dafontonline.com Open in urlscan Pro
198.54.116.83 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://dafontonline.com/
Effective URL:
https://dafontonline.com/
Submission: On November 27 via api (November 27th 2023, 12:07:38 am UTC) from US — Scanned from DE

Summary HTTP 179 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 33 IPs in 5 countries across 30 domains to perform 179 HTTP transactions. The main IP is 198.54.116.83, located in United States and belongs to NAMECHEAP-NET, US. The main domain is dafontonline.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 21st 2023. Valid for: a year.

This is the only time dafontonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 19	198.54.116.83 198.54.116.83	22612 (NAMECHEAP...) (NAMECHEAP-NET)
2	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
4	2600:9000:225... 2600:9000:2250:b200:2:bb72:9400:21	16509 (AMAZON-02) (AMAZON-02)
11	2600:9000:20a... 2600:9000:20a0:6a00:11:6246:b000:93a1	16509 (AMAZON-02) (AMAZON-02)
4	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	18.239.83.72 18.239.83.72	16509 (AMAZON-02) (AMAZON-02)
6	104.21.32.115 104.21.32.115	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4 6	2a00:1450:400... 2a00:1450:4001:830::200d	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	108.156.60.79 108.156.60.79	16509 (AMAZON-02) (AMAZON-02)
1 1	35.201.76.231 35.201.76.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	35.227.211.136 35.227.211.136	15169 (GOOGLE) (GOOGLE)
2 2	34.95.127.121 34.95.127.121	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	35.227.251.108 35.227.251.108	15169 (GOOGLE) (GOOGLE)
2 15	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
27	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
2 3	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
3	142.250.184.230 142.250.184.230	15169 (GOOGLE) (GOOGLE)
6 11	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
4 8	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	37.252.171.149 37.252.171.149	29990 (ASN-APPNEX) (ASN-APPNEX)
4	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:ef75:8280:f209:5ba1	16509 (AMAZON-02) (AMAZON-02)
2 2	3.69.152.80 3.69.152.80	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
179	33

19 198.54.116.83 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: business31-4.web-hosting.com

dafontonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2250:b200:2:bb72:9400:21 (United States)

ASN16509 (AMAZON-02, US)

d1lnjzqqshwcwg.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:20a0:6a00:11:6246:b000:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.dafontonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

pogothere.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.239.83.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-83-72.ams58.r.cloudfront.net

riperfienwa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.21.32.115 (None, )

ASN13335 (CLOUDFLARENET, US)

nopoloferewer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::200d (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.156.60.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-60-79.ams1.r.cloudfront.net

a.impactradius-go.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.76.231 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.76.201.35.bc.googleusercontent.com

imp.pxf.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.211.136 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 136.211.227.35.bc.googleusercontent.com

funnyfuzzy-affiliate-program.sjv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.127.121 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.127.95.34.bc.googleusercontent.com

www.ojrq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.251.108 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 108.251.227.35.bc.googleusercontent.com

1.envato.market	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.230 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.250.186.34 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.64.151.101 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.252.171.149 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:ef75:8280:f209:5ba1 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.69.152.80 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-152-80.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
53	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	692 KB
30	dafontonline.com 1 redirects dafontonline.com cdn.dafontonline.com	316 KB
29	doubleclick.net 8 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 ad.doubleclick.net — Cisco Umbrella Rank: 154 cm.g.doubleclick.net — Cisco Umbrella Rank: 245	201 KB
23	google.com 6 redirects accounts.google.com — Cisco Umbrella Rank: 24 www.google.com — Cisco Umbrella Rank: 2 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1359	68 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	3 KB
7	gstatic.com www.gstatic.com fonts.gstatic.com	79 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	5 KB
6	nopoloferewer.com nopoloferewer.com	2 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	319 KB
5	riperfienwa.com riperfienwa.com	6 KB
4	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
4	pogothere.xyz pogothere.xyz — Cisco Umbrella Rank: 31227	202 KB
4	cloudfront.net d1lnjzqqshwcwg.cloudfront.net	117 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	3 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 860 s.tribalfusion.com — Cisco Umbrella Rank: 2311	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 912	2 KB
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	92 KB
2	envato.market 1 redirects 1.envato.market — Cisco Umbrella Rank: 278942	709 B
2	ojrq.net 2 redirects www.ojrq.net — Cisco Umbrella Rank: 5839	868 B
2	sjv.io 1 redirects funnyfuzzy-affiliate-program.sjv.io	720 B
2	impactradius-go.com a.impactradius-go.com — Cisco Umbrella Rank: 62320	305 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	144 KB
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 597	363 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 353	149 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 709	542 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 764	465 B
1	pxf.io 1 redirects imp.pxf.io — Cisco Umbrella Rank: 44951	379 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2462	254 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 110
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
179	30

	Domain	Requested by
27	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net dafontonline.com
26	pagead2.googlesyndication.com	dafontonline.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
19	dafontonline.com	1 redirects dafontonline.com
15	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net dafontonline.com
14	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
11	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
11	cdn.dafontonline.com	dafontonline.com
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
6	accounts.google.com	4 redirects dafontonline.com
6	nopoloferewer.com	dafontonline.com d1lnjzqqshwcwg.cloudfront.net
5	www.googletagservices.com	googleads.g.doubleclick.net dafontonline.com
5	riperfienwa.com	d1lnjzqqshwcwg.cloudfront.net
4	www.googleadservices.com
4	www.gstatic.com	googleads.g.doubleclick.net
4	pogothere.xyz	d1lnjzqqshwcwg.cloudfront.net
4	d1lnjzqqshwcwg.cloudfront.net	dafontonline.com riperfienwa.com
3	fonts.gstatic.com	fonts.googleapis.com
3	ad.doubleclick.net	dafontonline.com
3	fonts.googleapis.com	googleads.g.doubleclick.net
3	www.google.com	2 redirects tpc.googlesyndication.com
2	pm.w55c.net	2 redirects
2	s0.2mdn.net	googleads.g.doubleclick.net
2	1.envato.market	1 redirects
2	www.ojrq.net	2 redirects
2	funnyfuzzy-affiliate-program.sjv.io	1 redirects
2	a.impactradius-go.com	dafontonline.com
2	www.googletagmanager.com	dafontonline.com
1	dis.criteo.com	googleads.g.doubleclick.net
1	match.adsrvr.org	googleads.g.doubleclick.net
1	sync-tm.everesttech.net	1 redirects
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	imp.pxf.io	1 redirects
1	region1.google-analytics.com	www.googletagmanager.com
1	www.facebook.com	dafontonline.com
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
179	38

This site contains links to these domains. Also see Links.

Domain
1.envato.market
creativemarket.com
funnyfuzzy-affiliate-program.sjv.io

Subject Issuer	Validity	Valid
dafontonline.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-21` - `2024-10-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.dafontonline.com Amazon RSA 2048 M02	`2023-03-06` - `2024-04-04`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-28` - `2024-02-27`	a year	crt.sh
riperfienwa.com Amazon RSA 2048 M03	`2023-11-22` - `2024-12-20`	a year	crt.sh
nopoloferewer.com E1	`2023-11-17` - `2024-02-15`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-05` - `2023-12-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.impactradius-go.com Amazon RSA 2048 M02	`2023-11-09` - `2024-12-07`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
quantserve.com R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh

This page contains 26 frames:

Primary Page: https://dafontonline.com/
Frame ID: 80597CE8F303C265CC85EEB5A1CC62C9
Requests: 99 HTTP requests in this frame

Frame: https://riperfienwa.com/TDdOOXAtVS1UTy0KLB8FPltzHEIKEnx/FH1bIFMKPUY9UQcvQCkXEyBYO10WPlggTV4iUjocQgpdGFciCFZ8YEELTn53Jx9+KnNBFlEsUjp9YH8MBwRdD3wzD20EcxcBYwB7JjZ8ImgTDU8+YCEPfgFzQRZvLXsXJXUffwIZXhd/MhtDCGMhI3QAfBx/YxxwHQtOJm4zCFQMdzInfgJ4KSt0C3gaCm96fjMfQCp1By9/LQkpCm8lUR0ZbwhbJCVyKnUhdH0HaBQhYBhgRA1wFGMmIVMLWyY4cxRtKiFgGGAYBGR/XSUieQZ4JXliFF4IfW9+AAoeWWN0OwpeF2A6JEAKdzJ0RgYJPid6IGMpGW8mcRQZAhtjHDtYD0E5e3AJYyoGbwB+EztUHmkiCloZbyk0ch14MQ9vd2sTGkQIaRcVRAxePjZlKW8RGgV3WBN8YR9jGw4FHG8UJmMZYyoaXhtvOh1YG2lBCk8Cbz4gZnwIKRl/D3sWIFhoUwMjWT4EFSRCLFhADQUETil/
Frame ID: 479B47F125BEE75D399692F1D4FF55DE
Requests: 2 HTTP requests in this frame

Frame: https://riperfienwa.com/MlAzVVhTMlA4Z1NtUXMtQDwOcGp0dQETPAM8XT8iQyFAPS9RJ1R7O14/RjE+QD9dIXZcNUdwanRpUGcNBgUBJglxPGpkDnMzfg0fBwNgZBF8CWUtDnZgQG0aYx5qAwtZI34XYUEeYD5tcRZfZBBFO3EXD3geeyIKZR51Dw5zFmoiDlkadwIMURpnOR1XGksmO3Y3ZmwbVQlgBjICAnIEAlA0YWELZRZmbR1gP3kDHHgfYgYVfDZlIQ9kJ1tiEHA/fw0cRTNyEBl5CUQAEGMRQz8PWR5/FhBoCX4AGXkJSyI5cScGOwxZEV0dD3QycGQVfzVYYBpkBh4+MnUoCxQMSAl5EhlKHVc5MwMFciEzYAVxARBlFlECLwcBeSIBVAFyOglmO3UDDnY/chMzcxtqIi9lEl8YYGM8aQ0bdhF3FAlCBn0+bXAZRDkxZzwCAx5fBlEHaXMHajlteQFyJTJ1EnoRD2EVcAM0VnUBFwJeOHYGL0Y8ZwQCaxNiczJBP10lZV8qdBYiZjZxHzVT
Frame ID: EE916D51EF5ECA5650D42FB5B7D3C51D
Requests: 2 HTTP requests in this frame

Frame: https://riperfienwa.com/YUZKcm8AJCkfUAB7KFQaEyp3V10nY3g0C1AqJBgVEDc5GhgCMS1cDA0pPxYJEykkBkEPIz5XXSd3GTUpDxIwFR0lISECLRsxAzNcKAQpNAszID00GiI+GxU5Cy4pNDwZcQ4zOicFHEogMz4HQzcpEBsjPC8cABU1ACccQgIgKjpXXSMOIxkpIx4DPw0JFw0RAzQoDQVbCxAJHio3FyE8NQ0ACRQ+CSEMFVsJHgkROCcBJTkKIH4eEwgRch80CwkFDUM8KxElOQojHwU7PlR+GDQ+Lw4SAj0pdSE/NjQUHBReCnIPIxwQEjNCKyUFED8NNwsiFwgVY3g0O1BrGEcnOTYYJhYzFxozGC0nLR0jMwAcV10nEAk3JCArJTkKIB8JPiksKBk3JVgFCQElJxUIJCM0FBwxPg1zHTcDRHQMNAFUFB9BADYjHCAKACE6RioGHzolOw4PGxxeRHQIFDkrFxMjG0R0CCAXKz8JI0kLNSUcH1w0KTErBSQMFSk
Frame ID: 8A63D03848BC81289F39BBB9EC66CDAF
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: 653AC18ACF1943466C06280150E10651
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9515399027379549&output=html&adk=3105533540&adf=2621220088&lmt=1700918415&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x810_r&format=0x0&url=https%3A%2F%2Fdafontonline.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701043653937&bpp=5&bdt=1332&idt=142&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4684295644810&frm=20&pv=2&ga_vid=1828443161.1701043654&ga_sid=1701043654&ga_hid=810874583&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078297%2C44807764%2C44808148%2C44808285%2C44809056&oid=2&pvsid=54917597967740&tmod=150110085&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=164
Frame ID: CC8704895BBCE8C901CEADD0B063ABB6
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F307320F87905CDC3A6245D4F243344D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0F49D5F517E8FEA0967F18DEFDDC428C
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-9515399027379549&output=html&h=280&adk=873553977&adf=4248227912&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1700918415&rafmt=1&to=qs&pwprc=8572252050&format=1200x280&url=https%3A%2F%2Fdafontonline.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701043655476&bpp=1&bdt=2871&idt=-M&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=4684295644810&frm=20&pv=1&ga_vid=1828443161.1701043654&ga_sid=1701043654&ga_hid=810874583&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2076&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078297%2C44807764%2C44808148%2C44808285%2C44809056&oid=2&pvsid=54917597967740&tmod=150110085&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=102
Frame ID: 53D75386444A295F55E0D2E5A392C71E
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: E9BE5E652E8E63294CB1F86C6BB6D59F
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: B722C06802269D9DE5DBED5175E6A1EE
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 1ABF706E70C498AF763E373FE0EC0D98
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: CAC7377C2063DAFD9A315755E7AB2CA7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 2F08C6C775530D8E5AB8613C6D6D24F5
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARi3353cATAB&v=APEucNXIQQl8exXxH4d_S-HeQ-Vls6Me6_FcBXKdPTg3cBSCUE4T4X3nMUH1gS27hk4klMLzbLP9Pl1ByG1TwgjnxV4kXO30QQcefzn4NFpIG9b57P5wa2YCXZm2mTBNBrefFLVRDqOJQ5dqAbxpFHOUh436weYQX3nVREc2fzPB5cpbuMQXoZE
Frame ID: A291F44BA09AADF20E034040CC295462
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Frame ID: 6BC6690408D1BF36061F46A212BC99EA
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARjD-r7cATAB&v=APEucNUPbBVurb_SoWOoR8v4vkrXmiJLQDKQYNKu-YfPtZJvdn6SoVo1u6z64I2KOrc8TLJIl_tMGPFWPCVM66a3O1emW5clXlkIVEohzGzC4GIP-dbezRgmQGb3jIh6VN_zztGb0hgzcnZRlUInymrnX1-4TrORIwqRe6sE0YfdzFO1x86DtA8
Frame ID: FB0BFE7B12CED8CB6826D325552DF355
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Frame ID: 53AD0A2217678B6B2C6C8E2EC54F81C5
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: C360A56EA69B3F51BFD62223EBE1FE83
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 5FF87C82DE1315858A161D8D370AB212
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 1F1B39589C7B8BA6B5FB71705D9048E7
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: E569466C24C5E0E4AE8947A94DE9D55F
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js
Frame ID: 7935BAAABAE3B37AF49A663B5D2917B9
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js
Frame ID: B8E8DD22AA5704C5E92D9421F72D0C85
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8681A04FBEA7C1368C3B0BEA8D82F4B3
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js
Frame ID: DED2834CBC27D5155AB21CD38F6995AC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dafont Online | Download Free Fonts

Page URL History Show full URLs

http://dafontonline.com/ HTTP 301
https://dafontonline.com/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

179
Requests

90 %
HTTPS

50 %
IPv6

30
Domains

38
Subdomains

33
IPs

5
Countries

2548 kB
Transfer

5846 kB
Size

27
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://1.envato.market/c/2672021/298927/4662
Title: Unlimited Downloads

Search URL Search Domain Scan URL

URL: https://creativemarket.com/fonts?u=Abuhasnat
Title: Premium Fonts

Search URL Search Domain Scan URL

URL: https://funnyfuzzy-affiliate-program.sjv.io/c/3296149/1869930/18110

Search URL Search Domain Scan URL

URL: https://1.envato.market/c/3296149/1887667/4662

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dafontonline.com/ HTTP 301
https://dafontonline.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2aKkne4xF6kb2Dkn5Y57fwKvx5_HEb5OY_l9_yewlhn-osdrkZvgSRzc2p581KeFugGQQG_Q HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1_JGvhn_adSr8usUKAV5pkkkRs80eBL1PUNt-4XH1dVx2vWbIMk_09vT_tcRsUPA4U38XMhg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-973012229%3A1701043653511550&theme=glif

Request Chain 34

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1lrMROSzToczAOwjRd555PkW_3kt4KHnnnnPqm9s_TUfW0IHs5RIM-JVlSNrG_ve4Z9kVIwQ HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp27Jk42mX4t2iAEA-wHtMIa3l5sRj8BetZgXAfJMD6ldXDn5w2Bf0qPS2DX5v0y8x8eYQC6-Q&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1526154014%3A1701043653469309&theme=glif

Request Chain 69

https://imp.pxf.io/i/3296149/1869930/18110 HTTP 302
https://funnyfuzzy-affiliate-program.sjv.io/i/3296149/1869930/18110?level=1&srcref=https%3A%2F%2Fdafontonline.com%2F HTTP 302
https://www.ojrq.net/p/?return=https%3A%2F%2Ffunnyfuzzy-affiliate-program.sjv.io%2Fi%2F3296149%2F1869930%2F18110%3Flevel%3D2%26srcref%3Dhttps%253A%252F%252Fdafontonline.com%252F&cid=18110&tpsync=no&auth=56850181b1536836 HTTP 302
https://funnyfuzzy-affiliate-program.sjv.io/i/3296149/1869930/18110?level=2&srcref=https%3A%2F%2Fdafontonline.com%2F&brwsr=f6ee5711-8cb8-11ee-9bfe-8f39d46fabfc&brwsrsig=VBCR0JQ%3AgygWRApXIoSIRyPCx6M0as

Request Chain 71

https://1.envato.market/i/3296149/1887667/4662 HTTP 302
https://www.ojrq.net/p/?return=https%3A%2F%2F1.envato.market%2Fi%2F3296149%2F1887667%2F4662%3Flevel%3D1%26srcref%3Dhttps%253A%252F%252Fdafontonline.com%252F&cid=4662&tpsync=no&auth=568501020e52c390 HTTP 302
https://1.envato.market/i/3296149/1887667/4662?level=1&srcref=https%3A%2F%2Fdafontonline.com%2F&brwsr=f6ee5711-8cb8-11ee-9bfe-8f39d46fabfc&brwsrsig=VBCR0JQ%3AgygWRApXIoSIRyPCx6M0as

Request Chain 136

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 137

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE5WaNUE0m4i3cVVkIYYtvo&google_cver=1

Request Chain 138

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPdx8EnPIdQrqoKLv9WwgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGJKr1lVN-6rTnsmJpcBLYY&google_cver=1

Request Chain 139

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKztHwUkhA6izrHIB6W090k&google_cver=1

Request Chain 140

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc5ODg0NzczMDQ4NDc5OTgxMQ%3D%3D

Request Chain 142

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHrPTUfq3tfCyrqNeuNL8GM&google_cver=1

Request Chain 143

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPdx8EnPIdQrqoKLv9WwgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGJKr1lVN-6rTnsmJpcBLYY&google_cver=1

Request Chain 144

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEkrfaHQOpBFPMVeWDZkNm8&google_cver=1

Request Chain 145

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTgyODA1MDE2NzMwNDc3NTI2Nw%3D%3D

Request Chain 157

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 162

https://googleads.g.doubleclick.net/pagead/adview?ai=Cs_SFxt1jZenlB6SJ9u8Phoq3iAyskbCXdIvav8WOEt3rq6_eARABIObV3CRglYKAgLgHoAHwrbW3A8gBAqgDAcgDyQSqBOABT9A_MvsqlJsa_4mw3-WnDWYd8Ysuq43eMA_NrY5n2ZF6sHv9C8Vw9axnPuP-C1iIfiFjm7RaCcdaRyWpAxh8sQdEZTCkYo5GSIotoW-kjf3hpZXKEl1a6Nr9Ajgi6xYcyDAJYvm9Ye74Z0H30TGBJRdYiW2gKkUcKLfx5ByMt2iJQJZTPvlMCHLCYyRfIrb4Tk0PJhiZbwns_OeyRxSgsroVM5V1Vdj8UHzQXJvjpvY_BpqDCauMMueEO6en2-XkVzDxLbyvprJngjeBOT5y4AgT8HYVtgFCH81ZODu4p9nABMmSv5-7BIgFyIHAqU2SBQQIBBgBkgUECAUYBKAGAoAH-NHKSKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEPD5MdIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqaCSJodHRwczovL2VsZW1lbnRzLmVudmF0by5jb20vZm9udHMvgAoByAsBogwQKg4KDOS0sQLutbECtbixAtgTDNAVAYAXAbIXHAoaCAASFHB1Yi05NTE1Mzk5MDI3Mzc5NTQ5GAA&sigh=k3tqXqXyN8c&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgDICaaNBqFUEm99bh4tWPU9xkntoipLs_c4oBAbfS0uSp0FimEptJf6VwAhho8RDfvDey6cKra_iusBw-E9GWElbe_oX0DOXtJkQUBk5xgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227408442232118503641%22,%22debug_reporting%22:true,%22destination%22:%22https://envato.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22921523952%22],%224%22:[%2211-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221248953051759119057%22}&andc=true

