_56_3_22_234_189_220_161%7C1638921600%3A15_223_2%7C1640908800%3A203%7C1639612800%3A35%7C1639180800%3A63

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://prebid-stag.setupad.net/setuid?bidder=sovrn&gdpr=1&gdpr_consent=&uid=bb982fccf43d76693d50dbd2 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://prebid-stag.setupad.net/setuid?bidder=sovrn&gdpr=1&gdpr_consent=&uid=bb982fccf43d76693d50dbd2 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://id.rlcdn.com/709414.gif Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://rtb.adxpremium.services/openrtb2/auction Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
network	error	URL: https://rtb.adxpremium.services/openrtb2/auction Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
network	error	URL: https://rtb.adxpremium.services/openrtb2/auction Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
network	error	URL: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
aa.agkn.com
acdn.adnxs.com
ad.turn.com
ad4m.at
ads.playground.xyz
ads.pubmatic.com
ads.yahoo.com
adservice.google.com
adservice.google.de
adx.adform.net
ap.lijit.com
beacon.krxd.net
bidder.criteo.com
biddr.brealtime.com
c.amazon-adsystem.com
c1.adform.net
cdn.districtm.io
cdn.doubleverify.com
cdnx.tribalfusion.com
cm.adform.net
cm.adgrx.com
cm.g.doubleclick.net
core.iprom.net
cs.emxdgt.com
csync.loopme.me
d144mzi0q5mijx.cloudfront.net
dis.criteo.com
dmx.districtm.io
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eff2b3f65c9c2302ee2dc69e1a471950.safeframe.googlesyndication.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
green.erne.co
gum.criteo.com
hb.emxdgt.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
js-sec.indexww.com
m.addthis.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
match.taboola.com
mp.4dex.io
mug.criteo.com
pagead2.googlesyndication.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.advertising.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid-eu.creativecdn.com
prebid-stag.setupad.net
prg.smartadserver.com
pubads.g.doubleclick.net
public-prod-dspcookiematching.dmxleo.com
pubmatic-match.dotomi.com
rtb.adxpremium.services
rtb.gumgum.com
rtb.mfadsrvr.com
rtb0.doubleverify.com
s.tribalfusion.com
s7.addthis.com
script.4dex.io
secure-assets.rubiconproject.com
securepubads.g.doubleclick.net
setupad-d.openx.net
simage2.pubmatic.com
ssum-sec.casalemedia.com
static.cloudflareinsights.com
static.criteo.net
stats.g.doubleclick.net
stpd.cloud
sync-tm.everesttech.net
sync.mathtag.com
sync.search.spotxchange.com
tags.bluekai.com
tags.expo9.exponential.com
token.rubiconproject.com
tpc.googlesyndication.com
tps20521.doubleverify.com
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
v1.addthisedge.com
webfonts.ffonts.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
z.moatads.com
ads.playground.xyz
core.iprom.net
image2.pubmatic.com
image4.pubmatic.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
match.taboola.com
pixel.onaudience.com
rtb.gumgum.com
rtb.mfadsrvr.com
s7.addthis.com
104.111.215.191
104.16.68.69
104.17.120.107
135.125.163.79
142.250.186.98
143.204.95.188
151.101.193.108
151.101.194.49
169.50.137.182
172.217.18.98
178.250.0.157
178.250.2.131
178.250.2.151
18.156.0.31
18.158.154.136
18.169.90.17
18.195.155.181
184.30.24.121
185.184.8.65
185.29.132.245
185.64.189.110
185.64.189.112
185.64.190.78
185.64.190.80
185.64.190.81
185.86.138.16
185.94.180.126
