www.file-upload.in Open in urlscan Pro
2606:4700:3036::ac43:b1f7 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.file-upload.com/5cng0xj2jaea
Effective URL:
https://www.file-upload.in/file.php?get=5cng0xj2jaea
Submission: On November 26 via manual (November 26th 2023, 6:14:29 pm UTC) from TR — Scanned from CH

Summary HTTP 287 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 48 IPs in 9 countries across 41 domains to perform 287 HTTP transactions. The main IP is 2606:4700:3036::ac43:b1f7, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.file-upload.in.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 27th 2023. Valid for: a year.

This is the only time www.file-upload.in was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2400:52e0:1e0... 2400:52e0:1e00::1081:1	200325 (BUNNYCDN) (BUNNYCDN)
3	2606:4700:303... 2606:4700:3036::ac43:b1f7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
27	2606:4700::68... 2606:4700::6810:8516	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:38::178	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	172.64.152.89 172.64.152.89	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:218... 2600:9000:218f:4400:10:dd8:5e40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:244... 2600:9000:2447:7c00:a:e047:753:a221	16509 (AMAZON-02) (AMAZON-02)
1	18.239.18.12 18.239.18.12	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1 2	34.120.135.53 34.120.135.53	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 3	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
1	141.95.33.120 141.95.33.120	16276 (OVH) (OVH)
1	54.194.65.19 54.194.65.19	16509 (AMAZON-02) (AMAZON-02)
38	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
31	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
3	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
2 2	37.157.4.29 37.157.4.29	198622 (ADFORM) (ADFORM)
1 2	67.220.228.200 67.220.228.200	16509 (AMAZON-02) (AMAZON-02)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
9 19	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
42	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
8	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
9 17	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	16509 (AMAZON-02) (AMAZON-02)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1 1	69.166.1.34 69.166.1.34	27630 (AS-XFERNET) (AS-XFERNET)
1 1	63.32.136.117 63.32.136.117	16509 (AMAZON-02) (AMAZON-02)
1	52.198.239.233 52.198.239.233	16509 (AMAZON-02) (AMAZON-02)
1 1	35.208.249.213 35.208.249.213	19527 (GOOGLE-2) (GOOGLE-2)
12	2606:4700::68... 2606:4700::6811:c96e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:244... 2600:9000:2449:e800:16:eff:6080:93a1	16509 (AMAZON-02) (AMAZON-02)
287	48

1 188.114.97.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.file-upload.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

www.file-upload.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1e00::1081:1 (Germany)

ASN200325 (BUNNYCDN, SI)

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3036::ac43:b1f7 (United States)

ASN13335 (CLOUDFLARENET, US)

www.file-upload.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2606:4700::6810:8516 (United States)

ASN13335 (CLOUDFLARENET, US)

live.demand.supply	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.152.89 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-ima.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:218f:4400:10:dd8:5e40:93a1 (United States)

ASN16509 (AMAZON-02, US)

connectid.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2447:7c00:a:e047:753:a221 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.18.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-18-12.ams58.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.71.149.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.33.120 (Germany)

ASN16276 (OVH, FR)
PTR: ns3203256.ip-141-95-33.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.65.19 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-65-19.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.29 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.220.228.200 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 172.217.16.194 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 104.18.36.155 (None, ) 9 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.166.1.34 (United States) 1 redirects

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.136.117 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-136-117.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.198.239.233 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-198-239-233.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.208.249.213 (Council Bluffs, United States) 1 redirects

ASN19527 (GOOGLE-2, US)
PTR: 213.249.208.35.bc.googleusercontent.com

trace.mediago.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6811:c96e (United States)

ASN13335 (CLOUDFLARENET, US)

c.bannerflow.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2449:e800:16:eff:6080:93a1 (United States)

ASN16509 (AMAZON-02, US)

dfghidiqaynia.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
75	googlesyndication.com 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	505 KB
43	doubleclick.net 9 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439	444 KB
42	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	4 MB
27	demand.supply live.demand.supply — Cisco Umbrella Rank: 53681	42 KB
22	file-upload.org www.file-upload.org — Cisco Umbrella Rank: 671147	550 KB
17	casalemedia.com 9 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	10 KB
12	bannerflow.net c.bannerflow.net — Cisco Umbrella Rank: 8923	153 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	319 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	48 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 406	104 KB
5	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1656 google-bidout-d.openx.net — Cisco Umbrella Rank: 1665 eu-u.openx.net — Cisco Umbrella Rank: 2753 us-u.openx.net — Cisco Umbrella Rank: 522	2 KB
4	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 364 fonts.googleapis.com — Cisco Umbrella Rank: 31	32 KB
4	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 574 www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2462	38 KB
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 454 mug.criteo.com — Cisco Umbrella Rank: 2926	7 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	174 KB
3	file-upload.in www.file-upload.in	11 KB
2	cloudfront.net dfghidiqaynia.cloudfront.net	11 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 823	1 KB
2	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
2	amazon-adsystem.com 1 redirects aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 890	2 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 599	1 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 976 bcp.crwdcntrl.net — Cisco Umbrella Rank: 887	13 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 863 id5-sync.com — Cisco Umbrella Rank: 440	35 KB
2	yahoo.com connectid.analytics.yahoo.com — Cisco Umbrella Rank: 4351 ups.analytics.yahoo.com — Cisco Umbrella Rank: 327	9 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	147 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 14674	10 KB
1	mediago.io 1 redirects trace.mediago.io — Cisco Umbrella Rank: 904	455 B
1	adingo.jp cc.adingo.jp — Cisco Umbrella Rank: 7108	44 B
1	yieldmo.com 1 redirects ads.yieldmo.com — Cisco Umbrella Rank: 657	597 B
1	sonobi.com 1 redirects sync.go.sonobi.com — Cisco Umbrella Rank: 931	760 B
1	adkernel.com dsp.adkernel.com — Cisco Umbrella Rank: 6641	233 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 764	463 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 353	149 B
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2491	3 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2139	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 335	1 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 668	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1762	8 KB
1	33across.com cdn-ima.33across.com — Cisco Umbrella Rank: 1383	5 KB
1	file-upload.com 1 redirects www.file-upload.com	428 B
0	alexametrics.com Failed certify-js.alexametrics.com Failed
287	41