Request Chain 179

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPYAmnfbj7OEm1jPOfcbIfE&google_cver=1&google_push=AXcoOmQelna8rsSZtCS5PELCcErAO_WISNec2lvnirSdkedtWXSkq31NY7NXgA2qyw1bMZxmHJKOSZBy1GmxwSh229YVv1F701C4WJY HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPYAmnfbj7OEm1jPOfcbIfE&google_cver=1&google_push=AXcoOmQelna8rsSZtCS5PELCcErAO_WISNec2lvnirSdkedtWXSkq31NY7NXgA2qyw1bMZxmHJKOSZBy1GmxwSh229YVv1F701C4WJY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=c0FhWUhUdFkxUjdwYTA1&google_gid=CAESEPYAmnfbj7OEm1jPOfcbIfE&google_cver=1&google_push=AXcoOmQelna8rsSZtCS5PELCcErAO_WISNec2lvnirSdkedtWXSkq31NY7NXgA2qyw1bMZxmHJKOSZBy1GmxwSh229YVv1F701C4WJY

Request Chain 180

https://a.tribalfusion.com/i.match?p=b6&u=CAESEOxj2kUR5nTRCrip4-KR93k&google_cver=1&google_push=AXcoOmTlLPXyWs0KezN4GHTitxZKJgIds13UdIC1xww8tAsMQ7nhwefHprmaqfPP_Pv8E8dhXlN4iFrdTmFtweJGd_KoWQqc0cl-OYc6&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTlLPXyWs0KezN4GHTitxZKJgIds13UdIC1xww8tAsMQ7nhwefHprmaqfPP_Pv8E8dhXlN4iFrdTmFtweJGd_KoWQqc0cl-OYc6%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEOxj2kUR5nTRCrip4-KR93k&google_cver=1&google_push=AXcoOmTlLPXyWs0KezN4GHTitxZKJgIds13UdIC1xww8tAsMQ7nhwefHprmaqfPP_Pv8E8dhXlN4iFrdTmFtweJGd_KoWQqc0cl-OYc6&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTlLPXyWs0KezN4GHTitxZKJgIds13UdIC1xww8tAsMQ7nhwefHprmaqfPP_Pv8E8dhXlN4iFrdTmFtweJGd_KoWQqc0cl-OYc6%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 181

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESELnQq2EIg2I_dHB_Es8H1DQ&google_cver=1&google_push=AXcoOmTx4mXue5LEZXCwmWVnTP38ebJfC0Kg0G5eoQ-E1iNnpTFNPfDumCJwXAqN87dCkKF6Ss3kCD3cxC4h0ywgi7oNo9WY_1mDinHN HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESELnQq2EIg2I_dHB_Es8H1DQ&google_push=AXcoOmTx4mXue5LEZXCwmWVnTP38ebJfC0Kg0G5eoQ-E1iNnpTFNPfDumCJwXAqN87dCkKF6Ss3kCD3cxC4h0ywgi7oNo9WY_1mDinHN

Request Chain 190

https://googleads.g.doubleclick.net/pagead/adview?ai=C8cy_x91jZfDhJN3I7_UPu-K5CPWX455039uz1fgR3M6Rn7wBEAEg5tXcJGCVgoCAuAegAZHkpM0CyAEJqQIHxDQrk1qyPqgDAcgDywSqBOkBT9AtVnFkNECzHJcGVFItqEI_NxtOl9FftXPMIa5s75mHMGA3bNcAiXk8_QkqTyUJrQVXurejJXdbZwiNnLXA6ORixnQhoe8Wremq1qJ7_oDk9Cc7ssvS1tO-WbylA7p0vh2QgYadxrptSTpwOH8LP8pmBNUPf1E26mKxFJ7Xil1cfpeXwRNs-4z0en0n1IPS3SdL2JHmEUKMRwsSKPGAvdBchffXnTPP4o6ccyswpWJ7pnEdCRDsfx6cmLI8ApeNIWgK0-Z9Ptp9qneNVbaJy2o3Yky-7WNPNz5LpnZWCIa2RaRNk_UEPs3ABKeqh6HFBIgFu_LrtU2SBQQIBBgBkgUECAUYBKAGLoAH39mumgOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCI2ArSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mglnaHR0cHM6Ly93d3cudm9sdm9jYXJzLWhhZW5kbGVyLmRlL2ZpbmNrLXVuZC1jbGF1cy9idWVkZWxzZG9yZi9nZXNjaGFlZnRza3VuZGVuL2FuZ2Vib3RlL3hjNjAtMjQ4Ml80NTU4MoAKAcgLAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxArgT5APYEwrQFQGAFwGyFxwKGggAEhRwdWItOTUxNTM5OTAyNzM3OTU0ORgA&sigh=kloSOmXxBbk&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSOwDICaaNvzvy40krz457wGp4Nwxo0y3l-g_nqeIZ-BfeGXI31Nd7RX-1haBu--4Bu5Z6o2A5Xk-v0k9BGAE&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2216232311118436138543%22,%22debug_reporting%22:true,%22destination%22:%22https://volvocars-haendler.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22698954257%22],%224%22:[%2211-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2214679472738394620161%22}&andc=true

179 HTTP transactions
29 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
dafontonline.com/
Redirect Chain

http://dafontonline.com/
https://dafontonline.com/

67 KB
18 KB

565ms
190ms

Document
text/html

198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

b43263fd450c755b0c080740c005384e9d593f9371084f3c5ca96359e20bdb5b

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: br
content-length: 18194
content-security-policy: report-to default
content-type: text/html
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 00:07:32 GMT
expires: Mon, 29 Oct 1923 20:30:00 GMT
last-modified: Sat, 25 Nov 2023 13:20:15 GMT
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=2592000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block

Redirect headers

content-length: 707
content-type: text/html
date: Mon, 27 Nov 2023 00:07:31 GMT
keep-alive: timeout=5, max=100
location: https://dafontonline.com/
referrer-policy: no-referrer-when-downgrade
server: LiteSpeed
strict-transport-security: max-age=31536000; includeSubDomains; preload;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 243 KB
84 KB 100ms
45ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-H51NETC849

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bb5d4ff4b0e08450f807c0a4c4f10b8913136c9231316e2d6722d45b0df3f8fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85931
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 27 Nov 2023 00:07:32 GMT

GET
H2 200 / Show response
d1lnjzqqshwcwg.cloudfront.net/ 354 KB
115 KB 253ms
182ms Script
text/plain 2600:9000:2250:b200:2:bb72:9400:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1lnjzqqshwcwg.cloudfront.net/?zjnld=986608
Requested by: Host: dafontonline.com
URL: https://dafontonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:2:bb72:9400:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8805b5c1f16c088dab35529b1377cd29a82744e9b0bb4a712c99585a414ce254

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: gzip
via: 1.1 3fd7afcdda21f0b562dfcbf7920c44a0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length: 117535
x-amz-cf-id: LRtqmlcJ-MFuBYO8aPu3Ma3j-PhSh-SIHXCs_cPxo6Qr66mNDeBr3w==

GET
H2 200 dafontonline-logo.png
cdn.dafontonline.com/Files/2020/08/ 4 KB
4 KB 160ms
32ms Image
image/png 2600:9000:20a0:6a00:11:6246:b000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.dafontonline.com/Files/2020/08/dafontonline-logo.png
Requested by: Host: dafontonline.com
URL: https://dafontonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20a0:6a00:11:6246:b000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 24083b363d57de5d53ae7da1e21b229124f793278a01c00834260816ad8b3111

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 08 Sep 2023 08:08:11 GMT
via: 1.1 7cc8e1a489398403da487298ad363b2a.cloudfront.net (CloudFront)
last-modified: Tue, 06 Jun 2023 09:08:21 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 6883162
etag: "e6b4458d1ad638dcf36b71a5f383e217"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 3770
x-amz-cf-id: Q_CJFuTJWkKSd-0meI1KtCzxNoh5dfAXUZgxZxkVpf3k95k99IKzOQ==

GET
H2 200 Krungthep-Font-2.webp
cdn.dafontonline.com/Files/2023/11/ 13 KB
13 KB 170ms
42ms Image
image/webp 2600:9000:20a0:6a00:11:6246:b000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.dafontonline.com/Files/2023/11/Krungthep-Font-2.webp
Requested by: Host: dafontonline.com
URL: https://dafontonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20a0:6a00:11:6246:b000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0bde15c60969f006841ac4c6def46cae37e8ae4ca689529dcb4fd60a5c1cae15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:54:30 GMT
via: 1.1 7cc8e1a489398403da487298ad363b2a.cloudfront.net (CloudFront)
last-modified: Sat, 25 Nov 2023 09:22:42 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 22383
etag: "4ca4c88c84b485e429f48952e01a2433"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 13110
x-amz-cf-id: 5D1aB_B-wm_Ck11zYclpnHNNgwJZMK-DW1PU5ZNG3ySFhDtRW_BnzQ==

GET
H2 200 blank.gif
dafontonline.com/dfoplugins/wp-fastest-cache-premium/pro/images/ 43 B
649 B 191ms
191ms Image
image/gif 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dafontonline.com/dfoplugins/wp-fastest-cache-premium/pro/images/blank.gif

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-security-policy: report-to default
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 43
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 02 Oct 2023 16:06:48 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
DATA 200
OK truncated Show response
/ 4 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 953c3d40c486b72fd37c4dffb6961a77d250679c60c0b204fdcc2717fccfc171

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 338 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cd4f18ae411310727b104639f1237c3ced50deb4c14ea056acb53a6470daf24

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
H2 200 h9wzl.css
dafontonline.com/dfocontent/cache/wpfc-minified/7ylz7n1f/ 182 KB
27 KB 196ms
194ms Stylesheet
text/css 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wpfc-minified/7ylz7n1f/h9wzl.css

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

5fa9a4d53af90878b8a79731fc450c3c4f87fedcd0a016a19d91a4ad8c80f3fa

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 27443
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 25 Nov 2023 12:57:50 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 5dff3fa3.js Show response
dafontonline.com/dfocontent/cache/wph/ 85 KB
30 KB 379ms
377ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/5dff3fa3.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

bbb386dfd24a7d7e0756ea00d5d7a896144dfad936c44414d27396594d7aa269

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 29700
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 16:49:37 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 33015045.js Show response
dafontonline.com/dfocontent/cache/wph/ 13 KB
5 KB 562ms
561ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/33015045.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

557cf15821d24471dac40cd35467eb39c7bf67c721e643f5318bf01ccd3cceb1

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 4633
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 16:49:37 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 d304756d.js Show response
dafontonline.com/dfocontent/cache/wph/ 7 KB
3 KB 564ms
562ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/d304756d.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

5a3c997b145a7502cf95c3d805e4096e30aadf4e6a2b2c432cbd4b676b0af984

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 2481
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 14:58:48 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 60377617.js Show response
dafontonline.com/dfocontent/cache/wph/ 1 KB
1 KB 564ms
563ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/60377617.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

1a6ddae0df0a327053a81808d71ea8a31037e6b3241576aa8a2cc94364691cfe

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 409
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 14:28:34 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 acf8bba6.js Show response
dafontonline.com/dfocontent/cache/wph/ 16 KB
6 KB 565ms
564ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/acf8bba6.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

8d9e3f22f62e64861bd49a5d681ec90024627f8de238900e7bf43d5135904f36

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 5692
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 14:28:40 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 e86d23b7.js Show response
dafontonline.com/dfocontent/cache/wph/ 2 KB
1 KB 566ms
565ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/e86d23b7.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

f620c68710822a68bf5b732978395efa814835d0b16eb8e7aeb853f5982aed84

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 472
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 16:49:37 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 a1880bc7.js Show response
dafontonline.com/dfocontent/cache/wph/ 4 KB
2 KB 567ms
566ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/a1880bc7.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

99aad9fb525baaa21ae6a5842bd2b89a79d0bed913e42f32b8726660afb42ee3

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 1198
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 14:28:40 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 47edbbdc.js Show response
dafontonline.com/dfocontent/cache/wph/ 6 KB
3 KB 568ms
567ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/47edbbdc.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

89e19d6af906b935cb35d1dd3b10f94119c92a0754b6c93c19db7c0433733810

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 1918
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 14:58:48 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 e36bfa2d.js Show response
dafontonline.com/dfocontent/cache/wph/ 7 KB
3 KB 745ms
743ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/e36bfa2d.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

b60f0124e234420400116f04ec3edd07a3ea13ec9be3fe2e0b28ae00f812c7c0

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 2446
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 14:28:40 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 870ec714.js Show response
dafontonline.com/dfocontent/cache/wph/ 1 KB
1 KB 745ms
744ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/870ec714.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

55efc399c1957d064f0351a8de32201c155996e920a157cd23fbabbfd525ccda

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 521
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 14:28:40 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 912d2b69.js Show response
dafontonline.com/dfocontent/cache/wph/ 72 KB
23 KB 746ms
745ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/912d2b69.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

e76373de86c74b90926f16038d6cd0533d1d7de072f21a7f923e1fa2af8950ce

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 22724
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 16:32:30 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 a20dd34c.js Show response
dafontonline.com/dfocontent/cache/wph/ 9 KB
3 KB 748ms
747ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/a20dd34c.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

dbafa42e26a30194c0e5d44e4c9878bf0aa690a19efd5b38536f01d4ffa3d3e0

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 2820
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 14:28:40 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 3be9d033.js Show response
dafontonline.com/dfocontent/cache/wph/ 878 B
1002 B 749ms
748ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/3be9d033.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

d220597acad4d66b7b67381fce1c28f249bba271f780853bb9a84ef562959671

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 361
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 14:28:34 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 6f061a40.js Show response
dafontonline.com/dfocontent/cache/wph/ 3 KB
1 KB 749ms
749ms Script
application/javascript 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfocontent/cache/wph/6f061a40.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

09b6a5f215058d55838f397f50b4d50805f1b85a6f6ea10dd919bf434fa76f77

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 822
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Nov 2023 14:28:40 GMT
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=10368000
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 asd100.bin Show response
pogothere.xyz/ 100 KB
100 KB 369ms
314ms Fetch
binary/octet-stream 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/asd100.bin
Requested by: Host: d1lnjzqqshwcwg.cloudfront.net
URL: https://d1lnjzqqshwcwg.cloudfront.net/?zjnld=986608
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
cf-cache-status: EXPIRED
last-modified: Sun, 26 Nov 2023 17:47:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: https://dafontonline.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PX%2BdpbOAfmseMVgH1FxeBQERN9wxxh5E7xxEf9T4gbQbe5SiWFJf4KuMQtYbYAgz3iOtu5Pa0oU2lkmdTf4KivAJwTHzXdWrzzF3AJDK1v%2FpZxMM%2BRn%2FMMkC5wKU2LaH"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 82c621b17b5071c5-FRA
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
pogothere.xyz/ 26 B
626 B 181ms
126ms Fetch
text/plain 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/
Requested by: Host: d1lnjzqqshwcwg.cloudfront.net
URL: https://d1lnjzqqshwcwg.cloudfront.net/?zjnld=986608
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3721d092d2be4fffd8b5a755bd2fec81c6e93341e95a467c8c2a452398f2d18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sSGwmvHj7MWVacUOzDK34zdPkqdTksF%2FkJ6yDf0cvC3HDTWLusEiFX5cvvxQYwz5H12%2FA2gevv9dx2vsiQKldOb9lMDH2WYEjK%2F%2B2qE51vGBTtaeAMk62MmeJgi41Ugy"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
access-control-allow-origin: https://dafontonline.com
content-type: text/plain
access-control-allow-credentials: true
cf-ray: 82c621b17b4f71c5-FRA
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400

GET
H2 204 utx Show response
riperfienwa.com/ 0
539 B 196ms
126ms XHR
text/plain 18.239.83.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://riperfienwa.com/utx?cb=0SKOfGJophiS&top=dafontonline.com&tid=986608
Requested by: Host: d1lnjzqqshwcwg.cloudfront.net
URL: https://d1lnjzqqshwcwg.cloudfront.net/?zjnld=986608
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.83.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-83-72.ams58.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:33 GMT
via: 1.1 d1867b092f625a3679893299e10edaee.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://dafontonline.com
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: jFwdoOcyGpNjFgq9D0HUKZcCP-WmENkFoAhVJpPojX2diWCB3LdY_g==

GET
H2 200 / Show response
riperfienwa.com/TDdOOXAtVS1UTy0KLB8FPltzHEIKEnx/FH1bIFMKPUY9UQcvQCkXEyBYO10WPlggTV4iUjocQgpdGFciCFZ8YEELTn53Jx9+KnNBFlEsUjp9YH8MBwRdD3wzD20EcxcBYwB7JjZ8ImgTDU8+YCEPfgFzQRZvLXsXJXUffwIZXhd/MhtDCGMhI... Frame 479B 3 KB
2 KB 166ms
122ms Document
text/html 18.239.83.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://riperfienwa.com/TDdOOXAtVS1UTy0KLB8FPltzHEIKEnx/FH1bIFMKPUY9UQcvQCkXEyBYO10WPlggTV4iUjocQgpdGFciCFZ8YEELTn53Jx9+KnNBFlEsUjp9YH8MBwRdD3wzD20EcxcBYwB7JjZ8ImgTDU8+YCEPfgFzQRZvLXsXJXUffwIZXhd/MhtDCGMhI3QAfBx/YxxwHQtOJm4zCFQMdzInfgJ4KSt0C3gaCm96fjMfQCp1By9/LQkpCm8lUR0ZbwhbJCVyKnUhdH0HaBQhYBhgRA1wFGMmIVMLWyY4cxRtKiFgGGAYBGR/XSUieQZ4JXliFF4IfW9+AAoeWWN0OwpeF2A6JEAKdzJ0RgYJPid6IGMpGW8mcRQZAhtjHDtYD0E5e3AJYyoGbwB+EztUHmkiCloZbyk0ch14MQ9vd2sTGkQIaRcVRAxePjZlKW8RGgV3WBN8YR9jGw4FHG8UJmMZYyoaXhtvOh1YG2lBCk8Cbz4gZnwIKRl/D3sWIFhoUwMjWT4EFSRCLFhADQUETil/
Requested by: Host: d1lnjzqqshwcwg.cloudfront.net
URL: https://d1lnjzqqshwcwg.cloudfront.net/?zjnld=986608
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.83.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-83-72.ams58.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: a3a80ef408904d11ff9679aa04b1d8bd87cb606a35b4db51e97018ff84d022ec

Request headers

Referer: https://dafontonline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip
content-length: 1238
content-type: text/html
date: Mon, 27 Nov 2023 00:07:33 GMT
p3p: CP="NID DSP ALL COR"
pragma: no-cache
server: openresty/1.17.8.2
via: 1.1 d1867b092f625a3679893299e10edaee.cloudfront.net (CloudFront)
x-amz-cf-id: 0-n_xJgOKqSptcW9iJnXl2Hxs8J56HLHTHNVGMoMcfysSuDDTflafw==
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront

GET
H2 200 asd100.bin Show response
pogothere.xyz/ 100 KB
100 KB 312ms
297ms Fetch
binary/octet-stream 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/asd100.bin
Requested by: Host: d1lnjzqqshwcwg.cloudfront.net
URL: https://d1lnjzqqshwcwg.cloudfront.net/?zjnld=986608
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
cf-cache-status: EXPIRED
last-modified: Sun, 26 Nov 2023 17:47:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: https://dafontonline.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPzccWRSqM9C3A5IxpONodD%2B8QB8peDFLvqQn58EToAX0BPF8MgivLp0ZybaK7QbSqs%2FAFvKCNcMdgN9D%2Fvb6UCQ4%2BuVM2l2ww%2FQPiHrWTojY6a7dVtx77k2TF2PfCZY"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 82c621b17b5471c5-FRA
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
pogothere.xyz/ 27 B
363 B 142ms
127ms Fetch
text/plain 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/
Requested by: Host: d1lnjzqqshwcwg.cloudfront.net
URL: https://d1lnjzqqshwcwg.cloudfront.net/?zjnld=986608
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f937b9447dd8e4f752df8d6472e18f929ea5e22a6b2b6ab4257e65085938052

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HKLkDbEy%2F6RWDucJ0J%2BWhf6pX%2FzKc8ayxKBR1rYsjM9rlhlvRKH5hgcPrAiDUPFIUOSPhowJrI48fbsTi4ScIz%2B%2Fx83LCZtffezud5%2BU1RkAjuXqmlamuJP8Ov2tnMJb"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
access-control-allow-origin: https://dafontonline.com
content-type: text/plain
access-control-allow-credentials: true
cf-ray: 82c621b17b5271c5-FRA
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400

GET
H2 204 utx Show response
riperfienwa.com/ 0
538 B 147ms
117ms XHR
text/plain 18.239.83.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://riperfienwa.com/utx?cb=isY46yFjFPv9&top=dafontonline.com&tid=987527
Requested by: Host: d1lnjzqqshwcwg.cloudfront.net
URL: https://d1lnjzqqshwcwg.cloudfront.net/?zjnld=986608
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.83.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-83-72.ams58.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:33 GMT
via: 1.1 d1867b092f625a3679893299e10edaee.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://dafontonline.com
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: cxanPusCNKKf-tvdI__NeomDemQYJTx565_yNbmBAzOyABVc1ig1xQ==