188.165.137.78
188.65.124.38
2.18.233.180
2.18.234.21
2.18.235.40
2001:678:cb4:bbbb::11
213.254.244.20
23.37.38.181
23.37.42.132
23.79.143.124
23.88.75.186
2600:9000:2156:2400:1:c815:1b40:21
2602:803:c002:200::113
2606:4700:20::681a:ad1
2606:4700:20::ac43:44a2
2606:4700:20::ac43:4bf1
2606:4700:3108::ac42:2b03
2606:4700::6810:5f41
2606:4700::6812:372
2606:4700::6812:517
2606:4700::6812:c05
2620:116:800d:21:3175:5196:e3fd:8c1d
2a00:1288:80:800::7001
2a00:1450:4001:801::2002
2a00:1450:4001:808::2002
2a00:1450:4001:808::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:810::200a
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2003
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2004
2a00:1450:4001:831::200e
2a00:1450:400c:c06::9b
2a02:2638:1::13
2a02:2638::3
2a02:26f0:12d:587::4469
2a02:fa8:8806:20::2010
2a05:d018:d29:3602:73b0:42cb:776e:1ea4
3.120.57.46
34.248.58.49
34.98.64.218
35.244.159.8
35.244.174.68
37.157.4.24
37.157.4.25
37.252.172.123
51.89.7.205
52.31.243.184
66.155.71.25
69.173.144.138
69.173.144.165
72.251.245.181
72.251.249.9
85.114.159.93
95.216.234.12
00ab9bc7845dcef30d800b11234646a87d954b217e13f4e835597b466e35eead
010b6118955ff22451b95baec97e3776a033cb340624a07c9fb2130e2bca93de
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08697f1c683c2350eb289018dc53bb4d46d2a275c33776aeb3ccd174fd4560f9
091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed
0929ca1b40b95c50c0476bbbe79666bfced5eea2cf6a488d0e6a17223fc69798
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b9aee99a671a8bde72ca256d20838fad407f01a4a355e8eb6e217822f0c83af
0d4ac358662918743c2b38b010a42525446ca79554e4d85623119edf25f3de2f
0f9c649592b9f0b610c746da1ed7a7fb0c95b828c427e807ffa656773d734e53
116e714814c50dfe7179f6327b848f35173d0b24198a3417b7b86dee7247f5cf
192ed66777fc3ad5e8893e65e3fe3455ff04798dc11846b7150fd96717f4a61d
1980d964fa7f00b6f0af3753c8dd8935fbc3e089fe228e96e4cd9775213c39bc
1afa262e624f1634b15d619047f0addeb94a4f964711ae7d89997559ab75e77f
1c6ba1ea1e84a255cf232844f63136d171ffea36d2879db40577dd8176d044f3
1d9f1314aad4e23a11aeb915671888b179293c9d6da48616406e84a5d9fde0eb
20ded8704cf9843b4024ee9cf2064f6eddefb27a0d339db1b7d47033b59f3f9a
2161350732cb1db293da98d573b2c7dfc0226780894cff7983093c6026c27741
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
248c5c260b8061ece6b0d78fb45760c32e728018cd13b8e44557f9de44d3ebb0
2663e96e969aae2dfb105817e81aa09703f2d6afa94fe0a6c8c7bb09b4fce089
311472ef673b626bc08f74a8daaf75db2d9783b9aafd3a5940d736385bf8b1f3
34e8d61b27ceb3379885d35340957b110d19d579512293a9662a3ee2aae3d346
3985c50b3882ef396e409b7c0a8c5745a1e451adf2b8eda3e84ce3df446d1dfb
39a0d09b3dbb7215c1bc39fec8eb5dca5f914073d33b3aaf2d19f0e632daba87
3a540ce8ffa4ecaa24064a905a805c9722a9a737c54d6506136bed74af1d903a
3b4854350456f43704f227d592622a24d66b01aad6e747b1aa7470ab607ef585
3b5c6df3d95603757e24f51e21cf5c3d3db53ab0da1f077b82f92c9ba097f907
3c5a9346f0fe8e2e74fb8bbc30fea9a5149e3f606777081c1a18199811c354b3
3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41c01a951020f48c542a32ff8122b4dccb0301a4eb6ed84f0cd1ad4c560fa8cf
44216edbcf372158d065f2c7062712c9c829648c355066e7cd14242843005d81
44bd5aac289b020d10d4373635da493cbdb905a772da3207efbad13f40172f8e
44cad15f46103d11b3509d78cb456e47b3dc71b81e7ef7701f8803e6181230d3
465b31f84196ddfdd21c859a1460c95d70093d91e3ae5ce5c688c398b9dc20f7
4660d6d6c688c038bb48fb2428351c6e43847ba2cd8106cbf428c773e8c82f3c