	Domain	Requested by
42	s0.2mdn.net	www.file-upload.org 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com s0.2mdn.net
38	pagead2.googlesyndication.com	securepubads.g.doubleclick.net www.file-upload.org 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com tpc.googlesyndication.com s0.2mdn.net pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
31	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.file-upload.in tpc.googlesyndication.com www.file-upload.org 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com s0.2mdn.net
27	live.demand.supply	www.file-upload.in live.demand.supply
22	www.file-upload.org	www.file-upload.org www.file-upload.in
19	cm.g.doubleclick.net	9 redirects google-bidout-d.openx.net googleads.g.doubleclick.net 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
17	dsum-sec.casalemedia.com	9 redirects googleads.g.doubleclick.net
12	c.bannerflow.net	s0.2mdn.net c.bannerflow.net
11	securepubads.g.doubleclick.net	live.demand.supply securepubads.g.doubleclick.net www.file-upload.org
8	googleads4.g.doubleclick.net	www.file-upload.org
6	9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	www.googletagservices.com	9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com securepubads.g.doubleclick.net www.file-upload.org
5	googleads.g.doubleclick.net	9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com pagead2.googlesyndication.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
3	www.gstatic.com	www.file-upload.org 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
3	fonts.googleapis.com	securepubads.g.doubleclick.net 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com www.file-upload.org
3	connect.facebook.net	www.file-upload.in connect.facebook.net
3	www.file-upload.in	www.file-upload.org www.file-upload.in
2	dfghidiqaynia.cloudfront.net
2	image6.pubmatic.com	2 redirects
2	www.google.com	tpc.googlesyndication.com 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	aax-eu.amazon-adsystem.com	1 redirects google-bidout-d.openx.net
2	c1.adform.net	2 redirects
2	gum.criteo.com	1 redirects static.criteo.net
2	oajs.openx.net	1 redirects
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	www.file-upload.in www.googletagmanager.com
2	images.dmca.com	www.file-upload.org www.file-upload.in
1	trace.mediago.io	1 redirects
1	cc.adingo.jp	9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
1	ads.yieldmo.com	1 redirects
1	sync.go.sonobi.com	1 redirects
1	dsp.adkernel.com	9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
1	cms.quantserve.com	9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
1	us-u.openx.net	google-bidout-d.openx.net
1	match.adsrvr.org	google-bidout-d.openx.net
1	eu-u.openx.net	google-bidout-d.openx.net
1	google-bidout-d.openx.net	oa.openxcdn.net
1	mug.criteo.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	id5-sync.com	cdn.id5-sync.com
1	ups.analytics.yahoo.com	connectid.analytics.yahoo.com
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	connectid.analytics.yahoo.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn-ima.33across.com	securepubads.g.doubleclick.net
1	region1.google-analytics.com	www.googletagmanager.com
1	ajax.googleapis.com	www.file-upload.in
1	ssl.google-analytics.com	www.file-upload.in
1	www.file-upload.com	1 redirects
0	certify-js.alexametrics.com Failed	www.file-upload.in
287	57

This site contains links to these domains. Also see Links.

Domain
www.file-upload.org
www.facebook.com
www.instagram.com
www.youtube.com
file-upload.org
www.file-up.org
www.dmca.com
safeweb.norton.com

Subject Issuer	Validity	Valid
file-upload.org E1	`2023-11-23` - `2024-02-21`	3 months	crt.sh
images.dmca.com R3	`2023-10-26` - `2024-01-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-27` - `2024-03-25`	a year	crt.sh
demand.supply Cloudflare Inc ECC CA-3	`2023-02-19` - `2024-02-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-05` - `2023-12-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-06` - `2024-09-30`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-11-24` - `2024-02-22`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-09` - `2024-01-06`	3 months	crt.sh
connectid.analytics.yahoo.com GlobalSign ECC OV SSL CA 2018	`2023-08-15` - `2024-02-08`	6 months	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-10-24` - `2024-01-22`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-11-02` - `2024-01-31`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-03` - `2024-01-24`	6 months	crt.sh
*.id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
quantserve.com R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.adkernel.com AlphaSSL CA - SHA256 - G4	`2023-01-03` - `2024-02-04`	a year	crt.sh
*.adingo.jp Amazon RSA 2048 M03	`2023-09-13` - `2024-10-12`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh

This page contains 32 frames:

Primary Page: https://www.file-upload.in/file.php?get=5cng0xj2jaea
Frame ID: C5DD1F4B17AEBA4C2F7635974CB19500
Requests: 94 HTTP requests in this frame

Frame: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4DCC15B2AA84D23B2981A66E275C1BBA
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.file-upload.in
Frame ID: 4A8E38E28859F424ACDE00397CE931D9
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 4471C4AF02963EF84CD5559E60CC34D3
Requests: 6 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012310301456000/amp4ads-v0.mjs
Frame ID: 0300249B78430889519016CBB1CA6C10
Requests: 15 HTTP requests in this frame

Frame: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: C8667CB534CD69D072B2E54AB34E8D4E
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0C79C4C4AD207EC58339C3D3CE28E65B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E5E7A8B6C2F40396C7F9B005ED39D006
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGNDjtPEBMAE&v=APEucNWCNvOYarDKQQNQKhs0sQTo_nfcgvyG_lbmdcwWMNakZ8hBqezeic_kVTsBka0hqbETEzKuPTwjVjEuTvhms6g6gpdGjA
Frame ID: 9EA1D78A3EAC46986930D015571118E5
Requests: 4 HTTP requests in this frame

Frame: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: BED1223A78374F59DE0D2C0ABA54243E
Requests: 13 HTTP requests in this frame

Frame: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 178FC96F8F62E89F5DBC8323122A046B
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGNDjtPEBMAE&v=APEucNX8FN43Fe3DHTi4dJREkuC7CzL372v4hwAcGg9IeyMQFsiVqbaZ-jqM3WODN9h6Q1CfEcoAM56wVSPXtqYvHmvKyaI5IQ
Frame ID: B570D850410B28BE339C1FB406EBD193
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 76F16CA37D3BDB59188EE8CC73E14A6A
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst-V8Mlig1dx7iHWBZitFguJM35n4fYapChTxrDEjhA4iy0lgWq63l4LjOpSLzwSrZQZO35UTUXAFRxZpweAKwgQOMolfsMoXDdQXOocVzcNk2m1ypy_T1T8AAQpuWEJ0VtfZnBgPkAuTpuHH32qnWmKz-VuFayjNueR20cPSidoDif6PA14ZIktZUnO54QxmA4RWB6LIhOKVEhVWRoguJV-usCS48-pjckZSLNHNlM-nlFbyngy-m_l2Lwf1ojBlQOIqaHhAzoNelhHR5KvN-yrj_dBfA64dw0hMvD639LKc4K8FUPqTvo1NjOkw94yxk7mzP_y6xE_b69VsJqoWg8jz78m5RJwYUWQAN14Xf051_B1YTIfWXI08aWARECIEzLcCsfGnzzQp6gzmT78o1kvOps6OJwJP-QNIibUACwAs_4fg&sai=AMfl-YRE69mFfQy4TNO5BYHMmPN83oH_qhUfKbxvtJb21jwjcJhb_PR4XbsIyN8WHdkkTMewcwVseW8wxuemAwdQHY-B0nffxdg3XOtpmwLWNMXiEdUNdg0rRDw1ycSI5OfJ2jITijFd7JoBuDI-4K9K4Ts&sig=Cg0ArKJSzPNGvPxva92cEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: A9CD7C07E80F45F4729B73E4C99D9F85
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRi7-tz-ATAB&v=APEucNUnyxv40weTV89OdAQr8zQorRAVoBVRLbVHS3ApCfsm4NCAJgQM8fxJUujzFPsZUW0evNRKCnORFlPQDTzZ3359pIPkkQ
Frame ID: 308D9285827DA8109A9FEDDFFD492D42
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
Frame ID: 985AF7CDE0826449B30B10A04F2769CF
Requests: 20 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: C0CCE75C0B1F55794FE6B21319E6ABBA
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
Frame ID: 26C4CE49F48970B07A24F4EC0FB737BF
Requests: 20 HTTP requests in this frame

Frame: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 743D1777B3AB8CE242B52648072685D0
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 2B4916C0F19D19A7E59F933B4EB66C36
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Poppins%3A400%2C600
Frame ID: 5F0C6C6A6BD57F8A2A2A9099A2BDA964
Requests: 7 HTTP requests in this frame