GET
H2 200 chMzcxtqIi9lEl8YYGM8aQ0bdhF3FAlCBn0+bXAZRDkxZzwCAx5fBlEHaXMHajlteQFyJTJ1EnoRD2EVcAM0VnUBFwJeOHYGL0Y8ZwQCaxNiczJBP10lZV8qdBYiZjZxHzVT Show response
riperfienwa.com/MlAzVVhTMlA4Z1NtUXMtQDwOcGp0dQETPAM8XT8iQyFAPS9RJ1R7O14/RjE+QD9dIXZcNUdwanRpUGcNBgUBJglxPGpkDnMzfg0fBwNgZBF8CWUtDnZgQG0aYx5qAwtZI34XYUEeYD5tcRZfZBBFO3EXD3geeyIKZR51Dw5zFmoiDlkadwIMU... Frame EE91 3 KB
2 KB 132ms
120ms Document
text/html 18.239.83.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://riperfienwa.com/MlAzVVhTMlA4Z1NtUXMtQDwOcGp0dQETPAM8XT8iQyFAPS9RJ1R7O14/RjE+QD9dIXZcNUdwanRpUGcNBgUBJglxPGpkDnMzfg0fBwNgZBF8CWUtDnZgQG0aYx5qAwtZI34XYUEeYD5tcRZfZBBFO3EXD3geeyIKZR51Dw5zFmoiDlkadwIMURpnOR1XGksmO3Y3ZmwbVQlgBjICAnIEAlA0YWELZRZmbR1gP3kDHHgfYgYVfDZlIQ9kJ1tiEHA/fw0cRTNyEBl5CUQAEGMRQz8PWR5/FhBoCX4AGXkJSyI5cScGOwxZEV0dD3QycGQVfzVYYBpkBh4+MnUoCxQMSAl5EhlKHVc5MwMFciEzYAVxARBlFlECLwcBeSIBVAFyOglmO3UDDnY/chMzcxtqIi9lEl8YYGM8aQ0bdhF3FAlCBn0+bXAZRDkxZzwCAx5fBlEHaXMHajlteQFyJTJ1EnoRD2EVcAM0VnUBFwJeOHYGL0Y8ZwQCaxNiczJBP10lZV8qdBYiZjZxHzVT
Requested by: Host: d1lnjzqqshwcwg.cloudfront.net
URL: https://d1lnjzqqshwcwg.cloudfront.net/?zjnld=986608
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.83.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-83-72.ams58.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 4d86b5ed9e1846bb11823f463811a64bfef7fbe6c8a1506b4cb2a07c0706857c

Request headers

Referer: https://dafontonline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip
content-length: 1233
content-type: text/html
date: Mon, 27 Nov 2023 00:07:33 GMT
p3p: CP="NID DSP ALL COR"
pragma: no-cache
server: openresty/1.17.8.2
via: 1.1 d1867b092f625a3679893299e10edaee.cloudfront.net (CloudFront)
x-amz-cf-id: yjW0PxpKzVsu4tx1ar6uj9d1p-V3N0eqmdj2LU2JSbIzeFg_BQo_cg==
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront

GET
H2 200 NjQUHBReCnIPIxwQEjNCKyUFED8NNwsiFwgVY3g0O1BrGEcnOTYYJhYzFxozGC0nLR0jMwAcV10nEAk3JCArJTkKIB8JPiksKBk3JVgFCQElJxUIJCM0FBwxPg1zHTcDRHQMNAFUFB9BADYjHCAKACE6RioGHzolOw4PGxxeRHQIFDkrFxMjG0R0CCAXKz8JI0kLN... Show response
riperfienwa.com/YUZKcm8AJCkfUAB7KFQaEyp3V10nY3g0C1AqJBgVEDc5GhgCMS1cDA0pPxYJEykkBkEPIz5XXSd3GTUpDxIwFR0lISECLRsxAzNcKAQpNAszID00GiI+GxU5Cy4pNDwZcQ4zOicFHEogMz4HQzcpEBsjPC8cABU1ACccQgIgKjpXXSMOIxkpI... Frame 8A63 3 KB
2 KB 127ms
125ms Document
text/html 18.239.83.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://riperfienwa.com/YUZKcm8AJCkfUAB7KFQaEyp3V10nY3g0C1AqJBgVEDc5GhgCMS1cDA0pPxYJEykkBkEPIz5XXSd3GTUpDxIwFR0lISECLRsxAzNcKAQpNAszID00GiI+GxU5Cy4pNDwZcQ4zOicFHEogMz4HQzcpEBsjPC8cABU1ACccQgIgKjpXXSMOIxkpIx4DPw0JFw0RAzQoDQVbCxAJHio3FyE8NQ0ACRQ+CSEMFVsJHgkROCcBJTkKIH4eEwgRch80CwkFDUM8KxElOQojHwU7PlR+GDQ+Lw4SAj0pdSE/NjQUHBReCnIPIxwQEjNCKyUFED8NNwsiFwgVY3g0O1BrGEcnOTYYJhYzFxozGC0nLR0jMwAcV10nEAk3JCArJTkKIB8JPiksKBk3JVgFCQElJxUIJCM0FBwxPg1zHTcDRHQMNAFUFB9BADYjHCAKACE6RioGHzolOw4PGxxeRHQIFDkrFxMjG0R0CCAXKz8JI0kLNSUcH1w0KTErBSQMFSk
Requested by: Host: d1lnjzqqshwcwg.cloudfront.net
URL: https://d1lnjzqqshwcwg.cloudfront.net/?zjnld=986608
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.83.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-83-72.ams58.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: a80d935d5d60a9ea8664abbcfca22da36fcd56b28aa57a51c13167be299b41ed

Request headers

Referer: https://dafontonline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip
content-length: 1213
content-type: text/html
date: Mon, 27 Nov 2023 00:07:33 GMT
p3p: CP="NID DSP ALL COR"
pragma: no-cache
server: openresty/1.17.8.2
via: 1.1 d1867b092f625a3679893299e10edaee.cloudfront.net (CloudFront)
x-amz-cf-id: doDL6iK0tvSu_dfcAItu_relWzYLMoj74jSbe5ug6A505vjcfpCkFA==
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront

GET
H2 204 OU9Pb2cWcCwcWl0iPzoqCXYfOFVsDCoqLWMtDhtRbX47BiQKJGkbDl1ydldRD393SRdQK3JeQUo7LhsSSnJ+SQ5XKSBSQU9yfkFUDWF8W0kJaTpSVh87Pw4ABH5pHxNNI3JeUAl+f1tUD3p8XV4L
nopoloferewer.com/ 0
256 B 181ms
121ms Image
text/plain 104.21.32.115
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nopoloferewer.com/OU9Pb2cWcCwcWl0iPzoqCXYfOFVsDCoqLWMtDhtRbX47BiQKJGkbDl1ydldRD393SRdQK3JeQUo7LhsSSnJ+SQ5XKSBSQU9yfkFUDWF8W0kJaTpSVh87Pw4ABH5pHxNNI3JeUAl+f1tUD3p8XV4L
Requested by: Host: dafontonline.com
URL: https://dafontonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.32.115 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2B4bw%2FFRBG%2B1BWLH17ziowUbvGDT5Pv70%2BTXNnCmw657sJWalx%2F72xo5tDN4hQF2koWywnu9QZSSfb3ZKHr2l06f9fwWIB%2B3hOVCHzQztD06YnSuufM0%2BFJw44TPBeUt0Vm3LQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 82c621b1ff673a86-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 login.php
www.facebook.com/ 0
0 158ms
114ms Image
text/html 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Requested by: Host: dafontonline.com
URL: https://dafontonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2aKkne4xF6kb2Dkn5Y57fwKvx5_HEb5OY_l9_yewlhn-osdrkZvgSRzc2...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1_JGvhn_adSr8usUKAV5pkkkRs80eBL1PUNt-4XH1dVx2vWbIMk_09vT_tcRsUPA4U38XMhg&passiv...

0
0

35ms
35ms

Image
text/html

2a00:1450:4001:830::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1_JGvhn_adSr8usUKAV5pkkkRs80eBL1PUNt-4XH1dVx2vWbIMk_09vT_tcRsUPA4U38XMhg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-973012229%3A1701043653511550&theme=glif
Requested by: Host: dafontonline.com
URL: https://dafontonline.com/
Protocol: H3
Server: 2a00:1450:4001:830::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Redirect headers

date: Mon, 27 Nov 2023 00:07:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'report-sample' 'nonce-aeVSwjF1VPIsiRX3c3vrfw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 403
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1_JGvhn_adSr8usUKAV5pkkkRs80eBL1PUNt-4XH1dVx2vWbIMk_09vT_tcRsUPA4U38XMhg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-973012229%3A1701043653511550&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1lrMROSzToczAOwjRd555PkW_3kt4KHnnnnPqm9s_TUfW0IHs5RIM...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp27Jk42mX4t2iAEA-wHtMIa3l5sRj8BetZgXAfJMD6ldXDn5w2Bf0qPS2DX5v0y8x8eYQC6-Q&passi...

0
0

43ms
42ms

Image
text/html

2a00:1450:4001:830::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp27Jk42mX4t2iAEA-wHtMIa3l5sRj8BetZgXAfJMD6ldXDn5w2Bf0qPS2DX5v0y8x8eYQC6-Q&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1526154014%3A1701043653469309&theme=glif
Requested by: Host: dafontonline.com
URL: https://dafontonline.com/
Protocol: H2
Server: 2a00:1450:4001:830::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Redirect headers

date: Mon, 27 Nov 2023 00:07:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-XG4j_Vubkgpo6aLQ6cWJBw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 406
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp27Jk42mX4t2iAEA-wHtMIa3l5sRj8BetZgXAfJMD6ldXDn5w2Bf0qPS2DX5v0y8x8eYQC6-Q&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1526154014%3A1701043653469309&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 ZkdFT3hJeCY8RTx1Fw0vISsdGiAkMhAJQTEiEj8hMBEXehkgNGM7EQJ6fHdPU3VyaQgPI3h+XhUzJDsNFXp0aREIISpyXhB6dGFLUml2e1ZWYTBySUAzNS4fW3ZjPwwSK3h+T1Z2dXtLUHJ2fEtV
nopoloferewer.com/ 0
396 B 179ms
120ms Image
text/plain 104.21.32.115
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nopoloferewer.com/ZkdFT3hJeCY8RTx1Fw0vISsdGiAkMhAJQTEiEj8hMBEXehkgNGM7EQJ6fHdPU3VyaQgPI3h+XhUzJDsNFXp0aREIISpyXhB6dGFLUml2e1ZWYTBySUAzNS4fW3ZjPwwSK3h+T1Z2dXtLUHJ2fEtV
Requested by: Host: dafontonline.com
URL: https://dafontonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.32.115 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=grmeK0QTr9YRgbAwE3t%2FsqExDJ%2FXRoPgoEPjZOR6bWzTNZ9gtEdT%2B8NDVB7vNgN8%2B5JhmBf2pn9rQD4qG499RYdbNwb%2B14nIfM02PBDazw2mmbm0wf2RGgoaBDQbkRcRABsngQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 82c621b1ef643a86-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 204 SUVmaURmegUaeSwTBREnESEsCzMHBDcCND8HDSsCGBIvKxUMEEAdLS14X1Fyf3VfTzQgIVtYfG82EggwPDZbWGIgKwAGeW8zW1hqeWtUR3BvMFtYYj01Bw55eGMWHTAleFdedHh1UlpyfHZVXHc
nopoloferewer.com/ 0
251 B 179ms
121ms Image
text/plain 104.21.32.115
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nopoloferewer.com/SUVmaURmegUaeSwTBREnESEsCzMHBDcCND8HDSsCGBIvKxUMEEAdLS14X1Fyf3VfTzQgIVtYfG82EggwPDZbWGIgKwAGeW8zW1hqeWtUR3BvMFtYYj01Bw55eGMWHTAleFdedHh1UlpyfHZVXHc
Requested by: Host: dafontonline.com
URL: https://dafontonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.32.115 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTIffi036cBBKS9SYAWA%2Bid8sB86PPnvJwSgC9N9TfjWGi9SicoXoeg2N50ZeJ%2BGib5gU0n6h0UV7DS1ylhSYP62bpW3ZDERD%2F5r2Zvo5jf6Qlcw5grlPFo0%2BFH3vjkUob1aLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 82c621b1ef633a86-FRA
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated Show response
/ 35 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba845583c9b317ef3a372673ea292902f451d5f806f5b5a93009e382a91af4af

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 9 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56f5c5c79d836e82d244f703ffcbb703cdfe3211d53521c276f579158acb1776

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 241 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2af478968cfdba350d71cea6da37a73a0105a5b34eefb670d31b68e76233e051

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
H2 200 9c2U4U2sQClY1VAcMXG5SS1INYVxVD0s8BQNYVSksMB9sNSk5CFl1HwkBBWJNHwRWNFZVAFYwVkJDWTcJTlEeJxscDgU9CgYSSj0RAQZbdR4SWFU8ERoJVDJOQSMNfVtWVwh7HBoLXDwcAEAKYwUHQApjWkNLCHZYMUAKYxwaCw5nTkAnHWFbC1MMek5BVV-kjGx8... Show response
d1lnjzqqshwcwg.cloudfront.net/ Frame EE91 827 B
857 B 261ms
261ms Script
text/plain 2600:9000:2250:b200:2:bb72:9400:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1lnjzqqshwcwg.cloudfront.net/9c2U4U2sQClY1VAcMXG5SS1INYVxVD0s8BQNYVSksMB9sNSk5CFl1HwkBBWJNHwRWNFZVAFYwVkJDWTcJTlEeJxscDgU9CgYSSj0RAQZbdR4SWFU8ERoJVDJOQSMNfVtWVwh7HBoLXDwcAEAKYwUHQApjWkNLCHZYMUAKYxwaCw5nTkAnHWFbC1MMek5BVV-kjGx8ATzYJGAxMdlk1UAtkRUBTHWFbWw5QJwYfQAoQTkFVVDoAFkAKYwwWBlM8QlZXCDADAQpVNk5BIwliUl1VFmVbR1AWYl5KQApjGBIDWSECVld+ZlhESwtlTQZYCQ
Requested by: Host: riperfienwa.com
URL: https://riperfienwa.com/MlAzVVhTMlA4Z1NtUXMtQDwOcGp0dQETPAM8XT8iQyFAPS9RJ1R7O14/RjE+QD9dIXZcNUdwanRpUGcNBgUBJglxPGpkDnMzfg0fBwNgZBF8CWUtDnZgQG0aYx5qAwtZI34XYUEeYD5tcRZfZBBFO3EXD3geeyIKZR51Dw5zFmoiDlkadwIMURpnOR1XGksmO3Y3ZmwbVQlgBjICAnIEAlA0YWELZRZmbR1gP3kDHHgfYgYVfDZlIQ9kJ1tiEHA/fw0cRTNyEBl5CUQAEGMRQz8PWR5/FhBoCX4AGXkJSyI5cScGOwxZEV0dD3QycGQVfzVYYBpkBh4+MnUoCxQMSAl5EhlKHVc5MwMFciEzYAVxARBlFlECLwcBeSIBVAFyOglmO3UDDnY/chMzcxtqIi9lEl8YYGM8aQ0bdhF3FAlCBn0+bXAZRDkxZzwCAx5fBlEHaXMHajlteQFyJTJ1EnoRD2EVcAM0VnUBFwJeOHYGL0Y8ZwQCaxNiczJBP10lZV8qdBYiZjZxHzVT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:2:bb72:9400:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7465c18a105f7809e11c0d8885491d3c56a6bd7c864329e3412ed0ea6d6b1de6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://riperfienwa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
content-encoding: gzip
via: 1.1 3fd7afcdda21f0b562dfcbf7920c44a0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 580
x-amz-cf-id: eKkVqSPjY7zsLhjm8tTreG8XUc6N8FKajImcFih-lf3Ill9NjB5IWA==

GET
H2 200 jVnRDa2Y1Gy0NWSIdJ1ZfbkJ1W15wHjAECCZJJgMTNBVzKlQcAxpYQCIOJ1ZXcBgiBQFrUiYFBWtFZQoCNEl3TRImGyhWCDcBNBkILAYgCEAjFX4GCSwdLwcHc0YFXkhmUXFbTiEdLQ8JIQdmWVY4AGZZVmdEbVtDZTZmWVYhHS1dUnNHAU5UZgx1X09zRn-MKFiY... Show response
d1lnjzqqshwcwg.cloudfront.net/ Frame 479B 864 B
891 B 259ms
259ms Script
text/plain 2600:9000:2250:b200:2:bb72:9400:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1lnjzqqshwcwg.cloudfront.net/jVnRDa2Y1Gy0NWSIdJ1ZfbkJ1W15wHjAECCZJJgMTNBVzKlQcAxpYQCIOJ1ZXcBgiBQFrUiYFBWtFZQoCNEl3TRImGyhWCDcBNBkILAYgCEAjFX4GCSwdLwcHc0YFXkhmUXFbTiEdLQ8JIQdmWVY4AGZZVmdEbVtDZTZmWVYhHS1dUnNHAU5UZgx1X09zRn-MKFiYYJhwDNB8qH0NkMnZYUXhHdU5UZlwoAxI7GGZZJXNGcwcPPRFmWVYxESAACX9RcVsFPgYsBgNzRgVaV29ac0VQZkB2RVdjTWZZViUVJQoUP1FxLVNlQ21YUHABflo
Requested by: Host: riperfienwa.com
URL: https://riperfienwa.com/TDdOOXAtVS1UTy0KLB8FPltzHEIKEnx/FH1bIFMKPUY9UQcvQCkXEyBYO10WPlggTV4iUjocQgpdGFciCFZ8YEELTn53Jx9+KnNBFlEsUjp9YH8MBwRdD3wzD20EcxcBYwB7JjZ8ImgTDU8+YCEPfgFzQRZvLXsXJXUffwIZXhd/MhtDCGMhI3QAfBx/YxxwHQtOJm4zCFQMdzInfgJ4KSt0C3gaCm96fjMfQCp1By9/LQkpCm8lUR0ZbwhbJCVyKnUhdH0HaBQhYBhgRA1wFGMmIVMLWyY4cxRtKiFgGGAYBGR/XSUieQZ4JXliFF4IfW9+AAoeWWN0OwpeF2A6JEAKdzJ0RgYJPid6IGMpGW8mcRQZAhtjHDtYD0E5e3AJYyoGbwB+EztUHmkiCloZbyk0ch14MQ9vd2sTGkQIaRcVRAxePjZlKW8RGgV3WBN8YR9jGw4FHG8UJmMZYyoaXhtvOh1YG2lBCk8Cbz4gZnwIKRl/D3sWIFhoUwMjWT4EFSRCLFhADQUETil/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:2:bb72:9400:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e60ae1a9fe8a56e60a6009e4974b4c7d97e617110d9e305216597588dc26ff20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://riperfienwa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
content-encoding: gzip
via: 1.1 3fd7afcdda21f0b562dfcbf7920c44a0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 615
x-amz-cf-id: Bz0SkH9xtXMzqaLVitDLUY4eMJDghecMz2huQkfaB5r0oW6_boBwdQ==

GET
H2 200 Fn5RU3oWeVReagp4EgYpWToIQn1+fVJQYQt+RxJyCQ Show response
d1lnjzqqshwcwg.cloudfront.net/1SGFnTzgrDgkpBzwIA3IBcFdRfwFuCxQgVjhcFSx7DAUFCV8ORxM1XHVQQSNZJgZaaV0mAlp+HikFBXIMbhQGclUnGw4jVClEVQkNZlFCfQhgFg4hXCcWFGoKeA8Tagp4UFdhCG1SJWoKeBYOIQ58RFQNHXpRH3kMYURVf1... Frame 8A63 189 B
460 B 237ms
237ms Script
text/plain 2600:9000:2250:b200:2:bb72:9400:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1lnjzqqshwcwg.cloudfront.net/1SGFnTzgrDgkpBzwIA3IBcFdRfwFuCxQgVjhcFSx7DAUFCV8ORxM1XHVQQSNZJgZaaV0mAlp+HikFBXIMbhQGclUnGw4jVClEVQkNZlFCfQhgFg4hXCcWFGoKeA8Tagp4UFdhCG1SJWoKeBYOIQ58RFQNHXpRH3kMYURVf1k4EQsqTy0DDCZMbVMhegt/T1-R5HXpRTyRQPAwLagoLRFV/VCEKAmoKeAYCLFMnSEJ9CCsJFSBVLURVCQl5WEl/Fn5RU3oWeVReagp4EgYpWToIQn1+fVJQYQt+RxJyCQ
Requested by: Host: riperfienwa.com
URL: https://riperfienwa.com/YUZKcm8AJCkfUAB7KFQaEyp3V10nY3g0C1AqJBgVEDc5GhgCMS1cDA0pPxYJEykkBkEPIz5XXSd3GTUpDxIwFR0lISECLRsxAzNcKAQpNAszID00GiI+GxU5Cy4pNDwZcQ4zOicFHEogMz4HQzcpEBsjPC8cABU1ACccQgIgKjpXXSMOIxkpIx4DPw0JFw0RAzQoDQVbCxAJHio3FyE8NQ0ACRQ+CSEMFVsJHgkROCcBJTkKIH4eEwgRch80CwkFDUM8KxElOQojHwU7PlR+GDQ+Lw4SAj0pdSE/NjQUHBReCnIPIxwQEjNCKyUFED8NNwsiFwgVY3g0O1BrGEcnOTYYJhYzFxozGC0nLR0jMwAcV10nEAk3JCArJTkKIB8JPiksKBk3JVgFCQElJxUIJCM0FBwxPg1zHTcDRHQMNAFUFB9BADYjHCAKACE6RioGHzolOw4PGxxeRHQIFDkrFxMjG0R0CCAXKz8JI0kLNSUcH1w0KTErBSQMFSk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:2:bb72:9400:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 23afb771f40d305ecc171fd57744f6c01d2b4f3537bde703171218286fb7b754