4686d56763f1a1c32ea252c66645491a08e25fb5de9f10a4465400e54cfbc8df
47ba5d5addbb2322f285feddc4a4e7d0e7d35b2e512224d3486fbc99d1ee0d6f
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49a070133915e05e9b7723d25d8f07b12dda78f7d89c5334176329b5dc8019a6
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
594066ebcfb2404413b97d17ce76d04c760e23cd0280fded895d0d31b89af13b
5a259baa44d6c3c08c9b8ad761119ca79731b27595a0a8b9dbeb87b02de92e7d
5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6
5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274
5da4af1f69294fb9b6b2b70a753f6d6aa3c311e1f1d84234e91350cc32638adf
5f7e9a4f93c6b2971ead8376a186ceab280a6128d6a2f3a51f93ea3f5e6c659f
604037968a245c4f5fae53daeafe79375d8d32cb76d14c5a86ccdbe0b6c8cb34
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
62d6e5e4044bdad9109082fa345eb4b27346485391c4d9c8f9f82c39515266fa
65445aacbafe7ae9e7c21a38e05b09e0b8af45eb6c11e4bd0a4816d836d016ca
69a62946d5e9e76a92f84066604a9f0f5665a88fecb5dc26ee2d42ae0bbe3ede
69ada733de1303defaf9f14aa858c5e2088f7b976af2e62a6f7932af840b28fc
69f04517e8026c40b59c45b86cce990587bd1480ed65a966767c49f3afb9683b
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d4114b46f492655729126d0585dc2f0bc9c4a99c7cc332e0e46e05c35f3ba7a
6f07af7968c463a88883a027dd4f9e1fbbf53f5eca96f3c6905280f67c040464
6f77cc2f25a0a7e30e5b7da72979805339eaaca505308f2b70d023f39a4f3510
70c741dc6384f7ec0cdb9e55036889f7d79be728519bc177e0f97bfd9aa10e07
70cbd771bb0e7851303bbf5772c6abbc7f554b642ddb4ffe24b3341758144834
70ec89e8137c9fd96d7bfa8aa4f3ebbcdee95d30044720da68bb5a2a22691e06
71ed257e4b156a08f760e8210c87743706596497b6aba79c79724f0bf200319b
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416
7a6d6ea1b16f9ff6f512645b40252a81ec1df91b5d5dce96d39700015993a920
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7d74321a8280c2e857b7b39f615995fefd377a8444793fd08df7a00764fc878d
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
828a23f16d7d9f6f6f55e4a7dc110d9a6fb84691352b37dea3c79af62d8f3972
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
88360e455fffc64f7e87e260f019b93b33a94f46a491a6cc6f33eccc8642530a
8854752a74f17180183321d2dba6179fda1d37cd626d436d2236dfb797e57fb8
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8d8aa9c2c3798099cba43890c7808bfb34b70dbc853177ef287b50bc28161911
8dff814e9f10ab89597646428d659cfcaf8c6855b74094bfcafa98c72303826c
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068
983a8e31a519b41d2606188246f57165a4385caeffde7c3503746691eac854d9
9925babee5b2459d5c5b331cb20984e100de2511993a2d8bbca20627c8fbbaed
a089e15ed323f589e0d965e5a2655555bc1bc9e35ac28f66aba03687b9cd1618
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5d100945f5ec292fa9a3bf294212c7de3a425fb856dd4016d20a28110fce02d
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73461ad2eb2853c2e1a93781e56d513275a44a7e6e4c9a3cda7a6fda0bdc3a7
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a75899e5ecd7dc79b42209c86188cfe14653d5c6eae932d491faf5190bc2e10a
a86df7c0164458673004ed0d1f419a318f9573015a59f718de7d6d4003fccf7a
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ad429b6e062657e79045534c83d152b2ba993afda1fed76ec3df5130f36d17b1
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
b09faee964e8aafc9425f379292ea8da0aef81090cab0a29a913d0e0cee4939e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b164da3ed590408b615a8c9a637c5366b57ffeedb88cb64f8b2a16f110097a04
b339776b5d5fc473d9a6654ee12b7a33067f47c205f6714f07743303e67181d6