Frame: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 43A818404C8EFEA16EB373C2FFE18D1C
Requests: 20 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js
Frame ID: 42DCCFB56F0C03B09632C6A89A76CD8B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICSjpAFEL_Xk7MFGJ2mn_oBMAE&v=APEucNU59hrU_CbEe_s6CjYnCinMNucxSrOhm78GFH9SJmRiSK08HGbGgH9xDVaKxeJfKMd0WiLb9XgB2Y97Xt1nHgJEaY3kvw
Frame ID: 854A21A7A0949300B4E6CEF1F4FE1E09
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Frame ID: C2DDDB8A3BF36F798E54FB6A79754187
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Frame ID: D13CC898D311CE033D7182223C246EE7
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C61AE64768C1BDF389117C9B87D33419
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 6FBBA3A900B467202345A08FCEB60A6F
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/3978026277272551424/CH_EN_Stocks_Track1_Range-2-ENCH-970x250-638326118677785326-26b1a8a3-7a8f-4f22-8b49-33fe21b525b3.html?ev=01_250
Frame ID: 503DF5BAEEC048066379F87ED2BD9934
Requests: 9 HTTP requests in this frame

Frame: blob://https://s0.2mdn.net/779693e0-a36d-4e20-ada5-aaf803550c58
Frame ID: CB88F476679C2FE88C051A269557A628
Requests: 1 HTTP requests in this frame

Frame: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fsaxo-bank%2F5a0d3b1088665f7354f5da6c%2Fimages%2F9f0ed779-182e-4c28-adce-8e9c63d05cba.png&w=215&h=311&q=99&f=webp&rt=contain
Frame ID: BEFF760D5FC82D509DB28BB959778E34
Requests: 5 HTTP requests in this frame

Frame: https://dfghidiqaynia.cloudfront.net/go-to-market/Display/AOT_2021/AOT_CH_EN_Stocks_Range_1080x1080.webm
Frame ID: 8CCB91211F6AE5CCE9A36F423E5EA04B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

File-Upload – forex-article.store – FileUploadFile-upload

Page URL History Show full URLs

https://www.file-upload.com/5cng0xj2jaea HTTP 301
https://www.file-upload.org/5cng0xj2jaea Page URL
https://www.file-upload.in/file.php?get=5cng0xj2jaea Page URL

Detected technologies

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

287
Requests

92 %
HTTPS

58 %
IPv6

41
Domains

57
Subdomains

48
IPs

9
Countries

7128 kB
Transfer

12681 kB
Size

38
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://www.file-upload.org/?op=payment_proof
Title: Proof of Payments

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fileuploadcom

Search URL Search Domain Scan URL

URL: https://www.instagram.com/file_upload/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCSbk9gxKeQnawO7cZ0hZPJQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/make-money.html
Title: Make Money

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/login.html
Title: Login

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=register
Title: Sign Up

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=forgot_pass
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=news
Title: News

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/desktop.html
Title: Desktop Uploader

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=change_lang&lang=english
Title: English

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=change_lang&lang=arabic
Title: العربية

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=payments
Title: Premium Download

Search URL Search Domain Scan URL

URL: https://file-upload.org/5cng0xj2jaea
Title: Free Download

Search URL Search Domain Scan URL

URL: https://www.file-up.org/?op=register
Title: Sign up now

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/faq.html
Title: FAQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/tos.html
Title: Terms of service

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/child-exploitation.html
Title: Child Abuse Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/copyright.html
Title: Copyright Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/contact.html
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/adv.html
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/dmca.html
Title: DMCA

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/reseller.html
Title: Become a Reseller

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/links.html
Title: Links

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=check_files
Title: Link Checker

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/refund.html
Title: Refund Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/banners.html
Title: Banners

Search URL Search Domain Scan URL

URL: https://www.dmca.com/Protection/Status.aspx?ID=ff6622a1-89c3-492e-8fab-02994910b766&refurl=https://www.file-upload.org/vsd4gox6iv4l

Search URL Search Domain Scan URL

URL: https://safeweb.norton.com/report/show?url=www.file-upload.org

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.file-upload.com/5cng0xj2jaea HTTP 301
https://www.file-upload.org/5cng0xj2jaea Page URL
https://www.file-upload.in/file.php?get=5cng0xj2jaea Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.file-upload.com/5cng0xj2jaea HTTP 301
https://www.file-upload.org/5cng0xj2jaea

Request Chain 72

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.file-upload.in%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.file-upload.in%2F&rid=esp&cc=1

Request Chain 82

https://gum.criteo.com/sid/json?origin=publishertagids&domain=file-upload.in&sn=ChromeSyncframe&so=0&topUrl=www.file-upload.in&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=w35EP3xGNlNHdmI3TE9saUVHSVl0c3N2cU9seXNiRFlZN2UvUWVFN2N4eU0zenN1bkU0ZkhmL0MwZzhOMUhWQ1FPYitjdVBuTTRGTFRFc2RmbDNUWkdiQ1FtcU11V2gzaXVsaFdJQXIxSSsvM0htbFNabzdYR3puT1A2YlRvZHMwRGhuSGJwVkNxUGIrYU02WjFFT2JJM2FoL0dyNWNaNTE2T25CdFVPWVNhSGIzMjkwa0JXc3hYNmFPV1AyQm9xT2NDQTBmeFA4QS9jZmhKdXYxQWgxL1g0dEkrSzQ5ZEFBOXVNSFcvV1VjSkoxbGpNZzRnVHppbVd5NVF3OHo5cVAvV0FsV1RzMyt6dVZIc2NTc3dQVUJiSjhMOVphU3lpcFArUXVvazd1cE1wL3JqOD18&cppv=2