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://riperfienwa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
content-encoding: gzip
via: 1.1 3fd7afcdda21f0b562dfcbf7920c44a0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 182
x-amz-cf-id: cVQ_qdJxM4AD0ZIqjz-VpuHXRwek_3Pd4S-CzhhwNTRiwnyCFCOt_A==

GET
DATA 200
OK truncated Show response
/ 86 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa7081c5f11f11775248631cf136af19eae159cd038ddea5a7745dacf5d9a963

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 209 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fd49ee92c534934e9219f98313450975c361cbcffa40cd535a29f46f915e9182

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 238 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3c7937029d55ebc048651fb6a71430bfceaaffee1b87e2da1ed99d76e4597c5f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 175 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ad5bc37af00920aff108e48394a6db7f8164e9bc36a667c601698d5881accb4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 712 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 941cec3f15ffaf736dd0e90abbc6bfd726eef2e60796b5fe243d0e7085b6804a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 93 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6f581adc60f6e57b523cc07df365868a9588205b6570b02b93b441338befd0e1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 556 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56c12821c6ea2e1de81f215508fcf115541e9b18df757dc26f14948b862ae83d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 340 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f19e2ac517ae5bf6648c9b857985d53ca719dd83859f7269a0896a28c1adc1c8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 882 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82df0ce80a425ea666120f9329a997fc679635d846d9fa770533812f7f4b5542

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 23 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 64b4bb8cdc89f758b05be6f408ddbe77b3f4d4a6b4bfdc636150bc914792206a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 121 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a8bb42a0d5b3c8ba4e775132c438af760961cc3efc4dacb47df2c2dc955d8fd2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 55 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 407343d08180a0d5dc5981072ee94249fae8115d741ff0d7b5843283ac6a58f6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 150 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6535e1184d9a1a525fd72f2f3d3c680619398ad4c9bc04328b9132f16104804f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 101 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 85888a54df421e20e572c2482b012d62d9c0e442290c68ab01e778ddc1057cd8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 137 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e5440595cde4c8522d8b54db5382a342ebae53a0434f95bc63448ca4396ca5b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 3 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cb45f0223edcc086f54c01601e75191551ad7d222b5da747b1fc0df9cbf00329

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 38 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6f0043e4c67c8451d9f13ec26c6bc165a1fd57d0b71e785933a2cbb34f3f5915

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 227 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: efb59e0c7aaa56fb46c5e8a9d002a5cb6519f4186ff5dae49e9eda89e83a4f15

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 140 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1b9a03232b9185c36ade03249305675f6a33c1f672135e94952b12a8b963b18f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated Show response
/ 285 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a9886adaa184c30abb4b676a448aa8e1979a57cb0d6c2d081bd723ac480fc89f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: text/javascript

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 258ms
28ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-H51NETC849&gtm=45je3b81v870359348&_p=1701043653564&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZTNiMT&cid=1828443161.1701043654&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1701043653&sct=1&seg=0&dl=https%3A%2F%2Fdafontonline.com%2F&dt=Dafont%20Online%20%7C%20Download%20Free%20Fonts&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1941
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-H51NETC849
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:33 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://dafontonline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 166 KB
60 KB 123ms
123ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KLHV38Q

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

363fe76c1af6614c0509b96555e7b486ac582002588eb4a3d403c4b4654e6920

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 61263
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 27 Nov 2023 00:07:33 GMT

GET
H2 204 RWdvWExqWAwrcRBUAxoZHS0FDAQHCTxqOAkCOBYIHDIDbRUQJkksJSFaVmB7cFVYfjwsA1JpajYTDiw5NlpcaHx0QQY2KipaX2h8dEEZZX1rVFt2f3FJX345eFZeaHVzV15odXRWXGt6dl9JLDwkAFJpajUTGzRxdFBfaXxxVFltf3BfVg
nopoloferewer.com/ 0
252 B 116ms
116ms Image
text/plain 104.21.32.115
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nopoloferewer.com/RWdvWExqWAwrcRBUAxoZHS0FDAQHCTxqOAkCOBYIHDIDbRUQJkksJSFaVmB7cFVYfjwsA1JpajYTDiw5NlpcaHx0QQY2KipaX2h8dEEZZX1rVFt2f3FJX345eFZeaHVzV15odXRWXGt6dl9JLDwkAFJpajUTGzRxdFBfaXxxVFltf3BfVg
Requested by: Host: dafontonline.com
URL: https://dafontonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.32.115 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8A40DBuhNXJFBqmJaWjf5wqlUZ8A8bwJOlUYt2PZox7guX%2BfxXolo7yLA%2FZwySaobKFYDVYuhhHKVZ69HBTsMkOG%2F5r7h7Oo6gCuurjgeq8YxF%2BH1gaRkAN3l76vdatA3UABAw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 82c621b2f8173a86-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 popunder.gif
nopoloferewer.com/ 35 B
402 B 30ms
30ms Image
image/gif 104.21.32.115
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nopoloferewer.com/popunder.gif
Requested by: Host: dafontonline.com
URL: https://dafontonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.32.115 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: public
date: Mon, 27 Nov 2023 00:07:33 GMT
cf-cache-status: HIT
last-modified: Sun, 26 Nov 2023 23:54:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 789
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M0Fu0m7eetV0w1gs2g3YlkdYqWmJ2uyD9GmrGWBvrXmTfw8ylKqna%2Fdvfikh7LwzoPz%2F%2FzlrMhuGRQ6u9JCmLnTCZZIcW1NqnOEh%2BRWPWpogWen%2FBGhCy1LvfkNrsOu8uQ3qiA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800, immutable
cf-ray: 82c621b408c73a86-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 152 KB
52 KB 94ms
42ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9515399027379549

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d489f4fb8fb5b750c4a08dc346f5a297e31f2a9b86b9cc52c6e8668dd1d4a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53144
x-xss-protection: 0
server: cafe
etag: 10269411826699312174
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 00:07:33 GMT

GET
H2 200 18110-1869930
a.impactradius-go.com/display-ad/ 190 KB
191 KB 516ms
445ms Image
image/png 108.156.60.79
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.impactradius-go.com/display-ad/18110-1869930
Requested by: Host: dafontonline.com
URL: https://dafontonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.60.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-60-79.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4c8a9d356acb26f3e8adc0c1bb917b58b78a2d1c807cf14d30b5ebdaf23bcde5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:35 GMT
via: 1.1 2d8216898001f8ce3fde38c8796d2fa6.cloudfront.net (CloudFront)
last-modified: Mon, 13 Nov 2023 06:43:46 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-P2
x-amz-server-side-encryption: AES256
etag: "69da683e6c3c75228ee3ef4ce7ee8973"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/png
cache-control: public,max-age=900,s-maxage=600
accept-ranges: bytes
content-length: 194525
x-amz-cf-id: a3vrGPR6EjQ7z2vSBxkCcmdATI0cuiyNe9bf5KzjGgT3h_7n0fNJiw==

GET
H2

200

18110
funnyfuzzy-affiliate-program.sjv.io/i/3296149/1869930/
Redirect Chain

https://imp.pxf.io/i/3296149/1869930/18110
https://funnyfuzzy-affiliate-program.sjv.io/i/3296149/1869930/18110?level=1&srcref=https%3A%2F%2Fdafontonline.com%2F
https://www.ojrq.net/p/?return=https%3A%2F%2Ffunnyfuzzy-affiliate-program.sjv.io%2Fi%2F3296149%2F1869930%2F18110%3Flevel%3D2%26srcref%3Dhttps%253A%252F%252Fdafontonline.com%252F&cid=18110&tpsync=no...
https://funnyfuzzy-affiliate-program.sjv.io/i/3296149/1869930/18110?level=2&srcref=https%3A%2F%2Fdafontonline.com%2F&brwsr=f6ee5711-8cb8-11ee-9bfe-8f39d46fabfc&brwsrsig=VBCR0JQ%3AgygWRApXIoSIRyPCx6...

50 B
265 B

32ms
32ms

Image
image/gif

35.227.211.136
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://funnyfuzzy-affiliate-program.sjv.io/i/3296149/1869930/18110?level=2&srcref=https%3A%2F%2Fdafontonline.com%2F&brwsr=f6ee5711-8cb8-11ee-9bfe-8f39d46fabfc&brwsrsig=VBCR0JQ%3AgygWRApXIoSIRyPCx6M0as
Protocol: H2
Server: 35.227.211.136 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 136.211.227.35.bc.googleusercontent.com
Software: /
Resource Hash: ec34cd386427fe6deacf99f4fdbeea4b1d1ed25f505411650d7ceaa843a7fc63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:34 GMT
via: 1.1 google
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50
expires: Mon, 27 Nov 2023 00:07:34 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:34 GMT
via: 1.1 google
p3p: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
location: https://funnyfuzzy-affiliate-program.sjv.io/i/3296149/1869930/18110?level=2&srcref=https%3A%2F%2Fdafontonline.com%2F&brwsr=f6ee5711-8cb8-11ee-9bfe-8f39d46fabfc&brwsrsig=VBCR0JQ%3AgygWRApXIoSIRyPCx6M0as
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Mon, 27 Nov 2023 00:07:34 GMT

GET
H2 200 4662-1887667
a.impactradius-go.com/display-ad/ 114 KB
115 KB 111ms
40ms Image
image/jpeg 108.156.60.79
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.impactradius-go.com/display-ad/4662-1887667
Requested by: Host: dafontonline.com
URL: https://dafontonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.60.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-60-79.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ce572d9dae2e116ac512aa8dfdbab71938061614c985f24efb89644cbe6fc2e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
via: 1.1 2d8216898001f8ce3fde38c8796d2fa6.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 01:15:29 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-P2
age: 374
x-amz-server-side-encryption: AES256
etag: "c0cf74c8e454b0956744b48717478e9b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: public,max-age=900,s-maxage=600
accept-ranges: bytes
content-length: 116769
x-amz-cf-id: HcDrXGKu_QaPu1PFbUP5Sr0gEGAPo2X8siY7zgASuROLHhxe0m5QPw==

GET
H2

200

4662
1.envato.market/i/3296149/1887667/
Redirect Chain

https://1.envato.market/i/3296149/1887667/4662
https://www.ojrq.net/p/?return=https%3A%2F%2F1.envato.market%2Fi%2F3296149%2F1887667%2F4662%3Flevel%3D1%26srcref%3Dhttps%253A%252F%252Fdafontonline.com%252F&cid=4662&tpsync=no&auth=568501020e52c390
https://1.envato.market/i/3296149/1887667/4662?level=1&srcref=https%3A%2F%2Fdafontonline.com%2F&brwsr=f6ee5711-8cb8-11ee-9bfe-8f39d46fabfc&brwsrsig=VBCR0JQ%3AgygWRApXIoSIRyPCx6M0as

50 B
270 B

33ms
33ms

Image
image/gif

35.227.251.108
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1.envato.market/i/3296149/1887667/4662?level=1&srcref=https%3A%2F%2Fdafontonline.com%2F&brwsr=f6ee5711-8cb8-11ee-9bfe-8f39d46fabfc&brwsrsig=VBCR0JQ%3AgygWRApXIoSIRyPCx6M0as
Protocol: H2
Server: 35.227.251.108 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 108.251.227.35.bc.googleusercontent.com
Software: /
Resource Hash: ec34cd386427fe6deacf99f4fdbeea4b1d1ed25f505411650d7ceaa843a7fc63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:34 GMT
via: 1.1 google
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50
expires: Mon, 27 Nov 2023 00:07:34 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:33 GMT
via: 1.1 google
p3p: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
location: https://1.envato.market/i/3296149/1887667/4662?level=1&srcref=https%3A%2F%2Fdafontonline.com%2F&brwsr=f6ee5711-8cb8-11ee-9bfe-8f39d46fabfc&brwsrsig=VBCR0JQ%3AgygWRApXIoSIRyPCx6M0as
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Mon, 27 Nov 2023 00:07:33 GMT

GET
H2 200 Little-Mermaid-Font.webp
cdn.dafontonline.com/Files/2023/11/ 15 KB
16 KB 33ms
32ms Image
image/webp 2600:9000:20a0:6a00:11:6246:b000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.dafontonline.com/Files/2023/11/Little-Mermaid-Font.webp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20a0:6a00:11:6246:b000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72baa43c98cf6cc785daf0ac4b6b3d2a6f80c60512fceecffbdca1abbb0e0c65

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 11:38:34 GMT
via: 1.1 7cc8e1a489398403da487298ad363b2a.cloudfront.net (CloudFront)
last-modified: Sat, 18 Nov 2023 07:07:46 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 736140
etag: "9627f4c26e6666554c8f550dcaef08f9"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 15618
x-amz-cf-id: xYYYDekLyCF2foQaQbstJvif3iHz6bCTpPsTpmvzk-HUUAoRwMOD4g==

GET
H2 200 Captain-Marvel-Font.webp
cdn.dafontonline.com/Files/2023/11/ 51 KB
52 KB 43ms
42ms Image
image/webp 2600:9000:20a0:6a00:11:6246:b000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.dafontonline.com/Files/2023/11/Captain-Marvel-Font.webp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20a0:6a00:11:6246:b000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f74741c385ff9fe2802bb37800f03f41038caa2723ba95e7683f55a31ab80f21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 08:03:53 GMT
via: 1.1 7cc8e1a489398403da487298ad363b2a.cloudfront.net (CloudFront)
last-modified: Sat, 11 Nov 2023 05:07:06 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 1353821
etag: "4e762ec559f1e233f836dd8b2c7205b8"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 52296
x-amz-cf-id: Ph1VBRXh9nJfU6FcX4zix6PzDDLGBOOS652p_97YXl2SqI93zqTraA==

GET
H2 200 Giaza-Font.webp
cdn.dafontonline.com/Files/2023/11/ 9 KB
9 KB 37ms
36ms Image
image/webp 2600:9000:20a0:6a00:11:6246:b000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.dafontonline.com/Files/2023/11/Giaza-Font.webp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20a0:6a00:11:6246:b000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f8313f60698696e7312ad593c00bfd9e0d1d451aead7da367871fc7f1642921c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 05:57:34 GMT
via: 1.1 7cc8e1a489398403da487298ad363b2a.cloudfront.net (CloudFront)
last-modified: Tue, 07 Nov 2023 05:14:12 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 1706999
etag: "282661d63a99448705057d8488dac20a"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 9156
x-amz-cf-id: 326TqP_zHOBjOuYQAQSWZpBmlQSwf-tUYtKWu7_w9PYIviy98goc1g==

GET
H2 200 Netflix-Font.webp
cdn.dafontonline.com/Files/2023/11/ 7 KB
7 KB 66ms
65ms Image
image/webp 2600:9000:20a0:6a00:11:6246:b000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.dafontonline.com/Files/2023/11/Netflix-Font.webp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20a0:6a00:11:6246:b000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c3f1ea1003aa766255dae800c77facc37bd082a78278e8fdcd00ac406a77d3c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 07:10:38 GMT
via: 1.1 7cc8e1a489398403da487298ad363b2a.cloudfront.net (CloudFront)
last-modified: Mon, 06 Nov 2023 06:19:50 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 1789016
etag: "178016d85ceb723ba6e8c44ac23786b5"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 7090
x-amz-cf-id: OmcaO9tAYTVZRf1R0FJP4MHGlZkrCdM69_7h-bKfnQD59Je6uwlUJQ==

GET
H2 200 Lilo-and-Stitch-Font.webp
cdn.dafontonline.com/Files/2023/11/ 25 KB
25 KB 83ms
82ms Image
image/webp 2600:9000:20a0:6a00:11:6246:b000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.dafontonline.com/Files/2023/11/Lilo-and-Stitch-Font.webp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20a0:6a00:11:6246:b000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 471c7362e2ccfad5dfaf25c9fcbf53093d95c813d4e8cf0d599daa125a1c4f86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 20:51:32 GMT
via: 1.1 7cc8e1a489398403da487298ad363b2a.cloudfront.net (CloudFront)
last-modified: Sat, 04 Nov 2023 06:50:53 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 1912562
etag: "84722f760cda83f7f6cc84db79472a0f"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 25268
x-amz-cf-id: pwQVF1kVdJV8mDIheuDyoILYprzfa0LLJEb8zVTcpcDMhYVN4MHwwQ==

GET
H2 200 CROOK-Font.webp
cdn.dafontonline.com/Files/2023/10/ 17 KB
17 KB 71ms
71ms Image
image/webp 2600:9000:20a0:6a00:11:6246:b000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.dafontonline.com/Files/2023/10/CROOK-Font.webp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20a0:6a00:11:6246:b000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ccbf102f2473331697831e7acd9acb662df2bda098555b73cd31dbef911b9f8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 16:07:22 GMT
via: 1.1 7cc8e1a489398403da487298ad363b2a.cloudfront.net (CloudFront)
last-modified: Mon, 30 Oct 2023 05:04:19 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 2361612
etag: "0633f94bd275ccbec46526dc48b4ba66"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 17122
x-amz-cf-id: YJxTADTdG705icH5oD8zc8YBjC70c_ZFqYKxfuJr0UC23BfuiBtRSw==

GET
H2 200 Taylor-Swift-Eras-Tour-Font-1.webp
cdn.dafontonline.com/Files/2023/10/ 27 KB
27 KB 78ms
77ms Image
image/webp 2600:9000:20a0:6a00:11:6246:b000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.dafontonline.com/Files/2023/10/Taylor-Swift-Eras-Tour-Font-1.webp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20a0:6a00:11:6246:b000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4dcf792896566ea11b4f58b280b7487f020815ad221539d1559284f0c7f2dfd9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 09:22:04 GMT
via: 1.1 7cc8e1a489398403da487298ad363b2a.cloudfront.net (CloudFront)
last-modified: Wed, 25 Oct 2023 05:30:48 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 2817930
etag: "213f5f481e9b20bb157e4bf1d887bc75"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 27742
x-amz-cf-id: vSUTKedJmmAZAld7dTVkeL6f4t0icMIe0NF1RCFd7br4IaxJ71RHUQ==

GET
H2 200 Sesame-Street-Font.webp
cdn.dafontonline.com/Files/2023/10/ 6 KB
6 KB 85ms
85ms Image
image/webp 2600:9000:20a0:6a00:11:6246:b000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.dafontonline.com/Files/2023/10/Sesame-Street-Font.webp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20a0:6a00:11:6246:b000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1a131470b015c6e69d5bd73154250465c51de7bdad49d0fa04aaa251758955c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 06:43:42 GMT
via: 1.1 7cc8e1a489398403da487298ad363b2a.cloudfront.net (CloudFront)
last-modified: Mon, 23 Oct 2023 05:08:11 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 3000232
etag: "62b901199ab111a544693f441265635e"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 5716
x-amz-cf-id: aCqpA5hlBy288mZiQSVGWUIYVtlGTWUwXnuGCmhIZKqgZHU9nYOWvw==

GET
H2 200 onlyFans-Font-1.webp
cdn.dafontonline.com/Files/2023/10/ 8 KB
9 KB 87ms
86ms Image
image/webp 2600:9000:20a0:6a00:11:6246:b000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.dafontonline.com/Files/2023/10/onlyFans-Font-1.webp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20a0:6a00:11:6246:b000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 257308d9df6fd613bc357853c811d2a84c28504dacfd4a789803d1b96a86eade

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:43:43 GMT
via: 1.1 7cc8e1a489398403da487298ad363b2a.cloudfront.net (CloudFront)
last-modified: Tue, 17 Oct 2023 11:52:14 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 1808631
etag: "f00f315e83f1d6a165aa157c865319f8"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 8576
x-amz-cf-id: 6r8tawXmOXdw5us9vlc8cP8aNKjk5wHsAAPY93mVI3VJlso075n81g==

GET
H2 200 popunder.gif
nopoloferewer.com/ 35 B
311 B 27ms
27ms Image
image/gif 104.21.32.115
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nopoloferewer.com/popunder.gif
Requested by: Host: d1lnjzqqshwcwg.cloudfront.net
URL: https://d1lnjzqqshwcwg.cloudfront.net/?zjnld=986608
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.32.115 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: public
date: Mon, 27 Nov 2023 00:07:33 GMT
cf-cache-status: HIT
last-modified: Sun, 26 Nov 2023 23:54:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 789
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zaj%2FJfvqi1F46mAjmN1%2FTUrJk1EMykjbzNcLoiP0DSTEAoaZ8kEMwtfbmkAIkPh3pb8nSiThLqvxcDr%2B1gNaiS9Tuyqnzm8nYxOOv42r5pLszU04JOE8XYuiDDB9r5%2B62j%2BaZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800, immutable
cf-ray: 82c621b468fe3a86-FRA
alt-svc: h3=":443"; ma=86400

POST
H2 200 admin-ajax.php Show response
dafontonline.com/dfoadmin/ 1 B
848 B 943ms
943ms XHR
text/html 198.54.116.83
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://dafontonline.com/dfoadmin/admin-ajax.php

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/dfocontent/cache/wph/a20dd34c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.116.83 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business31-4.web-hosting.com

Software

Resource Hash

5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Security Headers

Name	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://dafontonline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 27 Nov 2023 00:07:34 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: report-to default
strict-transport-security: max-age=2592000; preload
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-length: 5
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://dafontonline.com
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: accelerometer=(), gyroscope=(), gamepad=()
x-turbo-charged-by: LiteSpeed
x-robots-tag: noindex
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/ 400 KB
136 KB 93ms
93ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9515399027379549&plah=dafontonline.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9515399027379549