b970b6deca6abfdf4dc6455df1329c7e9086e454f5ec3c99b40910bec7b6108c
baf437304d79006a4f050b871807483c921e783a2a91808ad4b8f77802cde740
bbdac823938b140735189041f4f6bdc9c12ae46510c594c36a7ef34e4cacaf76
bf91c2834701bf26099bff2442dcc48f666536b1c7ec0c5be654fa9e8c82cce5
c12e5053441decbdfd592d5514766382f40572789ba8c46d40746f22d012dcdd
c29c6d9039b1ba64c9b85ecf62e4636fd7bbfbb623162889aa9ebeeaa1a6ed71
c34475285d3f4c68d1f36f7922fb7f37f5225b9b0e2f81fa8f9af134e49ad942
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c621ac4819ac962fca64ea4882a7fcdb4a3c123061396ddfb774f209f8f3e6d0
ca4f4bcc2a2373db7136da2549ebfcf2f746299f8c63b30d0d80e7b2214cf038
caae85e94d4aded836428f3ac7a5f0cef0b09cd84ebddb44d0f65fc88c4b5060
cabb9dedf77f277b8388b9533d5c21687f8f921b30ed6a5384b61aa31a3e8acd
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0
d03238dfc043e20593c01a5e6e120831b5d16b05ba81e137be668b3dee54ad79
d238699370b7526a7aaf28a71a05e63f65f00b3fded35717831e051cac9ac24e
d30f320707f306eef2f7e2de871f539732aa725fa8bf292a9f16a923ec2bb194
d7242d775eca8d7869f6a61d0e7962ce3a5665fbd4ca11e5402807c6ce6a5617
d9ebddedcebd351bb4e992c15921ef1378358eb1e02a8bae03d249506f2cd11a
dbb8d7fbb495f0a8d87cf9789a8b29cfd7f6cb4f8e78daf55a9e9652a0260d9f
dd1578f8cd9e8c8ddb18eb65f3600674a596c5d38c2c15af7e9d273742d9f55d
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185
e2165dd5e8f16091a3b892b2ef1eb372b18e251f6c5577e991c84071188e61ce
e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4ac0e6114ea6497f1321cf4fc654cff359b165691355c1c5509d952c406e96e
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e6677531b045f3b266ecc07884af8b8e0fe4e1b7a92ad624f9f296985c017f48
e864724666bf19d335005e3762275d63007b3bf5c28fa1db71cc907edfd9e829
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
eb49faef8a20f4241eec4b545a0553acff93c4179b0713370f8a7f0ce7597453
ec907d5c1baad33474208ea9f67cb8ddafdaf3dfdb85ffa4ab5979aa8478680a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f215b68d8af9c008639df391468c5634dc962ed8b5f4dd229799936a1a3194ff
f306f186f768e851b8445d6f47cf68c5c9ac5569dd468d9f34178c9341a89ee0
f31fc9d79b6f01f8b2213567764b387fba1bf3335a97be85db6d60e3624ab3a7
f4a388a3234ae316bd3680065bda88e40313acea24aca92b566678614c31bc38
f6bbbc58328e644c5eba7be1d2bfecf2ec07d38c33ba1b8cf9e8e8d8ed383e83
f7195ba0c91471ea5a058ab29fa3ada2217b616707a15ee64d965bf52492ed0e
f77d7891e5c65f93a63918e35bb4f0ebdf4f7b2b2b1e08aafaddb0f49aa8fefc
f781890b35e24f5b21afe3eabe0be452b619047727970a2968edd13383626002
f8b2ba2fa05745c8c1d02d50ed130cb81873e0cb51e30cdddc7fdad436dfbc49
f93676b1fc478004a0c1ba4e600213f2e22aca34f14ad67e97083f0aaa8d43d7
fc32c9c6281027c4ea610f015b57b6448844f58f749bfe2af72d419c894fb4ee
fd59309035d7587b663c15421ef8f1059957a5ca196e879b8cd72d52758cb65b
fe917a5ef00f3ba444fe50063ece8266ac0e6d684945f6a7e031617415d5e20b

webfonts.ffonts.net Open in urlscan Pro 95.216.234.12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

318 Requests

85 %HTTPS

37 %IPv6

69 Domains

107 Subdomains

73 IPs

10 Countries

2845 kBTransfer

8128 kBSize

50 Cookies

23 Outgoing links

Redirected requests

318 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

webfonts.ffonts.net Open in urlscan Pro
95.216.234.12 Public Scan

Screenshot
Live screenshot

Full Image

318
Requests

85 %
HTTPS

37 %
IPv6

69
Domains

107
Subdomains

73
IPs

10
Countries

2845 kB
Transfer

8128 kB
Size

50
Cookies

318 HTTP transactions
2 data transactions