Request Chain 99

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2350489431911942724

Request Chain 100

https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=f3821b63-03dc-c124-12e7-da6306bd0a9c HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=f3821b63-03dc-c124-12e7-da6306bd0a9c&dcc=t

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPGKZjSzhE7c_vzIo0ddrSY&google_cver=1

Request Chain 149

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1&C=1

Request Chain 150

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWOK-80lH6xRrrEu1AxxfAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1

Request Chain 157

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1&C=1

Request Chain 158

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWOK-80lH6xRrrEu1AxxfAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1

Request Chain 168

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1

Request Chain 169

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWOK-72vWO6MZIoGcFS2pAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1

Request Chain 240

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1

Request Chain 241

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWOK-80lH6xRrrEu1AxxfAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1

Request Chain 257

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMJ06-d6vFosnh0geokIXGE&google_cver=1&google_push=AXcoOmQ_1_pdWdUImgUsX983S0dB08zdOVqlO81aCm0UIlGq7eoiN7LNK_0TwWNKUUvzat57zEn3phscPDzUbBi82MLHAEeTNqNPVA HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMJ06-d6vFosnh0geokIXGE&google_cver=1&google_push=AXcoOmQ_1_pdWdUImgUsX983S0dB08zdOVqlO81aCm0UIlGq7eoiN7LNK_0TwWNKUUvzat57zEn3phscPDzUbBi82MLHAEeTNqNPVA&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=BiVjW5LvQh21tbMxw8twXQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmQ_1_pdWdUImgUsX983S0dB08zdOVqlO81aCm0UIlGq7eoiN7LNK_0TwWNKUUvzat57zEn3phscPDzUbBi82MLHAEeTNqNPVA

Request Chain 259

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAXcoOmT--aFEN1vgG_M4rTrP6aMsCMIHV-RSIRS8K-kqPz9ECXQUz7KNXyi1KK83b1_R6gzXRRqk3G-Fdk0MNH8gHJaXM-82KWTTWQ%26google_hm%3D%5BUID%5D&google_gid=CAESEOkLNhoqETdh0dS48uITaFo&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmT--aFEN1vgG_M4rTrP6aMsCMIHV-RSIRS8K-kqPz9ECXQUz7KNXyi1KK83b1_R6gzXRRqk3G-Fdk0MNH8gHJaXM-82KWTTWQ&google_hm=c1932030-bc8e-48aa-b733-87a7752e2121

Request Chain 260

https://ads.yieldmo.com/exptsync?google_gid=CAESENeANbtnr10HbOCfRQwdDgw&google_cver=1&google_push=AXcoOmSqlWrhoBh6aDrwzSaBVxCuSHgbE3UtYEUKPlj2XY3_MVV9i0FWV-Tf59uhIFAqVadiyTRhU8C_2D75nkbOqKmJZpThiBn- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmSqlWrhoBh6aDrwzSaBVxCuSHgbE3UtYEUKPlj2XY3_MVV9i0FWV-Tf59uhIFAqVadiyTRhU8C_2D75nkbOqKmJZpThiBn-&google_hm=M0Z3eDFKSkJCMkpVT3V6UmFrbUs=

Request Chain 262

https://trace.mediago.io/cs/google?google_gid=CAESEKH4LgBl2CCTckWZlYHg-sA&google_cver=1&google_push=AXcoOmSo8MHYsiPHvQu89jWTXbQKdKITjRKIelnqRL62CNnrs1rfo_QVHUBIJNv8nkdTwXKRqPV3EODY6DcvyTVSe2KBcGdQrpjez1E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSo8MHYsiPHvQu89jWTXbQKdKITjRKIelnqRL62CNnrs1rfo_QVHUBIJNv8nkdTwXKRqPV3EODY6DcvyTVSe2KBcGdQrpjez1E&google_hm=f34e969976ae7c471vkt5m00lpfsutxk

287 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

5cng0xj2jaea Show response
www.file-upload.org/
Redirect Chain

https://www.file-upload.com/5cng0xj2jaea
https://www.file-upload.org/5cng0xj2jaea