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9387b46d86935572e71d99197da03669f8b64935271c3ad72710309173b2ee7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138585
x-xss-protection: 0
server: cafe
etag: 6746084737283525281
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 00:07:33 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 653A 9 KB
4 KB 71ms
21ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9515399027379549

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 59229
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 07:40:25 GMT
etag: 16674218716276178799
expires: Sun, 10 Dec 2023 07:40:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CC87 569 KB
136 KB 1191ms
1190ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9515399027379549&output=html&adk=3105533540&adf=2621220088&lmt=1700918415&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x810_r&format=0x0&url=https%3A%2F%2Fdafontonline.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701043653937&bpp=5&bdt=1332&idt=142&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4684295644810&frm=20&pv=2&ga_vid=1828443161.1701043654&ga_sid=1701043654&ga_hid=810874583&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078297%2C44807764%2C44808148%2C44808285%2C44809056&oid=2&pvsid=54917597967740&tmod=150110085&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=164

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9515399027379549&plah=dafontonline.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e87a5ad16f9ba3e4497b2c3760518e377d11103ff2438edded7e784938afe66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 139441
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 00:07:35 GMT
expires: Mon, 27 Nov 2023 00:07:35 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 76ms
36ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01ca0f6701a5216d806bb90bf1682a9ede4a721865ae2ee2f08b9417fc0f622c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12538
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 99ms
47ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Nov 2023 00:07:34 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F307 13 KB
5 KB 22ms
21ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 17874
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 19:09:40 GMT
expires: Mon, 25 Nov 2024 19:09:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0F49 829 B
1 KB 89ms
35ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f32e2743fa5039bb1dab4673ba1cfd76eaeba3889745d04f3187a7df0c56b8df

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Oz3k9Z2h8i3YDcpmp9hDxQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://dafontonline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Oz3k9Z2h8i3YDcpmp9hDxQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 00:07:34 GMT
expires: Mon, 27 Nov 2023 00:07:34 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame F307 39 KB
15 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:10:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7052
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 22:10:02 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0F49 0
0 57ms
57ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=54917597967740&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F307 0
10 B 23ms
22ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?x2XgSQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:34 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 65ms
65ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=54917597967740&bg=!Li2lLWLNAAZxrfrxUa07ADQBe5WfONVQVifLEkooD-nhLQSzNRHP56STiCCEFRxYRqka7659oHFNJPlLppOjLEaczVidAgAAAEpSAAAAAmgBBwoAK20AgxqB2MrzBTFzl4WLxFiV_P6QCBicr1FQvvnAZrsOD0t8DdVaGLpHDdOZAsA_77RzxX-aKI-tZrs-DZCo2VD4WsvnqX8nexHV5mY9CVgcrIoFW5oeJDheYz9pnZO4MGDcVRaxZ0OoUFB56sR1Ii2AlL1FUpAEFK5wiDn7ZH2fCmJ3NgGjgOzbBf3rdWt1hR64h3CKM84SIpF5N1ZC1T_c9PnmhRCf-_f_JQtWTsGXiJ7-ecUiqo7h-03GtlJT4__8lE59tc0VYvHgv0q2c59Q6BNZB5lJZ4tst21CDPI2zUu2SE3Tn6SKmTdqiufC5y6J6rrzYuoeloPTrvLw8w_Vps4r4Q6mSgPaBL7uwbslSmjZYh62K_VRHOB6mLZkKaklCA0Sr0OCdNYxvAb3N2JlpWkBDxQzcHFBkTRPfomX6JyHB9a2_YVTegaCwFGfvBdLIWz2G00ZY1ZB7uLH20xEeSbFeLdk3z0Xe75pZ20EGC4oR2A3_NhKF4I9zPdQQutLyV1PLReYdkiiVOjtGomCARdS6dyB6O9nN89f-fbd8BJ8oi35oj_tmrnFVGEsH-2mlkPtxui-VNGhEAXEk8LqXx91DT-SZuKHBaFYbYwH7-t_aCnr1HCpH7R7rextTKlH79hbZNj2H65ZOj3v_O50l5hrlGmGbty5Q_AxWS2XkRZ--PDNqcz33oPigNQag7FA7q0HrIRGjShEjzxIXQz4cLJHAAfuFLUAVl1qOURfPiyJNlwRiLVVWe5cYk1ValDrVwSHzH_ty5CwjHTABWiv9X-3shxJ0gbrwCwrnoV7Ed1iRxiXv0b6kcLncCHmxAff6w3-iyHwjMA0FphAoOHF7pNHPnzl3FKUTB04AluISMCr34dp5t-ymWC57ByT55VHneB12IgLolhX8ZrvHYCYAU-1rLP8gzV78DircdAUhVRiJhgQCbYlGzwPz1IropNf0BiUglG5eq24pt2onAOPxIANawmHpsik3ngQ8A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/ 160 KB
55 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c419e3ada62ac8a308cf7a6967d866775a2aa78e89dd4c4698db8a429f8f85a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55800
x-xss-protection: 0
server: cafe
etag: 15907131197518248745
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 00:07:35 GMT

GET
H2 200 ca-pub-9515399027379549 Show response
fundingchoicesmessages.google.com/i/ 161 KB
53 KB 151ms
52ms Script
application/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-9515399027379549?ers=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

41b27c9c732c3ad80943230b2b0fad9da7bf6c4b9a8b82aac6653f51fff3f7f3

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-wsk_U7imR0MpCHwBHRt6hA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:35 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-wsk_U7imR0MpCHwBHRt6hA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 57ms
57ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_auto_rs&sts=pfno&evt=place&vh=1200&eid=44759875%2C44759926%2C44759837%2C31078297%2C44807764%2C44808148%2C44808285%2C44809056&hl=en&pvc=54917597967740

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 53D7 121 KB
41 KB 424ms
424ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-9515399027379549&output=html&h=280&adk=873553977&adf=4248227912&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1700918415&rafmt=1&to=qs&pwprc=8572252050&format=1200x280&url=https%3A%2F%2Fdafontonline.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701043655476&bpp=1&bdt=2871&idt=-M&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=4684295644810&frm=20&pv=1&ga_vid=1828443161.1701043654&ga_sid=1701043654&ga_hid=810874583&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2076&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078297%2C44807764%2C44808148%2C44808285%2C44809056&oid=2&pvsid=54917597967740&tmod=150110085&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=102

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf86328b99cc5b9e8f62dc6b3e9f26cd7c2fa4c28ad78a08ff920abe7aeb87e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 42119
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 00:07:35 GMT
expires: Mon, 27 Nov 2023 00:07:35 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame E9BE 9 KB
4 KB 24ms
24ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 59226
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 07:40:29 GMT
etag: 16674218716276178799
expires: Sun, 10 Dec 2023 07:40:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame B722 9 KB
4 KB 22ms
21ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 59226
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 07:40:29 GMT
etag: 16674218716276178799
expires: Sun, 10 Dec 2023 07:40:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 1ABF 9 KB
4 KB 22ms
22ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 59226
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 07:40:29 GMT
etag: 16674218716276178799
expires: Sun, 10 Dec 2023 07:40:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame CAC7 9 KB
4 KB 23ms
22ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 59226
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 07:40:29 GMT
etag: 16674218716276178799
expires: Sun, 10 Dec 2023 07:40:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxVmfqg6lJAL80RpyuKvotwcEFg-jkQcr7NaY5qU52v8Ln1OGq_DxuFOwJ2Us4BFCQ0ekgHwUOsLj5JPnNkL5kFkdJbtebgkutpZvDJDYQTc-G0YYdel1gdd7ZyigT1v0TW2Qd4s9w== Show response
fundingchoicesmessages.google.com/f/ 4 KB
3 KB 51ms
50ms Script
application/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVmfqg6lJAL80RpyuKvotwcEFg-jkQcr7NaY5qU52v8Ln1OGq_DxuFOwJ2Us4BFCQ0ekgHwUOsLj5JPnNkL5kFkdJbtebgkutpZvDJDYQTc-G0YYdel1gdd7ZyigT1v0TW2Qd4s9w==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAxMDQzNjU1LDYyNjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9kYWZvbnRvbmxpbmUuY29tLyIsbnVsbCxbWzgsIk50czVMdllJb2JrIl0sWzksImRlIl0sWzE4LCJbW1swXV1dIl0sWzE2LCJbMSwxLDFdIl0sWzE5LCIyIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.Nts5LvYIobk.es5.O/am=CAM/d=1/rs=AJlcJMyTmwD9vZzPw60_wPGGncvG1CmM1A/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

075cad64b4899424a5b629139189166e6506b230224f412baf479be39b27d599

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AuoNA1hwRnRVtmdgrfY1Pw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:35 GMT
content-security-policy: script-src 'report-sample' 'nonce-AuoNA1hwRnRVtmdgrfY1Pw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame E9BE 4 KB
1 KB 89ms
32ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Nov 2023 00:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 26 Nov 2023 22:57:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Nov 2023 00:07:35 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E9BE 205 B
296 B 81ms
26ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 07:42:07 GMT
x-content-type-options: nosniff
age: 491128
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 20 Nov 2024 07:42:07 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E9BE 604 B
1 KB 80ms
25ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 12:20:23 GMT
x-content-type-options: nosniff
age: 42432
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 25 Nov 2024 12:20:23 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame E9BE 15 KB
7 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 07:40:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59226
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6702
x-xss-protection: 0
server: cafe
etag: 11213825687312121238
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 07:40:29 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame E9BE 21 KB
9 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8781
x-xss-protection: 0
server: cafe
etag: 9666818975682992898
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:09:15 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame B722 23 KB
9 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:09:15 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2F08 143 B
166 B 23ms
22ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 193
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 00:04:22 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame B722 3 KB
1 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49852
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame B722 20 KB
8 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28216
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H3 200 3981138811192281077
tpc.googlesyndication.com/simgad/ Frame B722 80 KB
80 KB 41ms
41ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3981138811192281077?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qlq0UJ9nB-dYZSKCAuVLVSt-AzkAw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2e3df5aad2997511e7639b732bbe73e0e83b4eed48cfd7a054ce8cd7d61792a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 03:54:39 GMT
x-content-type-options: nosniff
age: 159176
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 81461
x-xss-protection: 0
last-modified: Tue, 05 Jul 2022 09:28:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 24 Nov 2024 03:54:39 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame B722 202 KB
64 KB 118ms
53ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Nov 2023 00:07:35 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame B722 36 KB
14 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3e5c486ca9cab98b690f2f3fcc83c73141a667293c8a8236bb1e376313f0e36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:55:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
server: cafe
etag: 12205605038930952422
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:55:10 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A291 624 B
246 B 35ms
35ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARi3353cATAB&v=APEucNXIQQl8exXxH4d_S-HeQ-Vls6Me6_FcBXKdPTg3cBSCUE4T4X3nMUH1gS27hk4klMLzbLP9Pl1ByG1TwgjnxV4kXO30QQcefzn4NFpIG9b57P5wa2YCXZm2mTBNBrefFLVRDqOJQ5dqAbxpFHOUh436weYQX3nVREc2fzPB5cpbuMQXoZE

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 00:07:35 GMT
expires: Mon, 27 Nov 2023 00:07:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 6BC6 23 KB
9 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 07:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59227
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 07:40:28 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 6BC6 7 KB
3 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 07:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59227
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 07:40:28 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 6BC6 41 KB
14 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114613
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6BC6 3 KB
1 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49852
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6BC6 20 KB
8 KB 28ms
26ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28216
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6BC6 202 KB
64 KB 171ms
123ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Nov 2023 00:07:35 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6BC6 42 B
63 B 56ms
56ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BAq1FLriHQ_LUYLjuqHEQeyEVgP-bTbiPrMkK4KrF73EQHrurOQFnTGHCS1JXRZ48G3uR_SwtdHOsk0whcl2HK2nf9d76CNTcaBFPyyyc2CxZIRko

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 18153519720623734257
s0.2mdn.net/simgad/ Frame 6BC6 68 KB
68 KB 103ms
44ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/18153519720623734257

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e15354b0f6e5cc066da8650db1c54e7bfb09f1cc81d5896c75c4ddee1a3d3d45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 00:01:10 GMT
x-content-type-options: nosniff
age: 259585
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69380
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 13:52:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 23 Nov 2024 00:01:10 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FB0B 624 B
246 B 37ms
36ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARjD-r7cATAB&v=APEucNUPbBVurb_SoWOoR8v4vkrXmiJLQDKQYNKu-YfPtZJvdn6SoVo1u6z64I2KOrc8TLJIl_tMGPFWPCVM66a3O1emW5clXlkIVEohzGzC4GIP-dbezRgmQGb3jIh6VN_zztGb0hgzcnZRlUInymrnX1-4TrORIwqRe6sE0YfdzFO1x86DtA8

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 00:07:35 GMT
expires: Mon, 27 Nov 2023 00:07:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 53AD 23 KB
9 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 07:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59227
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 07:40:28 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 53AD 7 KB
3 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 07:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59227
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 07:40:28 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 53AD 0
0 160ms
69ms Fetch
image/gif 142.250.184.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvhMwFnTwqVw1YlEgkp72PPsNPVhBEMuh22h6hMYhVnFxi9wh1tywFjGIEK8qRjHVLIYqNBkQNgpzVvwCL2nhWQeB4P1Gz53pCJcIDEVie-4cegnJkFAk-n6WgMMxUe2w4v3O-b2HQUW2z75U-UA89yr8cC869C9NkuSXOCfA_1YyqmYCdDFu1RXGgWf2LLvQMxqFgTgvjTLU8kazvgd-dqnkI5U8OlqB7AOHBW13R8m_XyMF_zpTowc1uVJjcGowFBa876ICp1frhIxCNlJZN3P_cOl5qa1LQEOCMVQe85Eg6llEJ1HOt6a0zETpgP0pN5WnWnOLuvebrQuT3-aGZnR3Sf_gUHu69m3ThofCMrwdwG2UXd3vKoKf7FC8hRd1Rn8LkY0z0LE0qzxsWJ1o_m-dCa4xAB2hjL5r8kkyN7VYEmGn-xqGoWrNO6LPBURjo2vhpsjrgXofMyjDWvBBt1z1-cFEiw5VisR5Bh0cTlaX9vo-DmMFqX1LOIe8loep_Ov1-YFWYlch372WukgI9CG6OLn02erroQpOEcNXZC9D5bmm7EM8GPflmCnIMLDXRRwgaUojv1HUlx5GLwd-57_ELgXWzsKxRGugR4Av4_IQon7JBl1qy0D57vggQzvL17LtZEPXI4TUSdoTUASsJ1HAdL2EuaOl5jwtRVLiXEM3AZZy-y45RNipf7cgoosCSrzYkBWqcsqqT-d0KFCuOHfE3SW5_WhzAFQtysRuBjSdY4qOauZt4c_tS7bf-tQzctL6Ul2DBwd84c00bZQjVdVXW_tiEVgEYYzdA7-TuBk0jQInXEhKS5UfQi6maPune02kzlr1h39nxW6pkaNj-wefdBGV94M_J2G6IIPMS1P9-m2US8mXuW_uHVWePgfbtcZmsSN8E_ze55kSt1ItNckwtNe7OD3jG5nBzKTS6-JeoQJUywcYro8w41zBHQR0lKHPBhA1eTYas8iMzaR679sNjavWendULIJP1Waamb_Qo0TAWgx0IkWPFz1DYtGDeBV1WvrumdC_4ARKmklUg6scpk930fnZyoM9yoqgPgVCKY3scFELFohv39QAzxKmF-YujfknKgJe8OF-7Ht4BYaTYlJu589mdapo-0nCiykaDWznLn0FEKV6rxlVmhjGTWVsq8ZHLrjAkXH8JtlMxHM1gwvSA2eOJ-6v_Or0bBbwHlvXZXFav8sjs-KdoHDzLoQs665HxbEN_Fr1pq9avc3anqq0f5DkPQp-bVVCXgN1daxYTJRBFglb_CwcG-gOnwk6zKAnWHPIGq61tTee3HR2gt-oricbEnLdAwB8WlEP5cOqs7nkga0WY6vw1qMD9-SmeQl5hF_oAyAZc&sai=AMfl-YQUzo0pQvifaJec9EjCQBWye-CRzIOY1DEZFgmmoSaM7VOzUONBAshXdAErKUfHioMkAMf7offH-1XUfY_ntRsJnjcATsiHdHS8605FKWlO2peYpdPfBRCaexNeyf8_54fI0xZqFRADsCLQIdEdxUs8_qNO3d6Yd8UyRdy5Kym26MMmso5Ba7xZeBoAz-hsh-TxvpuViHCZp_QCU1w4mmkpL6L1xEDF2zxM7e2V7KeEfJrE5dkFfOY7qJMA-WGrVF9-J4kMhHuw-8kXOjD_iCCZDbXjGOY1rO7GIZwdbKrPLdPJ8csIm7KZhsqyoe7F5GWk3P1pl0PsgOOYgzr1AmRUrlxe8BXw_m2m0tbpEfy_okac_E2P9VxR5WAP_V0SPFuy2fTz9IpAay3GQBnw0sqGHaOhU8yzD2eoEBYGinSp2yIBuhFlDzwfq4w9dExlF47UHCWZx0yHq4_4IjQyTCKkszidmKx0JveHVtLUI1R9ybk4ylyn61yAQDBv6OGSG-JAuA&sig=Cg0ArKJSzIMctxLM-dmHEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9maXZlcnIuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231109.45628&arae=0&ftch=1&adurl=

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Nov 2023 00:07:35 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Mon, 27 Nov 2023 00:07:35 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 53AD 41 KB
14 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114613
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 53AD 3 KB
1 KB 38ms
36ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49852
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 53AD 20 KB
8 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28216
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 53AD 202 KB
64 KB 123ms
93ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Nov 2023 00:07:35 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 53AD 42 B
63 B 59ms
58ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CNGSuqu8iMn7BoQ-xw5HVevvBYZLXBcqzWo7GVhJwefXUJNP_AtKNIIqbUx0IFdZ9n_7BXlyJmh03dARbTlwq4Gy4iyPmdYBgk0-V4aXy1cpNhQ90

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 14760175816907913160
s0.2mdn.net/simgad/ Frame 53AD 24 KB
24 KB 64ms
22ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14760175816907913160

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

baf28ddd2dcf0a7ea32052eb7a066df465ef72054ec9d90ac2cdb981006dcb70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 23 Nov 2023 00:03:35 GMT
x-content-type-options: nosniff
age: 345840
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24186
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 07:06:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 22 Nov 2024 00:03:35 GMT

POST
H3 204 AGSKWxVdH_4OiVWPQV3PIerAIluSKxkcWtsOh2xNswAsa886SVJ0frHH3CqGHuIS7HTYg9rrjPA8lTbN9QlXh1iUoCFhse_rVWvy1U_LdgwjDk32wQcHe2uUUe-NANIlb74GbJSZz6jGoQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 90ms
36ms XHR
text/html 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVdH_4OiVWPQV3PIerAIluSKxkcWtsOh2xNswAsa886SVJ0frHH3CqGHuIS7HTYg9rrjPA8lTbN9QlXh1iUoCFhse_rVWvy1U_LdgwjDk32wQcHe2uUUe-NANIlb74GbJSZz6jGoQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-LxD5TjPMj01JZot9ecbPGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 27 Nov 2023 00:07:35 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-LxD5TjPMj01JZot9ecbPGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://dafontonline.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxV_5d-gXbyKT0TNYOt3UwQqtzb4zhONFN8J5RpqOQu7SKLIGancfr2NvrojFrxgMHzp018-o2s8DUQz9NXFxMTF-9Z4J9RPNyjpHjEiqszMuDk0RCK376H_bdfsd3k_YQJMFif_Yg== Show response
fundingchoicesmessages.google.com/f/ 13 KB
6 KB 71ms
71ms Script
application/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxV_5d-gXbyKT0TNYOt3UwQqtzb4zhONFN8J5RpqOQu7SKLIGancfr2NvrojFrxgMHzp018-o2s8DUQz9NXFxMTF-9Z4J9RPNyjpHjEiqszMuDk0RCK376H_bdfsd3k_YQJMFif_Yg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAxMDQzNjU1LDcwNjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTBdXSwiaHR0cHM6Ly9kYWZvbnRvbmxpbmUuY29tLyIsbnVsbCxbWzgsIk50czVMdllJb2JrIl0sWzksImRlIl0sWzE4LCJbW1swXV1dIl0sWzE2LCJbMSwxLDFdIl0sWzE5LCIyIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

05f1bb205118c1b122b15f3182ceac6333568f89af135083a9a33b59bef16ca0

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-peZo1EvZiy5OYxWhJShs5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:35 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-peZo1EvZiy5OYxWhJShs5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2F08
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

33ms
33ms

Document
text/html

2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 00:07:35 GMT
expires: Mon, 27 Nov 2023 00:07:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 00:07:35 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame A291
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE5WaNUE0m4i3cVVkIYYtvo&google_cver=1

43 B
340 B

39ms
38ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE5WaNUE0m4i3cVVkIYYtvo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARi3353cATAB&v=APEucNXIQQl8exXxH4d_S-HeQ-Vls6Me6_FcBXKdPTg3cBSCUE4T4X3nMUH1gS27hk4klMLzbLP9Pl1ByG1TwgjnxV4kXO30QQcefzn4NFpIG9b57P5wa2YCXZm2mTBNBrefFLVRDqOJQ5dqAbxpFHOUh436weYQX3nVREc2fzPB5cpbuMQXoZE
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qtesRj4ID2CmVx2lxblJgPXLyqvD%2FEFgVcqOkFnBtljU%2FS7efigUYtSqXLN%2Frx4LBGOQG63XGvwpVoEvng7TMT9wgBuzEfgpIkyqkgwNzJrt%2FkSC1ZWiVosB61TllkEwRcU%2F4tahqW9EVw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c621c10f009101-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE5WaNUE0m4i3cVVkIYYtvo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame A291
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPdx8EnPIdQrqoKLv9WwgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGJKr1lVN-6rTnsmJpcBLYY&google_cver=1

43 B
426 B

36ms
36ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGJKr1lVN-6rTnsmJpcBLYY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARi3353cATAB&v=APEucNXIQQl8exXxH4d_S-HeQ-Vls6Me6_FcBXKdPTg3cBSCUE4T4X3nMUH1gS27hk4klMLzbLP9Pl1ByG1TwgjnxV4kXO30QQcefzn4NFpIG9b57P5wa2YCXZm2mTBNBrefFLVRDqOJQ5dqAbxpFHOUh436weYQX3nVREc2fzPB5cpbuMQXoZE
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s5qal1n9ioiGWtS4LVziDGjyoaBA9Nd64ALgyuqNgwPeJQYJlq3XTgWxj6yfN5T7kNnrWEPdLQP7I%2BJGaM6NIh%2F%2F4elwbVWjJGCdw7O9UbgRJMCaqXbJbLTHinL7GQG%2BX8xl2qjBZZJVIw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c621c1af4a9101-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGJKr1lVN-6rTnsmJpcBLYY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame A291
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKztHwUkhA6izrHIB6W090k&google_cver=1

43 B
841 B

33ms
32ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEKztHwUkhA6izrHIB6W090k&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARi3353cATAB&v=APEucNXIQQl8exXxH4d_S-HeQ-Vls6Me6_FcBXKdPTg3cBSCUE4T4X3nMUH1gS27hk4klMLzbLP9Pl1ByG1TwgjnxV4kXO30QQcefzn4NFpIG9b57P5wa2YCXZm2mTBNBrefFLVRDqOJQ5dqAbxpFHOUh436weYQX3nVREc2fzPB5cpbuMQXoZE

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
an-x-request-uuid: 257331d8-d832-48f5-97c3-8e3fadf2b074
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.165; 84.19.175.165; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEKztHwUkhA6izrHIB6W090k&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A291
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc5ODg0NzczMDQ4NDc5OTgxMQ%3D%3D

170 B
232 B

33ms
33ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc5ODg0NzczMDQ4NDc5OTgxMQ%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
an-x-request-uuid: 831b0eb4-fbec-4db8-81a9-ff11ab5f9e3f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc5ODg0NzczMDQ4NDc5OTgxMQ%3D%3D
x-proxy-origin: 84.19.175.165; 84.19.175.165; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame C360 38 KB
13 KB 24ms
23ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 114564
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 16:18:11 GMT
expires: Sun, 24 Nov 2024 16:18:11 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame FB0B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHrPTUfq3tfCyrqNeuNL8GM&google_cver=1

43 B
327 B

41ms
41ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHrPTUfq3tfCyrqNeuNL8GM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARjD-r7cATAB&v=APEucNUPbBVurb_SoWOoR8v4vkrXmiJLQDKQYNKu-YfPtZJvdn6SoVo1u6z64I2KOrc8TLJIl_tMGPFWPCVM66a3O1emW5clXlkIVEohzGzC4GIP-dbezRgmQGb3jIh6VN_zztGb0hgzcnZRlUInymrnX1-4TrORIwqRe6sE0YfdzFO1x86DtA8
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8EhxqA0SeXsf%2F6ofxOiJZBFZRHqlsPuAizPOcyRe0qURXR0GDcfHJ0%2BJv8mTB63rKTviUZcOzO5LQe%2B1QrKK8xfpzqhdnKD7%2FswVDtv5NFJ7PJIMeTO4dNPXDpzfkATRMSIoi4z8KStv5g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c621c10f019101-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHrPTUfq3tfCyrqNeuNL8GM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame FB0B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPdx8EnPIdQrqoKLv9WwgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGJKr1lVN-6rTnsmJpcBLYY&google_cver=1

43 B
344 B

36ms
36ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGJKr1lVN-6rTnsmJpcBLYY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARjD-r7cATAB&v=APEucNUPbBVurb_SoWOoR8v4vkrXmiJLQDKQYNKu-YfPtZJvdn6SoVo1u6z64I2KOrc8TLJIl_tMGPFWPCVM66a3O1emW5clXlkIVEohzGzC4GIP-dbezRgmQGb3jIh6VN_zztGb0hgzcnZRlUInymrnX1-4TrORIwqRe6sE0YfdzFO1x86DtA8
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hkrnhU6F13hltg8tQwRI0wGUbaQG3GpuPcn0Vpiu7%2BD7bmXJHr2uOa%2BAYhEDGWsbsFuiIuC64koAhhhINBxG5rJaJRbgp8skfo4bLj9hoKb3wKilos1sMhxgK6SPhrvDaGAQI40kPIhmyg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c621c19f389101-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGJKr1lVN-6rTnsmJpcBLYY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame FB0B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEkrfaHQOpBFPMVeWDZkNm8&google_cver=1

43 B
841 B

32ms
31ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEkrfaHQOpBFPMVeWDZkNm8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARjD-r7cATAB&v=APEucNUPbBVurb_SoWOoR8v4vkrXmiJLQDKQYNKu-YfPtZJvdn6SoVo1u6z64I2KOrc8TLJIl_tMGPFWPCVM66a3O1emW5clXlkIVEohzGzC4GIP-dbezRgmQGb3jIh6VN_zztGb0hgzcnZRlUInymrnX1-4TrORIwqRe6sE0YfdzFO1x86DtA8

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
an-x-request-uuid: 0e20e4d9-2fc5-4995-9377-4954e6f36962
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.165; 84.19.175.165; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEkrfaHQOpBFPMVeWDZkNm8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame FB0B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTgyODA1MDE2NzMwNDc3NTI2Nw%3D%3D

170 B
243 B

32ms
31ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTgyODA1MDE2NzMwNDc3NTI2Nw%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:35 GMT
an-x-request-uuid: 72bd16fa-b5f2-4d98-8492-a1df4638c904
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTgyODA1MDE2NzMwNDc3NTI2Nw%3D%3D
x-proxy-origin: 84.19.175.165; 84.19.175.165; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 53AD 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9052a658add745b76ed5a1515d2091046dbaa74550e65c017b904126e9772fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 5FF8 14 KB
1 KB 33ms
33ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Nov 2023 00:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 26 Nov 2023 22:26:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Nov 2023 00:07:35 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 5FF8 2 KB
822 B 23ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:09:15 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 5FF8 23 KB
9 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:09:15 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1F1B 143 B
166 B 24ms
23ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 193
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 00:04:22 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 5FF8 3 KB
1 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49852
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 5FF8 20 KB
8 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28216
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5FF8 202 KB
64 KB 90ms
89ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Nov 2023 00:07:35 GMT

GET
H2 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame 5FF8 37 KB
15 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 10:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 482300
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 19 Feb 2024 10:09:15 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame E569 38 KB
13 KB 27ms
25ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 114564
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 16:18:11 GMT
expires: Sun, 24 Nov 2024 16:18:11 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame C360 39 KB
15 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:10:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7053
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 22:10:02 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1F1B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

37ms
37ms

Document
text/html

2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 00:07:35 GMT
expires: Mon, 27 Nov 2023 00:07:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 00:07:35 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 53AD 0
0 60ms
59ms Fetch
image/gif 142.250.184.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvhMwFnTwqVw1YlEgkp72PPsNPVhBEMuh22h6hMYhVnFxi9wh1tywFjGIEK8qRjHVLIYqNBkQNgpzVvwCL2nhWQeB4P1Gz53pCJcIDEVie-4cegnJkFAk-n6WgMMxUe2w4v3O-b2HQUW2z75U-UA89yr8cC869C9NkuSXOCfA_1YyqmYCdDFu1RXGgWf2LLvQMxqFgTgvjTLU8kazvgd-dqnkI5U8OlqB7AOHBW13R8m_XyMF_zpTowc1uVJjcGowFBa876ICp1frhIxCNlJZN3P_cOl5qa1LQEOCMVQe85Eg6llEJ1HOt6a0zETpgP0pN5WnWnOLuvebrQuT3-aGZnR3Sf_gUHu69m3ThofCMrwdwG2UXd3vKoKf7FC8hRd1Rn8LkY0z0LE0qzxsWJ1o_m-dCa4xAB2hjL5r8kkyN7VYEmGn-xqGoWrNO6LPBURjo2vhpsjrgXofMyjDWvBBt1z1-cFEiw5VisR5Bh0cTlaX9vo-DmMFqX1LOIe8loep_Ov1-YFWYlch372WukgI9CG6OLn02erroQpOEcNXZC9D5bmm7EM8GPflmCnIMLDXRRwgaUojv1HUlx5GLwd-57_ELgXWzsKxRGugR4Av4_IQon7JBl1qy0D57vggQzvL17LtZEPXI4TUSdoTUASsJ1HAdL2EuaOl5jwtRVLiXEM3AZZy-y45RNipf7cgoosCSrzYkBWqcsqqT-d0KFCuOHfE3SW5_WhzAFQtysRuBjSdY4qOauZt4c_tS7bf-tQzctL6Ul2DBwd84c00bZQjVdVXW_tiEVgEYYzdA7-TuBk0jQInXEhKS5UfQi6maPune02kzlr1h39nxW6pkaNj-wefdBGV94M_J2G6IIPMS1P9-m2US8mXuW_uHVWePgfbtcZmsSN8E_ze55kSt1ItNckwtNe7OD3jG5nBzKTS6-JeoQJUywcYro8w41zBHQR0lKHPBhA1eTYas8iMzaR679sNjavWendULIJP1Waamb_Qo0TAWgx0IkWPFz1DYtGDeBV1WvrumdC_4ARKmklUg6scpk930fnZyoM9yoqgPgVCKY3scFELFohv39QAzxKmF-YujfknKgJe8OF-7Ht4BYaTYlJu589mdapo-0nCiykaDWznLn0FEKV6rxlVmhjGTWVsq8ZHLrjAkXH8JtlMxHM1gwvSA2eOJ-6v_Or0bBbwHlvXZXFav8sjs-KdoHDzLoQs665HxbEN_Fr1pq9avc3anqq0f5DkPQp-bVVCXgN1daxYTJRBFglb_CwcG-gOnwk6zKAnWHPIGq61tTee3HR2gt-oricbEnLdAwB8WlEP5cOqs7nkga0WY6vw1qMD9-SmeQl5hF_oAyAZc&sai=AMfl-YQUzo0pQvifaJec9EjCQBWye-CRzIOY1DEZFgmmoSaM7VOzUONBAshXdAErKUfHioMkAMf7offH-1XUfY_ntRsJnjcATsiHdHS8605FKWlO2peYpdPfBRCaexNeyf8_54fI0xZqFRADsCLQIdEdxUs8_qNO3d6Yd8UyRdy5Kym26MMmso5Ba7xZeBoAz-hsh-TxvpuViHCZp_QCU1w4mmkpL6L1xEDF2zxM7e2V7KeEfJrE5dkFfOY7qJMA-WGrVF9-J4kMhHuw-8kXOjD_iCCZDbXjGOY1rO7GIZwdbKrPLdPJ8csIm7KZhsqyoe7F5GWk3P1pl0PsgOOYgzr1AmRUrlxe8BXw_m2m0tbpEfy_okac_E2P9VxR5WAP_V0SPFuy2fTz9IpAay3GQBnw0sqGHaOhU8yzD2eoEBYGinSp2yIBuhFlDzwfq4w9dExlF47UHCWZx0yHq4_4IjQyTCKkszidmKx0JveHVtLUI1R9ybk4ylyn61yAQDBv6OGSG-JAuA&sig=Cg0ArKJSzIMctxLM-dmHEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9maXZlcnIuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=93&vt=11&dtpt=92&dett=2&cstd=0&cisv=r20231109.45628&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame E569 39 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:10:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7053
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 22:10:02 GMT

GET
DATA 200
OK truncated
/ Frame B722 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eda3edc1d3fae2b662d766b04ed1e36afbfada6bf683bd3d635410c2a66efbf5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js Show response
pagead2.googlesyndication.com/bg/ Frame 7935 38 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf3ae3cb276e14b8260f0a5581a6da12c86d3963549a2747e0099a0d85361412

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 07:40:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 491225
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14894
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Nov 2024 07:40:30 GMT

GET
H2

200

/
www.googleadservices.com/pagead/ar-adview/ Frame B722
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Cs_SFxt1jZenlB6SJ9u8Phoq3iAyskbCXdIvav8WOEt3rq6_eARABIObV3CRglYKAgLgHoAHwrbW3A8gBAqgDAcgDyQSqBOABT9A_MvsqlJsa_4mw3-WnDWYd8Ysuq43eMA_NrY5n2ZF6sHv...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227408442232118503641%22,%22debug_reporting%22:true,%22destination%22:%22https://envato.com%22,%22event_report_window%22:%22...

0
0

419ms
60ms

Fetch
text/css

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227408442232118503641%22,%22debug_reporting%22:true,%22destination%22:%22https://envato.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22921523952%22],%224%22:[%2211-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221248953051759119057%22}&andc=true

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:36 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"7408442232118503641","debug_reporting":true,"destination":"https://envato.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["921523952"],"4":["11-27"],"6":["true"]},"priority":"500","source_event_id":"1248953051759119057"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 27 Nov 2023 00:07:36 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Nov 2023 00:07:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"7408442232118503641","debug_reporting":true,"destination":"https://envato.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["921523952"],"4":["11-27"],"6":["true"]},"priority":"500","source_event_id":"1248953051759119057"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js Show response
pagead2.googlesyndication.com/bg/ Frame B8E8 38 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf3ae3cb276e14b8260f0a5581a6da12c86d3963549a2747e0099a0d85361412

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 07:40:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 491225
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14894
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Nov 2024 07:40:30 GMT

GET
DATA 200
OK truncated
/ Frame 6BC6 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8bd149189a253bcde337c84e8687525d96bef4a5deaec76a806a6f2f6c82cb0a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 6BC6 0
0 68ms
67ms Fetch
image/gif 142.250.184.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsuwdI8fgkynaMdNGtGkV9Jtsxxpzn5zOovh2m8k-dPC_EQrqXueJhfmPIevgDTBkrywigJTjtyRjpr6WfAGDKcDlnQZ9TEsedXn7pctft_pAwgQa112Do3q7fsgASHH0Gh0s3Cdy8aobKcbtWm9OYNBcBFuQM0nTr6Oy7LhKyRtyKGb4AQzq-QXZMRX3t1wHgpEcMOr0cgfBmhpcC_iafFYLn3yhte25v4NrVaz6y0inBEUmF3F76NuiFJ9aJXQTRwKu4pTPAnzdJoUeqzYEhE-rWwbd3_YieUg0B_UvAKQ15qScOpunqszo21xRYHUeGLV-nVcnRg0RePw6RMzJTkeq5VzCBn_NY0nu416mdEqubGQLQOD6Smx5ftgDFMqkH1OhPZc63TgSBltdQkdHf66JYZbdRddJYoEG_FIv-QLfdZDm5lrU6SlharqKussHQWUfWvhU5XL29fzoMnBb0-LIL94m1ZbrWOiKYrsFg5klky2nKji7pvuQpRMzE2K0u_xE2c4chy2PN0FoOU4gF99K4F79DSWfnKKGtabVci2mEYJLsrVt514LySzZrn5THGpqrWIxsgJk2kOXn8rqSjU2MK3dmleZhHcujtzWwV77zJXd2Y4vlV0eJr7tQEpj6cgUj1Zmxlhh0VoswvK_aCna-ROxHYZ1aMmP7_aCCdYNcWH3IqtTQFlFhuG2PimU5XgGrioP9sTRb3t5JjUH5S_0BV7hBkKaaqhW15j_KoTQgiAj_zQZ5xQuUtzrML3Xx5uaVU_qn9wQTmUGboZUV15LwmBOBpTQKRDcZhmGvVsRygnxO0fTEWo__tjd455hosKbTTfh7Dj1wCJC6UtIjeUNQtZ0Ysvmvf78TPwsivO30c8zrIafGtZ4j_1lRL81E9lLwAz-89CAhEqhowOdVdwAChfaO9woxOUIlk4HvGIHm9OHdNcqH-1LAoFerCbWx1syU2k8_6DqYopdvoy_QXizYQaVsXHeN3NXGB6nZPiG2_Mb9QhJTNFuYXFOd0MGNEdT4d2A4JJRDDWa73sZ0PgPKTlqthZqg7Q-jtx2rRGtus6mj7fY-BXgPfXVNEbVZFoNxaTIUR-y8wHlvYxn0ygq6v_JmXgRA6fJx5BcfLUmmr6PNE3-Mi3rRhDnzaNxIqoEp1DX34UUVilH-fMY9CAq9tSJremnktJAskN-_oUzdf1ksFYim3umoiz39qROjvwWP4hAcS-zwdOqDvW1zSFUoWMOsaDW0CTwJ8fvNvHOcEPu3fVgmLQfVdsw77y02l_7Z1yYDtiOjfBIEfnWLtt3QKUPeVP46b3D-NsKNcn0fYWHCF1hedIAqvL6v_ZTd6VcGBFWAIckJRrKw&sai=AMfl-YQTglPp7LG5d0FfF3g-E3r-ZJ6byJTuWQX9MZATAtDfosgHbVIN7k0pnLkcPi5gvkcsq4eC48dYYKH3n9CZBLSOaSBEIXejlYRpaVWy5pObeYY5F12JrpiaDYsKSLplmjS0KeHiiuHEKtKTC6-R4Sf23QNdeLRyD2HHbL-MiqWtwWJewCzCFWd2wnxjAXZNsUrll1ldQVVRxJfXc6t2PjvUNNEqTY1AK9XMylak86YB88wBozqEaka_ThNTL2Y789b_HXcDccQusjpzIxv0EKU9J437OODDpS3NkdDR1H6yf8vAF1q9IQiCKpE2HljhI0MShU3O-BmUC7kuX-BxAJ1gSWYrZT-0ADBHO22Gsq3zIRTH3LWBuE6tuHqarYFBfXHXhz7bPPjgONbhpShuULgKuHWzcmuPGAXn_JT5TJkCbzfpPIpvTxcYtazLB62baamcF0n3wI_5CvOgPzZ2ASPkjO0pA7tnIDL1EaBeGObLkAD8I8BAZphsX9dp9HXHwKBTag&sig=Cg0ArKJSzGVGDZwt4WTEEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9maXZlcnIuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=317&cbvp=2&dett=2&cstd=0&cisv=r20231109.39194&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: dafontonline.com
URL: https://dafontonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Nov 2023 00:07:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 53D7 6 KB
706 B 33ms
32ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-9515399027379549&output=html&h=280&adk=873553977&adf=4248227912&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1700918415&rafmt=1&to=qs&pwprc=8572252050&format=1200x280&url=https%3A%2F%2Fdafontonline.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701043655476&bpp=1&bdt=2871&idt=-M&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=4684295644810&frm=20&pv=1&ga_vid=1828443161.1701043654&ga_sid=1701043654&ga_hid=810874583&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2076&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078297%2C44807764%2C44808148%2C44808285%2C44809056&oid=2&pvsid=54917597967740&tmod=150110085&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=102

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Nov 2023 00:07:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 26 Nov 2023 22:29:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Nov 2023 00:07:36 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 53D7 2 KB
822 B 23ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50301
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:09:15 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 53D7 23 KB
9 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50301
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:09:15 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 53D7 3 KB
1 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49853
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 53D7 20 KB
8 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28217
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 53D7 202 KB
64 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Nov 2023 00:07:36 GMT

GET
H3 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame 53D7 37 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 10:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 482301
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 19 Feb 2024 10:09:15 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C360 0
20 B 57ms
57ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bb9Yfxt1jZerlB6SJ9u8Phoq3iAwAAAAAOAHgBAI&bg=!7-yl7KPNAAZxrfrxUa07ADQBe5WfOElK5rYS_O94ykhKhzSV6FZkkPShd67nXyw-9TTOhwhHv_U_1TMAWYQJYB581rczAgAAAKNSAAAAAWgBB5kDBnWirzCdIWO26CEXgkpoWXmbBdWhnLOSfvZRqLimb-UR0Xzu0OfCAknhoy7lR1UvaJpn0dHnmZXskP_qmAnKqdfTbkekOXn0fhOIzASW8u164qizfKOq6R4_Myivzq-xhtUpgWPvFtloBvhccdOCF2B8SnICd97qkjd5T69APxnKXf9HtZMQLICmoSbygiadXo0gfOuBXG9pnSyaXNuOzXSWvAD4pbd4LNura7o6aINCUH9bDC8jlyAmnuWYko3_TobHCMAwGQ4R0sN8up1idRy2hi-sK48hHV0TjQ7ahKOzrjasfOjp2mSCTYoHjjZXfeCcInTRrOW2ADLckT64ItvjIiPaiucJHltH2SkeTFwsXa_PJtRPoCD130N6Tpdbvsf0_IH_5MlGczVw2U1N0PN01hUmOGqz8tsHCKQIE8dRqSGsTPu4kFrTvtiIzDGh4CGr4FT2ErrG-pZ9x2KniKDJS5q-NP97D5Xv8TXBgYvp1m46BjZGNM_xQ0GErW3TQTxITISFTv53nRdCY2g_igSmdK--Cczy9jSv7k7LKrwBubmjRF9EsiMIYEGi4WPHqH6B-gaWO5Z460sQTWUvDmvktwSNwBfZrLDWs0Jri19UHRbtfe1XdPAW0aOZyXhXh5Wtzes-HEjpeMWrwvMBRVdstCTUi7hg82GmkBrcWpz8p8ILO8CIq4uhd2LIAV0fypu6BYWX_lhcZ0lAUJqk08kF-wt17lap0Ma7k3FsS2ODK2kHJdT15gKMQENlFawUIvMXy5o0rMURwfccUiqdyPYNMw1GI43sisT5qbT_90ZiTTYUE8wsr6pS6S8XoJaUQ3FDETLze-qgiWjwCl3ILgdNjXpTCHHEstBETnpGqv_6htGLt-Sxu-gzSz2HWlEV-BFVSxtz-B0SsSgeguD349gA7-8VBYKD1mpQm4vsbrHftLwDxn_58oPuE_uQ4v14zrTswyfCT3WPHvuuFSvYsh608UI3FNAUUn9G2gUr2AysoE5Sv2QKbC7Vd27tm1dN75uAkRgpsQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8681 1 KB
643 B 23ms
23ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 28166
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 16:18:10 GMT
etag: 48472445140208031
expires: Mon, 27 Nov 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/7919688192144901548/ Frame 53D7 21 KB
21 KB 22ms
22ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7919688192144901548/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a15cdc13287b515c2c0e0508ee84cd601af73f69d2aaf8c9ee832f0e01458ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 23:20:21 GMT
x-content-type-options: nosniff
age: 2835
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21176
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 05:03:24 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 25 Nov 2024 23:20:21 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 116ms
55ms Preflight
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 27 Nov 2023 00:07:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 53D7 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91f231e16fd5735579f287a5752b21fa9c20eeb513b81322e99a97aa91d39df3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 8681 35 B
465 B 71ms
21ms Image
image/gif 2620:116:800d:21:ef75:8280:f209:5ba1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEB5MTlUyXpRycrvwl41S2z4&google_cver=1&google_push=AXcoOmTF_GgFlB8s9gHJcneugHgAORfcMctn2sAmMyEgYEAFZODVtXo7R8eqoNoFaITEUS6TGEburVNW_UE9Ztn8-ff11zO7j4LBRpBQ

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:36 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 8681
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPYAmnfbj7OEm1jPOfcbIfE&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPYAmnfbj7OEm1jPOfcbIfE&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=c0FhWUhUdFkxUjdwYTA1&google_gid=CAESEPYAmnfbj7OEm1jPOfcbIfE&google_cver=1&google_push=AXcoOmQelna8rsSZtCS5PELCcErAO_WISNec2lvnirSdked...