27 KB
7 KB

114ms
60ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7482c9337e3af0147e674570b2372212212b79551a7bd9a665038280f0f35cc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82c41c52a8854c63-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 26 Nov 2023 18:14:21 GMT
expires: Sat, 25 Nov 2023 18:14:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hw5VL13iYptzoPXExqD%2BgVsZJMb%2BNLvOMOVfn5GMHGH8CR5QnI%2FhrONxjY7cnHDL4m1pii7GdpaHAqHsMXWOCj5UBDkY4%2BdiiJPVA6OB0886mYLJn58RKDS2YulyOmVEQ05s00sZZbzbot%2BuI313KVg8"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0;includeSubDomains;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82c41c51eec4badc-MXP
content-type: text/html
date: Sun, 26 Nov 2023 18:14:21 GMT
location: https://www.file-upload.org/5cng0xj2jaea
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RPww7%2BooOx2zhKTX7dmVHYeuvktM1sVux1kyceYkXsfuFSBcnBOesUqIfolqdrrqbvLrQKz5Kf9d04Sc%2BXmVTa8fkuypzPW3kMBI2TAssdta6quwMhcijqxhtCffH5VU93HP81FW"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 app.css
www.file-upload.org/mngez/css/ 247 KB
41 KB 35ms
34ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/5cng0xj2jaea
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1593575
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2FMq%2FtKqUEUrKPRr5tZPTBy2rYnO6zW8deYfq5u9%2F1Dsmkt8zty1ReV%2B4pqtuYDEeKcjHzf9tcAoZfdjIJlca7SpnwhqBfkhx3nJqw4df0BNe%2FNYrwqJqdsDLzd5bhAtLe%2FKswf1XFZvmtOf7EeEgvt0"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 82c41c5308fe4c63-MXP
expires: Thu, 09 Nov 2023 07:34:46 GMT

GET
H2 200 app.js Show response
www.file-upload.org/mngez/js/ 235 KB
80 KB 112ms
111ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/5cng0xj2jaea
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UxuI67RcEYNAKVZwAiCl0TudF%2BIJNIrBuh62XoA5v0Zn9XStPoYaLY7ncw%2BbnvBFHYbviNwJyYYsLYmh8TdNcmQiLFXJgcs6ij7A7kA65ZS7uUW8E0xJGwBNaqgKquZ1y7887oVTYCIpoyzy7ptoYNQy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 82c41c5308ff4c63-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 logo_new.png
www.file-upload.org/assets/images/ 3 KB
4 KB 31ms
30ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/5cng0xj2jaea
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1432238
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lOQgdzVavi2Uclyhm%2Fcz0DdSQd8qgzUji7Qov0VS1gnMtyegyBPw6nPIopwda5KpO0y%2FmgXoSTGimPP6d7kF31N4wBIUlP9ptg5F7TrZoNQ3EZRUchvyA1UX7%2FdVF43BuaBP1rYd%2BTrXnJmXGJh3yLXn"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c41c5309014c63-MXP
expires: Fri, 17 Nov 2023 04:23:43 GMT

GET
H2 200 email-decode.min.js Show response
www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 23ms
22ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/5cng0xj2jaea
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 16 Nov 2023 21:55:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65568fe4-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v1ESI7UQn7CSmxu32WL%2B3PRMeaFJr404IljMpmWsfSfjL1C0MSBa5f2Xr1YBiQuaGe4XmrqLs67s9ERlChnLWWAEsORGe3XKKennBeP%2F8tfcNWPPvrpHFAG93xbRr1s7jL20jNX%2Behpy6Qs%2FldVlL5S8"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 82c41c5309044c63-MXP
expires: Tue, 28 Nov 2023 18:14:21 GMT

GET
H2 200 anti1.png
www.file-upload.org/mngez/images/ 19 KB
19 KB 32ms
32ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/5cng0xj2jaea
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1508432
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m9sUlwHsfiAXTMK23LpSlPbMjo4tSBNqUh01xkXxIQUDq2kLdaN7FEwyqE6lPd8OR2udPrke1OTUdh%2B7JZM4AB%2B2SXpBAYQtocdPU842jt%2Bp5SOmCdHqMjlV8drRkR7E%2FMh8PRa42xLKbu2o3S5%2FLT70"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c41c5339354c63-MXP
expires: Thu, 16 Nov 2023 07:13:49 GMT

GET
H2 200 anti2.png
www.file-upload.org/mngez/images/ 641 B
998 B 33ms
33ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/5cng0xj2jaea
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2212138
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EsI7giKqyqdICWyILRLj5S7eqGmifkMi9tIVl1x7o8vlS2MLYVPnj1zyiVQxs%2B8b7FL6gP4LKQaybM2KuamxjSs5Kvz9Y0QC6TO989cVM0FTPkO5Jmp3wuTOMy9AD%2FM87O2SuN8DTRylk9WiE96KXIyT"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c41c53494b4c63-MXP
expires: Wed, 08 Nov 2023 03:45:23 GMT

GET
H2 200 _dmca_premi_badge_4.png
images.dmca.com/Badges/ 4 KB
5 KB 169ms
74ms Image
image/png 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 / ASP.NET
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 19:00:16
cdn-pullzone: 1574055
content-length: 4535
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "0abbdbd420cc1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: d44a53cfe047663901ad6680ea29b62d
accept-ranges: bytes
cdn-requestcountrycode: CH
link: <https://dmca-images.azurewebsites.net/Badges/_dmca_premi_badge_4.png?ID=466fa1aa-ce2e-4b71-b329-6cd08d681302>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 norton.png
www.file-upload.org/assets/images/ 5 KB
5 KB 53ms
53ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/5cng0xj2jaea
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1528277
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJ3BM4KH0JNkcxgZZ4QTn1AH4EM17rsBroalUKEePpCvedgAvdRSVrUCR48aIF4rUe16%2F%2Bqi1mQRoTkS35eDpALRzz5hfHQMQqpvIXcJGrkTyIfeK7Boi7ehzfNd8XFBU1QILlaDVUvKT4GOF2xQzoPg"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c41c5378c80dfa-MXP
expires: Thu, 16 Nov 2023 01:43:05 GMT