170 B
232 B

33ms
32ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=c0FhWUhUdFkxUjdwYTA1&google_gid=CAESEPYAmnfbj7OEm1jPOfcbIfE&google_cver=1&google_push=AXcoOmQelna8rsSZtCS5PELCcErAO_WISNec2lvnirSdkedtWXSkq31NY7NXgA2qyw1bMZxmHJKOSZBy1GmxwSh229YVv1F701C4WJY

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 27 Nov 2023 00:07:35 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-091a6d662d9a132c7@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=c0FhWUhUdFkxUjdwYTA1&google_gid=CAESEPYAmnfbj7OEm1jPOfcbIfE&google_cver=1&google_push=AXcoOmQelna8rsSZtCS5PELCcErAO_WISNec2lvnirSdkedtWXSkq31NY7NXgA2qyw1bMZxmHJKOSZBy1GmxwSh229YVv1F701C4WJY
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 8681
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEOxj2kUR5nTRCrip4-KR93k&google_cver=1&google_push=AXcoOmTlLPXyWs0KezN4GHTitxZKJgIds13UdIC1xww8tAsMQ7nhwefHprmaqfPP_Pv8E8dhXlN4iFrdTmFtweJGd_KoWQqc0cl-O...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEOxj2kUR5nTRCrip4-KR93k&google_cver=1&google_push=AXcoOmTlLPXyWs0KezN4GHTitxZKJgIds13UdIC1xww8tAsMQ7nhwefHprmaqfPP_Pv8E8dhXlN4iFrdTmFtweJGd_KoWQqc0cl...

43 B
420 B

196ms
187ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEOxj2kUR5nTRCrip4-KR93k&google_cver=1&google_push=AXcoOmTlLPXyWs0KezN4GHTitxZKJgIds13UdIC1xww8tAsMQ7nhwefHprmaqfPP_Pv8E8dhXlN4iFrdTmFtweJGd_KoWQqc0cl-OYc6&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTlLPXyWs0KezN4GHTitxZKJgIds13UdIC1xww8tAsMQ7nhwefHprmaqfPP_Pv8E8dhXlN4iFrdTmFtweJGd_KoWQqc0cl-OYc6%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:36 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 82c621c43b4ebba4-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:36 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 6862
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEOxj2kUR5nTRCrip4-KR93k&google_cver=1&google_push=AXcoOmTlLPXyWs0KezN4GHTitxZKJgIds13UdIC1xww8tAsMQ7nhwefHprmaqfPP_Pv8E8dhXlN4iFrdTmFtweJGd_KoWQqc0cl-OYc6&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTlLPXyWs0KezN4GHTitxZKJgIds13UdIC1xww8tAsMQ7nhwefHprmaqfPP_Pv8E8dhXlN4iFrdTmFtweJGd_KoWQqc0cl-OYc6%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 82c621c2ea99bba4-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 8681
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESELnQq2EIg2I_dHB_Es8H1DQ&google_push=AXcoOmTx4mXue5LEZXCwmWVnTP38ebJfC0Kg0G5eoQ-E1iNnpTFNPfDumC...

170 B
232 B

34ms
34ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESELnQq2EIg2I_dHB_Es8H1DQ&google_push=AXcoOmTx4mXue5LEZXCwmWVnTP38ebJfC0Kg0G5eoQ-E1iNnpTFNPfDumCJwXAqN87dCkKF6Ss3kCD3cxC4h0ywgi7oNo9WY_1mDinHN

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-cph2320040-CPH
pragma: no-cache
date: Mon, 27 Nov 2023 00:07:36 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1701043656.176316,VS0,VE97
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESELnQq2EIg2I_dHB_Es8H1DQ&google_push=AXcoOmTx4mXue5LEZXCwmWVnTP38ebJfC0Kg0G5eoQ-E1iNnpTFNPfDumCJwXAqN87dCkKF6Ss3kCD3cxC4h0ywgi7oNo9WY_1mDinHN
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 8681 70 B
149 B 150ms
47ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEOyQ1fMq-SZUsfbaedJl05Y&google_cver=1&google_push=AXcoOmSRTdcP6uxA_1RyaMIgAhx6To0DQZvzBgUeZwC2CB75kdNsxVXFt6fvwdjLpywwVWVyE6ynI1xW3l3nRK1C7VKjpYYR-rRTvzVM
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-9515399027379549&output=html&h=280&adk=873553977&adf=4248227912&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1700918415&rafmt=1&to=qs&pwprc=8572252050&format=1200x280&url=https%3A%2F%2Fdafontonline.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701043655476&bpp=1&bdt=2871&idt=-M&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=4684295644810&frm=20&pv=1&ga_vid=1828443161.1701043654&ga_sid=1701043654&ga_hid=810874583&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2076&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078297%2C44807764%2C44808148%2C44808285%2C44809056&oid=2&pvsid=54917597967740&tmod=150110085&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=102
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:36 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 8681 43 B
363 B 96ms
28ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmSPE2ibKlZPwxj0QE3RB2C3O_BDzUOf_K0Or-oQZtua-iPuuUvLM4V3dSojuMifikJy4mGAeFmpHzicEDv8FTE0bUtfu_PmoJqL&google_gid=CAESEJD5fPZtks8nLeaFZNypyQU&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:36 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 204833
expires: Mon, 27 Nov 2023 00:00:00 GMT

GET googleredir
googlecm.hit.gemius.pl/ Frame 8681 0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 8681 0
59 B 29ms
29ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LbyZLBuqzmR2XqXvyi3iu5Xq6p8Gl61tiND2KxLoffA4s7jNi-NK_AawMNu7SuybyLMdvoVA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:36 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E569 0
20 B 58ms
57ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Byek8xt1jZevlB6SJ9u8Phoq3iAwAAAAAOAHgBAI&bg=!c3ClcD_NAAZxrfrxUa07ADQBe5WfODaTRLCUZCo-0XRp3yhvtgtJQu8Kf2ylulxKdcqBW-R9N1FIabqrHyoJeqxB3d7pAgAAAOxSAAAAAWgBBwoAaBIggd2W7l0su5g8m0EMvnH4tPi16xf10fZQzz9kuDMp-gbZD3qv5nsPR2d_dWW90ds00yVYEnqiIS2YP_s5-el8-ySoiGFYMeIcpajLe_KJ9plc66V4FqUGhz1-3iO1GAgiXEviz2NzmQMN3oE980Am3U8-n_-qE7hCuEcv0vq_z2vC70XZYNCUEz7-XoZt-WnSGZMhod6gHHYyTGvyjwcPqSCCiBlNHtuYE4ck7hiAXmKKzaQ7wF9Xnu24gblXR82YwuFRYh4IJnj4Q-92L9BREMIRMZrkXb-be-q0G4NLZdFD8ss1KXbC4iOYSmhVkiwxomQ1049k4ktL_JMT3i3MFLR-Rso-t1jfe7BOskpZ2DsUqWR6MZntlzOcXG7d2zJVEekQoqqkDfeY0mvVbsWtx21cE4IoRDJHZa3dGMJl6WOEPQjmcTMeDxUPgCZHuFnp9dh1yN6Yll95i4DK2xS3qOyqJAk1gF5gtUCk9KW55PgMztyK6pk2XhBNEbnaVGTTjsN_SJd53Lxd3Yv0bdl7JBng3PYWUOh3jiX6fcqg5NDCJLmxa0FasvLEOMtCieIfVgaY9AUi6c6cSOvZGJY-WJ-Kt6UCSeRSfpYyYyLB4UyOfxAlyJ9jflvXZPuuK397T3aeT-GgeQ7MGEPqqKS0s_KKRQIJHNBuYu6y-Wqoxjz-dGJYXR47CaSQN_h0C_zGaYZrQUb-DlhBYmycpUTP93AxsclI0fHO3fAbvxrPiskfPrESY2cTmfFT81Z4qsisQn-Zuon02uUB1xXISNnvAScuvthtTxYZha_mq8JJ-CMssEygYSDf04mbwuBJAkcsQxAP9B5pV3PCdLbZ4pGRpu8gT-AHE5ZA-KAJaYJMqRCfxphJwM7V5mldY74CKIMfK-O6n_8osjj345Tylz0PVTYqNJtBEoivgTt_kfcDOjm1gdiiJy1ilNDreEfqk2J0EPiAjRyoRkhKhXej7yg3A8HeQQacNPYrOxpjMyPpId3sg_60z8L48BEUwPyGMyifk2adXEE00oVwtyCr5JXUbFRebH_fu3dh-LS-wiw2l8kR7i3HiBG4zlJIFzQayr6g_uKpDxQuDvZ4GIiyV2tLXhXgBSaUimq3HrnwPujXDnpwOiHihVawcCcGPouJLUSLeTgxkNHW7hNwrbow0g_UwexgouWmAw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 53D7 15 KB
16 KB 69ms
20ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 20:50:19 GMT
x-content-type-options: nosniff
age: 184637
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 20:50:19 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 53D7 15 KB
15 KB 74ms
26ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 00:27:48 GMT
x-content-type-options: nosniff
age: 257988
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 00:27:48 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 53D7 15 KB
15 KB 89ms
42ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 21:25:42 GMT
x-content-type-options: nosniff
age: 182514
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 21:25:42 GMT

GET
H2

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 53D7
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C8cy_x91jZfDhJN3I7_UPu-K5CPWX455039uz1fgR3M6Rn7wBEAEg5tXcJGCVgoCAuAegAZHkpM0CyAEJqQIHxDQrk1qyPqgDAcgDywSqBOkBT9AtVnFkNECzHJcGVFItqEI_NxtOl9FftXP...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2216232311118436138543%22,%22debug_reporting%22:true,%22destination%22:%22https://volvocars-haendler.de%22,%22event_report_w...

0
0

376ms
60ms

Fetch
text/css

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2216232311118436138543%22,%22debug_reporting%22:true,%22destination%22:%22https://volvocars-haendler.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22698954257%22],%224%22:[%2211-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2214679472738394620161%22}&andc=true

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:36 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"16232311118436138543","debug_reporting":true,"destination":"https://volvocars-haendler.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["698954257"],"4":["11-27"],"6":["true"]},"priority":"500","source_event_id":"14679472738394620161"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 27 Nov 2023 00:07:36 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Nov 2023 00:07:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"16232311118436138543","debug_reporting":true,"destination":"https://volvocars-haendler.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["698954257"],"4":["11-27"],"6":["true"]},"priority":"500","source_event_id":"14679472738394620161"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js Show response
pagead2.googlesyndication.com/bg/ Frame DED2 38 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf3ae3cb276e14b8260f0a5581a6da12c86d3963549a2747e0099a0d85361412

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 07:40:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 491226
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14894
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Nov 2024 07:40:30 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 54ms
54ms Preflight
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 27 Nov 2023 00:07:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
68 B 43ms
42ms Image
image/gif 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=8.152809032553522

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-J60MtkzOHibS0m-smxn-Rg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:36 GMT
content-security-policy: script-src 'report-sample' 'nonce-J60MtkzOHibS0m-smxn-Rg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
68 B 73ms
73ms Image
image/gif 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=0.031311096869586885

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-4Y1X-mTMSMjg_J5n2Kq2dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:36 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-4Y1X-mTMSMjg_J5n2Kq2dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVdH_4OiVWPQV3PIerAIluSKxkcWtsOh2xNswAsa886SVJ0frHH3CqGHuIS7HTYg9rrjPA8lTbN9QlXh1iUoCFhse_rVWvy1U_LdgwjDk32wQcHe2uUUe-NANIlb74GbJSZz6jGoQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 36ms
36ms XHR
text/html 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVdH_4OiVWPQV3PIerAIluSKxkcWtsOh2xNswAsa886SVJ0frHH3CqGHuIS7HTYg9rrjPA8lTbN9QlXh1iUoCFhse_rVWvy1U_LdgwjDk32wQcHe2uUUe-NANIlb74GbJSZz6jGoQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-YMXFOD-hviKL4HIRvL0AJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 27 Nov 2023 00:07:36 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-YMXFOD-hviKL4HIRvL0AJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://dafontonline.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B722 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssiMUo8_ozFKiM9moqpsJMm9HCtQv0KNuKY83wBKdJBI2og4LL2F_4Sro3EgHIRz2w23xy9BkH3NkHHb1SCksn9pT-D7nr8vVwpAXNJ2wjtQk0h7HSdG4XRIMiPDfKsbVsf90rZ9pssxebs&sai=AMfl-YR-eHUlhnn_lnsvUgE5zDwXk1q0RARzTKrc1WBlJRwpnUoCQDAwRu8qVFElahuyxjMz-mQkBJyJK5q2oO2KwHsJRrnz5uowHyoCiqQTTtoEyGreIqqKafReX36OjdkqK0qX1zcMbySrFPmQ5LZ_&sig=Cg0ArKJSzJmYkdzRP1zuEAE&cid=CAQSTgDICaaNBqFUEm99bh4tWPU9xkntoipLs_c4oBAbfS0uSp0FimEptJf6VwAhho8RDfvDey6cKra_iusBw-E9GWElbe_oX0DOXtJkQUBk5xgB&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=3105533543&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701043655612&rpt=242&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 53AD 42 B
64 B 57ms
57ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssT_UHaavAe7uCsGm3zOokjadp9cS6WLB89E8ljGQ0cw4llUn6iL9dwbsQxZgPIXia7_SEfEl7jTB48UNHXzku7y2ZS63W3ftAZwzPnwoRefHOIvrG0qWmOuKKDdZxCmNwQzv-1U0VRikiB&sai=AMfl-YQ0qUu_dVLmvWnHJH4gh0xgoTtuAfazTGEkeGTobVTtSyMu1PTrZzZP00EMIapjQX2O8rO5P7xbNEefWxKtJEZ_h_AxfCTlBMSo1__QXuMl4vrcv4Jwdex7xtNS73dhwePb5yyI-ChlGQdLI2OD&sig=Cg0ArKJSzGWcvxtK0QRbEAE&cid=CAQSTgDICaaNBqFUEm99bh4tWPU9xkntoipLs_c4oBAbfS0uSp0FimEptJf6VwAhho8RDfvDey6cKra_iusBw-E9GWElbe_oX0DOXtJkQUBk5xgB&id=lidar2&mcvt=1002&p=0,0,90,728&mtos=419,893,1002,1002,1002&tos=419,474,109,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3105533541&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701043655682&rpt=299&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6BC6 42 B
64 B 57ms
57ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssTzVQF1rzfDTArLbrbYfaUCUDtFDLa7fcy_aDePk-Ar3EM9C-RAFCv6km8GIVeYo0MBOooKJtKdqyArsGB1At0RaQdsU0AAtvXmlop5wXLDZQf-R4fjM2p1whFZprf-jJKxQiP1XvGtGaz&sai=AMfl-YSS60iQFjXlZ3Osv8T3UrdyrgojM8DESPMUCKWq7rOXr96z-DJ_XExW6FdzgV2xbft8o-Q3-JKBEm3nJmqjtSQNRyewk-hFyl1X-B9qOBLotFTm66-VBbjCL9eE_jX9c7yHtYsDDxoe2ndTgKfT&sig=Cg0ArKJSzNEHCaBYDTkIEAE&cid=CAQSTgDICaaNBqFUEm99bh4tWPU9xkntoipLs_c4oBAbfS0uSp0FimEptJf6VwAhho8RDfvDey6cKra_iusBw-E9GWElbe_oX0DOXtJkQUBk5xgB&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3105533544&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701043655666&rpt=319&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 00:07:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 frameads1. Show response
fundingchoicesmessages.google.com/f/AGSKWxXyV_qE3HpTPfTl3iFt1ShvVQapimZ6PHaw4Xgs2sh5K7D7CU5yxOhU5wdy9pytlJoCmAia-qgsKVyyhV6GVanqGdb7UakKdFGBYUmsa112s_nKWjWbPkEjTQKZfB5QVyHCUWDVmjYa80uUP650_Yq3FlUuD... 54 B
109 B 36ms
35ms Script
application/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXyV_qE3HpTPfTl3iFt1ShvVQapimZ6PHaw4Xgs2sh5K7D7CU5yxOhU5wdy9pytlJoCmAia-qgsKVyyhV6GVanqGdb7UakKdFGBYUmsa112s_nKWjWbPkEjTQKZfB5QVyHCUWDVmjYa80uUP650_Yq3FlUuDv_qZlaak1Jw1CFvHrnp9cyYxXs4Y9Dk/_/index-ad--adchain..ai/ads./frameads1.?ad_number=

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.Nts5LvYIobk.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_ccpa_signal_executable/ed=1/rs=AJlcJMx-VBI7cufk83j17-qyMs5NHKqYbA/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

441ed7a935111140d9905f3b27f1c0df92814eabf7d6fc271a894ce07d8a7f6f

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-weiWV0ninxes1pWPsV5BkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:37 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-weiWV0ninxes1pWPsV5BkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 152 KB
52 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1b7522de6277c140bf0f045e2c1e749a19b5aca64ee1461a1efb70be8fa6722

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53140
x-xss-protection: 0
server: cafe
etag: 5971452669137543108
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 00:07:37 GMT

POST
H3 204 AGSKWxVdH_4OiVWPQV3PIerAIluSKxkcWtsOh2xNswAsa886SVJ0frHH3CqGHuIS7HTYg9rrjPA8lTbN9QlXh1iUoCFhse_rVWvy1U_LdgwjDk32wQcHe2uUUe-NANIlb74GbJSZz6jGoQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 34ms
34ms XHR
text/html 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVdH_4OiVWPQV3PIerAIluSKxkcWtsOh2xNswAsa886SVJ0frHH3CqGHuIS7HTYg9rrjPA8lTbN9QlXh1iUoCFhse_rVWvy1U_LdgwjDk32wQcHe2uUUe-NANIlb74GbJSZz6jGoQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-C_KXfXAQAr2aure7JaMBjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 27 Nov 2023 00:07:37 GMT
content-security-policy: script-src 'report-sample' 'nonce-C_KXfXAQAr2aure7JaMBjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://dafontonline.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVdH_4OiVWPQV3PIerAIluSKxkcWtsOh2xNswAsa886SVJ0frHH3CqGHuIS7HTYg9rrjPA8lTbN9QlXh1iUoCFhse_rVWvy1U_LdgwjDk32wQcHe2uUUe-NANIlb74GbJSZz6jGoQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 42ms
42ms XHR
text/html 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVdH_4OiVWPQV3PIerAIluSKxkcWtsOh2xNswAsa886SVJ0frHH3CqGHuIS7HTYg9rrjPA8lTbN9QlXh1iUoCFhse_rVWvy1U_LdgwjDk32wQcHe2uUUe-NANIlb74GbJSZz6jGoQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-X4RVYaNUWlwhl3RWJL5jnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 27 Nov 2023 00:07:37 GMT
content-security-policy: script-src 'report-sample' 'nonce-X4RVYaNUWlwhl3RWJL5jnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://dafontonline.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVdH_4OiVWPQV3PIerAIluSKxkcWtsOh2xNswAsa886SVJ0frHH3CqGHuIS7HTYg9rrjPA8lTbN9QlXh1iUoCFhse_rVWvy1U_LdgwjDk32wQcHe2uUUe-NANIlb74GbJSZz6jGoQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 49ms
49ms XHR
text/html 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVdH_4OiVWPQV3PIerAIluSKxkcWtsOh2xNswAsa886SVJ0frHH3CqGHuIS7HTYg9rrjPA8lTbN9QlXh1iUoCFhse_rVWvy1U_LdgwjDk32wQcHe2uUUe-NANIlb74GbJSZz6jGoQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-gsbCrOzpY2PfeRWM0tMQgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 27 Nov 2023 00:07:37 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-gsbCrOzpY2PfeRWM0tMQgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://dafontonline.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVdH_4OiVWPQV3PIerAIluSKxkcWtsOh2xNswAsa886SVJ0frHH3CqGHuIS7HTYg9rrjPA8lTbN9QlXh1iUoCFhse_rVWvy1U_LdgwjDk32wQcHe2uUUe-NANIlb74GbJSZz6jGoQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 70ms
70ms XHR
text/html 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVdH_4OiVWPQV3PIerAIluSKxkcWtsOh2xNswAsa886SVJ0frHH3CqGHuIS7HTYg9rrjPA8lTbN9QlXh1iUoCFhse_rVWvy1U_LdgwjDk32wQcHe2uUUe-NANIlb74GbJSZz6jGoQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-S4tlRJUUT9_UPGUpzu6OBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 27 Nov 2023 00:07:37 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-S4tlRJUUT9_UPGUpzu6OBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://dafontonline.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxUkhu_jIYs4la0g6KnCvWSy7-gbcr8Xl3v4jTDRSrh2zRnUVKcuw9bmoq7GE9DzCDGa3BEwHOFCFDBkm300Y0CRQGspEmjHvCau-SmI-5u0aEa4MeI0zuAAJrOi_y8QIWYKq49ZMg== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 51ms
51ms Script
application/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUkhu_jIYs4la0g6KnCvWSy7-gbcr8Xl3v4jTDRSrh2zRnUVKcuw9bmoq7GE9DzCDGa3BEwHOFCFDBkm300Y0CRQGspEmjHvCau-SmI-5u0aEa4MeI0zuAAJrOi_y8QIWYKq49ZMg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAxMDQzNjU3LDUyMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTAsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vZGFmb250b25saW5lLmNvbS8iLG51bGwsW1s4LCJOdHM1THZZSW9iayJdLFs5LCJkZSJdLFsxOCwiW1tbMF1dXSJdLFsxNiwiWzEsMSwxXSJdLFsxOSwiMiJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

883289feed6e3b1d20ddd1e6469ffd428873db239719663c53719ef42994025b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-axALkepOdD6OUDCEuUYmaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dafontonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 00:07:37 GMT
content-security-policy: script-src 'report-sample' 'nonce-axALkepOdD6OUDCEuUYmaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWpc5GZJUDYjpPeYNrqFrmIACm-M2BwPntmhgwEF1lJR6eoHaN0CII44Q9grMdB_YEjcCfYFOyAX-uUD50GzT8fxvPdB42Yf8_K7EXhv0_SehMQhZJLJvA33twK4Du_WeEo4QvCfw== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 35ms
35ms XHR
text/html 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWpc5GZJUDYjpPeYNrqFrmIACm-M2BwPntmhgwEF1lJR6eoHaN0CII44Q9grMdB_YEjcCfYFOyAX-uUD50GzT8fxvPdB42Yf8_K7EXhv0_SehMQhZJLJvA33twK4Du_WeEo4QvCfw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-sJAQNshTtM0xthD0bTQKNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://dafontonline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 27 Nov 2023 00:07:37 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-sJAQNshTtM0xthD0bTQKNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://dafontonline.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEE4_3fvQ_OBSoF1N3s_14OI&google_cver=1&google_push=AXcoOmQ06PHPjfX5zUWjNsiVghxBhvCgY5rGhb09NstE-3AUd-t7wO27SAnAQXMR5pJ7OcIPxqP4HIVqKJxthn8Lg62SCoAidSXwlpSd

Verdicts & Comments Add Verdict or Comment

141 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
dafontonline.com/dfoadmin	1969-12-31 23:59:59	Name: __wpdm_client Value: ddc94ec6c7efbc45970f7dd875d226cb
pogothere.xyz/	1970-01-21 01:09:07	Name: csu Value: 1109601091133638@1@1701043653
dafontonline.com/	1970-01-21 02:06:43	Name: advanced_ads_page_impressions Value: %7B%22expires%22%3A2016403654%2C%22data%22%3A1%7D
.dafontonline.com/	1970-01-21 02:06:43	Name: _ga Value: GA1.1.1828443161.1701043654
dafontonline.com/	1970-01-20 17:13:55	Name: advanced_ads_browser_width Value: 1600
.dafontonline.com/	1970-01-21 02:06:43	Name: _ga_H51NETC849 Value: GS1.1.1701043653.1.1.1701043653.0.0.0
.ojrq.net/	1970-01-21 02:06:43	Name: brwsr Value: f6ee5711-8cb8-11ee-9bfe-8f39d46fabfc
.envato.market/	1970-01-21 02:06:43	Name: brwsr Value: f6ee5711-8cb8-11ee-9bfe-8f39d46fabfc
.sjv.io/	1970-01-21 02:06:43	Name: brwsr Value: f6ee5711-8cb8-11ee-9bfe-8f39d46fabfc
dafontonline.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: bc0k81a6nrv4dbgko283snc4ch
.dafontonline.com/	1970-01-21 01:52:19	Name: __gads Value: ID=72e41293eea8064c:T=1701043654:RT=1701043654:S=ALNI_MYLhyRvits1SJbgUessjXQmA_iCRg
.dafontonline.com/	1970-01-21 01:52:19	Name: __gpi Value: UID=00000cdccfd6ea08:T=1701043654:RT=1701043654:S=ALNI_MYG4EKGWcabZ2vbVGuI_cqU_mzdrQ
.doubleclick.net/	1970-01-20 16:30:47	Name: DSID Value: NO_DATA
.casalemedia.com/	1970-01-21 01:16:19	Name: CMID Value: ZWPdx8EnPIdQrqoKLv9WwgAA
.casalemedia.com/	1970-01-20 18:40:19	Name: CMPS Value: 3163
.casalemedia.com/	1970-01-20 18:40:19	Name: CMPRO Value: 3163
.adnxs.com/	1970-01-20 18:40:19	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Hc'MKUm(!@wnfH8K6pQK`!5=E<L5?%Lp[q4^u4hwZ(2D5Dyduhc^lvdBaBR$?Iwrgky%nugO%v4VB%nne#-!?W
.adnxs.com/	1970-01-20 18:40:19	Name: uuid2 Value: 5798847730484799811
.doubleclick.net/	1970-01-21 01:52:19	Name: IDE Value: AHWqTUlFcBIKKuZyxqutrJ88xdg2r_J9_k0ZfrX6M74bKJgTiDJcenLeI2IYGqmoYI0
.quantserve.com/	1970-01-20 18:40:19	Name: d Value: EHEBCQHDKoEA
.quantserve.com/	1970-01-21 02:00:58	Name: mc Value: 6563ddc8-22575-68876-2a657
.w55c.net/	1970-01-21 02:00:58	Name: wfivefivec Value: sAaYHTtY1R7pa05
.w55c.net/	1970-01-20 17:13:55	Name: matchgoogle Value: 5
.everesttech.net/	1970-01-21 01:16:19	Name: everest_g_v2 Value: g_surferid~ZWPdyAAClvS4HgAM
.tribalfusion.com/	1970-01-20 18:40:19	Name: ANON_ID Value: aSntuJN3IdaSIdwFTkVREOqH7fBsn2kbN5R0KAUVUpKcjaYDgXwdiPtdfZaZbbbiv2yp3leEpWyNUsJYuavxn7scZcm
.googleadservices.com/	1970-01-20 18:40:19	Name: ar_debug Value: 1
.dafontonline.com/	1970-01-21 01:16:19	Name: FCNEC Value: %5B%5B%22AKsRol_kuseOV_frIUvG4qourEQxosBkUkfUJilVvmjoivexPZk5c-XGBT7w_zZRtRhPcMGuwodb6gT6YNgb6BgqcSIFsLZELrs9RfI37lC0sS1XWv_QR9bevUI5JS8m1OFePOmfnHUS_VwUqrZkDmgUJ6bGH4Z7QQ%3D%3D%22%5D%2Cnull%2C%5B%5D%5D

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp27Jk42mX4t2iAEA-wHtMIa3l5sRj8BetZgXAfJMD6ldXDn5w2Bf0qPS2DX5v0y8x8eYQC6-Q&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1526154014%3A1701043653469309&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1_JGvhn_adSr8usUKAV5pkkkRs80eBL1PUNt-4XH1dVx2vWbIMk_09vT_tcRsUPA4U38XMhg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-973012229%3A1701043653511550&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	report-to default
Strict-Transport-Security	max-age=2592000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.envato.market
a.impactradius-go.com
a.tribalfusion.com
accounts.google.com
ad.doubleclick.net
cdn.dafontonline.com
cm.g.doubleclick.net
cms.quantserve.com
d1lnjzqqshwcwg.cloudfront.net
dafontonline.com
dis.criteo.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
funnyfuzzy-affiliate-program.sjv.io
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
ib.adnxs.com
imp.pxf.io
match.adsrvr.org
nopoloferewer.com
pagead2.googlesyndication.com
pm.w55c.net
pogothere.xyz
region1.google-analytics.com
riperfienwa.com
s.tribalfusion.com
s0.2mdn.net
sync-tm.everesttech.net
tpc.googlesyndication.com
www.facebook.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.ojrq.net
googlecm.hit.gemius.pl
104.21.32.115
108.156.60.79
142.250.184.230
142.250.186.162
142.250.186.34
151.101.2.49
172.64.151.101
178.250.1.9
18.239.83.72
188.114.96.3
198.54.116.83
2001:4860:4802:32::36
2600:9000:20a0:6a00:11:6246:b000:93a1
2600:9000:2250:b200:2:bb72:9400:21
2606:4700::6812:19ad
2620:116:800d:21:ef75:8280:f209:5ba1
2a00:1450:4001:800::2002
2a00:1450:4001:802::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2006
2a00:1450:4001:811::2008
2a00:1450:4001:81c::200e
2a00:1450:4001:828::2003
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200a
2a00:1450:4001:830::200d
2a00:1450:4001:831::2002
2a03:2880:f176:181:face:b00c:0:25de
3.69.152.80
34.95.127.121
35.201.76.231
35.227.211.136
35.227.251.108
37.252.171.149
52.223.40.198
01ca0f6701a5216d806bb90bf1682a9ede4a721865ae2ee2f08b9417fc0f622c
05f1bb205118c1b122b15f3182ceac6333568f89af135083a9a33b59bef16ca0
075cad64b4899424a5b629139189166e6506b230224f412baf479be39b27d599
09b6a5f215058d55838f397f50b4d50805f1b85a6f6ea10dd919bf434fa76f77
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bde15c60969f006841ac4c6def46cae37e8ae4ca689529dcb4fd60a5c1cae15
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
1a131470b015c6e69d5bd73154250465c51de7bdad49d0fa04aaa251758955c2
1a6ddae0df0a327053a81808d71ea8a31037e6b3241576aa8a2cc94364691cfe
1b9a03232b9185c36ade03249305675f6a33c1f672135e94952b12a8b963b18f
23afb771f40d305ecc171fd57744f6c01d2b4f3537bde703171218286fb7b754
24083b363d57de5d53ae7da1e21b229124f793278a01c00834260816ad8b3111
257308d9df6fd613bc357853c811d2a84c28504dacfd4a789803d1b96a86eade
25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af
2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748
2af478968cfdba350d71cea6da37a73a0105a5b34eefb670d31b68e76233e051
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
363fe76c1af6614c0509b96555e7b486ac582002588eb4a3d403c4b4654e6920
3a15cdc13287b515c2c0e0508ee84cd601af73f69d2aaf8c9ee832f0e01458ab
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3c7937029d55ebc048651fb6a71430bfceaaffee1b87e2da1ed99d76e4597c5f
3e5440595cde4c8522d8b54db5382a342ebae53a0434f95bc63448ca4396ca5b
407343d08180a0d5dc5981072ee94249fae8115d741ff0d7b5843283ac6a58f6
41b27c9c732c3ad80943230b2b0fad9da7bf6c4b9a8b82aac6653f51fff3f7f3
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
441ed7a935111140d9905f3b27f1c0df92814eabf7d6fc271a894ce07d8a7f6f
471c7362e2ccfad5dfaf25c9fcbf53093d95c813d4e8cf0d599daa125a1c4f86
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c8a9d356acb26f3e8adc0c1bb917b58b78a2d1c807cf14d30b5ebdaf23bcde5
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d86b5ed9e1846bb11823f463811a64bfef7fbe6c8a1506b4cb2a07c0706857c
4dcf792896566ea11b4f58b280b7487f020815ad221539d1559284f0c7f2dfd9
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e87a5ad16f9ba3e4497b2c3760518e377d11103ff2438edded7e784938afe66
557cf15821d24471dac40cd35467eb39c7bf67c721e643f5318bf01ccd3cceb1
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55efc399c1957d064f0351a8de32201c155996e920a157cd23fbabbfd525ccda
56c12821c6ea2e1de81f215508fcf115541e9b18df757dc26f14948b862ae83d
56f5c5c79d836e82d244f703ffcbb703cdfe3211d53521c276f579158acb1776
5a3c997b145a7502cf95c3d805e4096e30aadf4e6a2b2c432cbd4b676b0af984
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5f937b9447dd8e4f752df8d6472e18f929ea5e22a6b2b6ab4257e65085938052
5fa9a4d53af90878b8a79731fc450c3c4f87fedcd0a016a19d91a4ad8c80f3fa
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
64b4bb8cdc89f758b05be6f408ddbe77b3f4d4a6b4bfdc636150bc914792206a
6535e1184d9a1a525fd72f2f3d3c680619398ad4c9bc04328b9132f16104804f
6cd4f18ae411310727b104639f1237c3ced50deb4c14ea056acb53a6470daf24
6f0043e4c67c8451d9f13ec26c6bc165a1fd57d0b71e785933a2cbb34f3f5915
6f581adc60f6e57b523cc07df365868a9588205b6570b02b93b441338befd0e1
72baa43c98cf6cc785daf0ac4b6b3d2a6f80c60512fceecffbdca1abbb0e0c65
7465c18a105f7809e11c0d8885491d3c56a6bd7c864329e3412ed0ea6d6b1de6
7ad5bc37af00920aff108e48394a6db7f8164e9bc36a667c601698d5881accb4
82df0ce80a425ea666120f9329a997fc679635d846d9fa770533812f7f4b5542
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85888a54df421e20e572c2482b012d62d9c0e442290c68ab01e778ddc1057cd8
8805b5c1f16c088dab35529b1377cd29a82744e9b0bb4a712c99585a414ce254
883289feed6e3b1d20ddd1e6469ffd428873db239719663c53719ef42994025b
89e19d6af906b935cb35d1dd3b10f94119c92a0754b6c93c19db7c0433733810
8bd149189a253bcde337c84e8687525d96bef4a5deaec76a806a6f2f6c82cb0a
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d9e3f22f62e64861bd49a5d681ec90024627f8de238900e7bf43d5135904f36
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
9052a658add745b76ed5a1515d2091046dbaa74550e65c017b904126e9772fb7
91f231e16fd5735579f287a5752b21fa9c20eeb513b81322e99a97aa91d39df3
9387b46d86935572e71d99197da03669f8b64935271c3ad72710309173b2ee7f
941cec3f15ffaf736dd0e90abbc6bfd726eef2e60796b5fe243d0e7085b6804a
953c3d40c486b72fd37c4dffb6961a77d250679c60c0b204fdcc2717fccfc171
99aad9fb525baaa21ae6a5842bd2b89a79d0bed913e42f32b8726660afb42ee3
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c419e3ada62ac8a308cf7a6967d866775a2aa78e89dd4c4698db8a429f8f85a
9d489f4fb8fb5b750c4a08dc346f5a297e31f2a9b86b9cc52c6e8668dd1d4a60
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2e3df5aad2997511e7639b732bbe73e0e83b4eed48cfd7a054ce8cd7d61792a
a3721d092d2be4fffd8b5a755bd2fec81c6e93341e95a467c8c2a452398f2d18
a3a80ef408904d11ff9679aa04b1d8bd87cb606a35b4db51e97018ff84d022ec
a3e5c486ca9cab98b690f2f3fcc83c73141a667293c8a8236bb1e376313f0e36
a80d935d5d60a9ea8664abbcfca22da36fcd56b28aa57a51c13167be299b41ed
a8bb42a0d5b3c8ba4e775132c438af760961cc3efc4dacb47df2c2dc955d8fd2
a9886adaa184c30abb4b676a448aa8e1979a57cb0d6c2d081bd723ac480fc89f
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b43263fd450c755b0c080740c005384e9d593f9371084f3c5ca96359e20bdb5b
b60f0124e234420400116f04ec3edd07a3ea13ec9be3fe2e0b28ae00f812c7c0
ba845583c9b317ef3a372673ea292902f451d5f806f5b5a93009e382a91af4af
baf28ddd2dcf0a7ea32052eb7a066df465ef72054ec9d90ac2cdb981006dcb70
bb5d4ff4b0e08450f807c0a4c4f10b8913136c9231316e2d6722d45b0df3f8fb
bbb386dfd24a7d7e0756ea00d5d7a896144dfad936c44414d27396594d7aa269
bf3ae3cb276e14b8260f0a5581a6da12c86d3963549a2747e0099a0d85361412
bf86328b99cc5b9e8f62dc6b3e9f26cd7c2fa4c28ad78a08ff920abe7aeb87e0
c1b7522de6277c140bf0f045e2c1e749a19b5aca64ee1461a1efb70be8fa6722
c3f1ea1003aa766255dae800c77facc37bd082a78278e8fdcd00ac406a77d3c1
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
cb45f0223edcc086f54c01601e75191551ad7d222b5da747b1fc0df9cbf00329
ccbf102f2473331697831e7acd9acb662df2bda098555b73cd31dbef911b9f8b
ce572d9dae2e116ac512aa8dfdbab71938061614c985f24efb89644cbe6fc2e1
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
d220597acad4d66b7b67381fce1c28f249bba271f780853bb9a84ef562959671
dbafa42e26a30194c0e5d44e4c9878bf0aa690a19efd5b38536f01d4ffa3d3e0
e15354b0f6e5cc066da8650db1c54e7bfb09f1cc81d5896c75c4ddee1a3d3d45
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e60ae1a9fe8a56e60a6009e4974b4c7d97e617110d9e305216597588dc26ff20
e76373de86c74b90926f16038d6cd0533d1d7de072f21a7f923e1fa2af8950ce
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ec34cd386427fe6deacf99f4fdbeea4b1d1ed25f505411650d7ceaa843a7fc63
eda3edc1d3fae2b662d766b04ed1e36afbfada6bf683bd3d635410c2a66efbf5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb59e0c7aaa56fb46c5e8a9d002a5cb6519f4186ff5dae49e9eda89e83a4f15
f19e2ac517ae5bf6648c9b857985d53ca719dd83859f7269a0896a28c1adc1c8
f32e2743fa5039bb1dab4673ba1cfd76eaeba3889745d04f3187a7df0c56b8df
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f620c68710822a68bf5b732978395efa814835d0b16eb8e7aeb853f5982aed84
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f74741c385ff9fe2802bb37800f03f41038caa2723ba95e7683f55a31ab80f21
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f8313f60698696e7312ad593c00bfd9e0d1d451aead7da367871fc7f1642921c
fa7081c5f11f11775248631cf136af19eae159cd038ddea5a7745dacf5d9a963
fd49ee92c534934e9219f98313450975c361cbcffa40cd535a29f46f915e9182

dafontonline.com Open in urlscan Pro 198.54.116.83 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

179 Requests

90 %HTTPS

50 %IPv6

30 Domains

38 Subdomains

33 IPs

5 Countries

2548 kBTransfer

5846 kBSize

27 Cookies

4 Outgoing links

Page URL History

Redirected requests

179 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 29 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

dafontonline.com Open in urlscan Pro
198.54.116.83 Public Scan

Screenshot
Live screenshot

Full Image

179
Requests

90 %
HTTPS

50 %
IPv6

30
Domains

38
Subdomains

33
IPs

5
Countries

2548 kB
Transfer

5846 kB
Size

27
Cookies

179 HTTP transactions
29 data transactions