GET
H2 200 Primary Request file.php Show response
www.file-upload.in/ 23 KB
7 KB 269ms
217ms Document
text/html 2606:4700:3036::ac43:b1f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b1f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37083d03afc5a93b389e748c18d491cb309d0d62cb417e54157b1f97057bd645

Request headers

Referer: https://www.file-upload.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82c41c544bdd0e0f-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 26 Nov 2023 18:14:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FHTdDbmNcppv%2Fa0bozBek2Xv9DzzBeEls9dU6T%2FSBbO9ZW2d%2By55lF3WyVsexaOik2HoLP%2FmCQTftLJNfdb7wqHRKYrWUEScJp%2FwQbSXNiU36bkRzfkNoowoZgMyhA9IdR9ZrylsGV35ZWEsIFFDr7g%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 27ms
27ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1426085
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9z2EWy7LkJS9A8Ei0A477i2GCtuVy%2FdgfQ%2BBJmyw%2B3mo3ngOg1XOpI3W0i4IEWywVD4gsqxlIB1ze59qgXU4cV1mFPIC3G14hE%2FtV5G2yvUNfKYf6hF8KqZFFuYByARaON%2FI7g0IWHMdQb8uou9muIfa"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c41c53f99e0dfa-MXP
expires: Fri, 17 Nov 2023 06:06:17 GMT

GET
H3 200 fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 75 KB
76 KB 45ms
45ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 387
etag: "12d68-5fe4d56c8e4d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YmsVMIRIe6YNre29Tc4uLn51igbbHQaPS%2B%2F%2FSQZdP782CehIogLVxHIVYPwfdg%2B3rerCouTKlRQ7gcDsE4eSTrWCMTZ7jnjAv6y4Ey5nkrSnYgKDBZRuUZ38ItZeehQKWShvOC1Mq16Drx2rq3XLjoyE"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 82c41c53f99f0dfa-MXP
alt-svc: h3=":443"; ma=86400
content-length: 77160

GET
H3 200 poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 8 KB
8 KB 81ms
81ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5309
etag: "1ee0-5fe4d56c8f861"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BD8dLWc09InX9Qy2232qEzb5oXzSn4J7NHSscLGNJCepevB8Q0M0mHnl%2Frk7dOz%2F9uYJK%2Be2455JksDIFNNA2NGPW59fNoT7j7xRg7%2Frkycqf%2BSPU6jPwYHARscdx8fb95S7XM%2FkRpSkJKDaNV0Qvl4s"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 82c41c53f9a00dfa-MXP
alt-svc: h3=":443"; ma=86400
content-length: 7904

GET
H3 200 poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 8 KB
8 KB 82ms
82ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2731
etag: "1ecc-5fe4d56c90801"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FajWtuE6jiO%2FIp6%2BlPpScIjEFELKaSjNfE%2BIO6bS%2B9nL2zMod%2FZM2pMIw6WcDmc6lhkmBC601AaJ828l1s5W7TnGMSXHzKlRH0k7BJdVuGtdJRLaBYSSHOQbPAj2vlpgKLBr6yKrllHRAAuAwCkjhp2z"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 82c41c53f9a10dfa-MXP
alt-svc: h3=":443"; ma=86400
content-length: 7884

GET
H2 200 up.js Show response
live.demand.supply/ 5 KB
3 KB 408ms
347ms Script
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/up.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

944fff7ec3d7c1b962e0dc98f56805ecb5dd99701f7c7860296e296091a74a3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HG1608VNT7B7GPV4R89G4CD7
date: Sun, 26 Nov 2023 18:14:22 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
age: 1158
cf-polished: origSize=4807
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
server: cloudflare
etag: W/"b4a520d798fda49cced6e3ca05c12687-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
cf-ray: 82c41c560c853c99-CDG
link: <https://live.demand.supply/impl.v17.21.3.js>; rel=preload; as=script,<https://live.demand.supply/p4/v17-21-0/d3d3LmZpbGUtdXBsb2FkLmluLw==>; rel=preload; as=script
timing-allow-origin: *

GET
H2 200 blockadblock.js Show response
www.file-upload.in/ 7 KB
2 KB 33ms
32ms Script
application/javascript 2606:4700:3036::ac43:b1f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.in/blockadblock.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::ac43:b1f7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9a42cb27417d2b87b8d5983655566731a38089d5e30735e9e931008ea59c634

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/file.php?get=5cng0xj2jaea
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 889984
content-encoding: br
x-cache: HIT from Backend
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Jul 2023 11:59:30 GMT
server: cloudflare
etag: W/"64afe722-1c1d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kveu6u64ctOFumWmFl5hLgKe13AGu2ckN4%2BxqV47HlNZ7DiLZDKOaJUI3%2B6YxJro0OulAIIkWtT6mGDZK2V0FlTD6J32Fxc8JIPHjqdS%2BTg%2BHgQFXzcq9KP0wPg1vVy%2Bpo6HVGNa6%2B8mYcPsRnC9mrA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 82c41c55ae540e0f-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
67 KB 83ms
33ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

22fcbe57f60f8e5bbc31d085191c1893de8ac0666302ef41b742e13e7f28d726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 68581
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 26 Nov 2023 18:14:22 GMT

GET
H3 200 app.css
www.file-upload.org/mngez/css/ 247 KB
41 KB 31ms
30ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2127080
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3FifiLvwIJwBHFMFNvP8sIH1b2fTx5v3xaVTEImprg3xIlvkqES80Z2RyZLoxV%2BKQFxnQl7tBliore5Yw%2FUm%2BLMPKPyopjrvyb1uOS2hEdN2BBc6KNy0bPTVdr8yc4x6QasUP6rMUVdT4R%2BJthBUwUYA"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 82c41c55abc10dfa-MXP
expires: Fri, 03 Nov 2023 03:23:02 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 297 KB
85 KB 75ms
49ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=7c2110b22b4d5e674b39cb584e8979a6

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

30debe7e8820b593c8f6c0cddf6de4430a3a7dd6ccb2da62da0a82a655e0d674

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.file-upload.in/
Origin: https://www.file-upload.in
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 26 Nov 2023 18:14:22 GMT
content-md5: QPdqxS0Nq8Hq7aKQwVyfuA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86879
reporting-endpoints
x-fb-debug: bdsJd565D5H197vGNJGXw0rTzQHOjjxNU4nx+zlXr5+/JvROPnLvUX+/zI9jlkfiy6nGt+2Htcu5G00v9s2P5A==
x-fb-content-md5: abcc124da2b3d3c657c3d61ab6a8d16f
cross-origin-opener-policy: same-origin-allow-popups
etag: "96ea4e3a253826f896031fd0d5d82459"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Fri, 22 Nov 2024 06:03:18 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 86ms
24ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3f9b9477d5695167bb3d6021691eb6a82de305e13a76e34ec2dbb7983986880a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 26 Nov 2023 18:14:22 GMT
content-md5: Y6QPdAJSBzndFHPTlMRhRg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
reporting-endpoints
x-fb-debug: 3UWjswwCUwYKoJ5mwW+iZqiGL1/JO8WDWYJ46P1kzE+aybVasDn730wrLGvosAV1e1RLyuFJvsui/LM3t1jQ+w==
x-fb-content-md5: 26aca2fffa2adac72024a5dc5d3daf24
cross-origin-opener-policy: same-origin-allow-popups
etag: "1850b389c1e57a7aa15d32e0746c0c06"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sun, 26 Nov 2023 18:23:08 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 76ms
21ms Script
text/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 26 Nov 2023 17:20:22 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3240
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Sun, 26 Nov 2023 19:20:22 GMT

GET atrk.js
certify-js.alexametrics.com/ 0
0

GET
H3 200 app.js Show response
www.file-upload.org/mngez/js/ 235 KB
80 KB 107ms
107ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6dedot0oflqGH98lxnj30VNobtqc1R8c8XDadziza%2FaKlKKAHqnycX6mExIdJ8Nk97OVciaUEN%2BGnNGQ3XYL8aZkMu5CHVS8qBBjn75FNyqqTZSCGLNaleCA0hTwtk7dIaMpmRI4v%2FgDZeDANsv0eIOJ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 82c41c55abc30dfa-MXP
alt-svc: h3=":443"; ma=86400

GET
H3 200 logo_new.png
www.file-upload.org/assets/images/ 3 KB
4 KB 26ms
26ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1349499
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLKWCid4m1HpREFQSs%2F6wc7mP2yLr%2Bb3tFw6W17gRB6%2FR8ba9jI7lNotJdRtaVqVpmCXClUKVT43MpjVTk6d63x6yDsiVGCvsbH%2Fmz0J0uwR5OUenlvs2fBP%2F6MWNUPTuWRJiClNiPVYSZ1sQyd0Svgn"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c41c55abc40dfa-MXP
expires: Sat, 18 Nov 2023 03:22:43 GMT

GET
H2 200 email-decode.min.js Show response
www.file-upload.in/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 23ms
22ms Script
application/javascript 2606:4700:3036::ac43:b1f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.in/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::ac43:b1f7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/file.php?get=5cng0xj2jaea
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 16 Nov 2023 21:55:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65568fe4-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rvPk%2BM9ekE0dqDYYdmn3jW1YmdLRVqF8p9KjFEYLmOZdu7%2F9m92FwC1rpkWuNvRDKFz4VMqe4Ct9mXVNxZqWF8eMldB4PW%2BdZam3gc6ubia94ekzeT2YFS7MnSfQV3DgP8x4j3d6pdS1l93AA0DQ9Gg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 82c41c55ae5a0e0f-MXP
expires: Tue, 28 Nov 2023 18:14:22 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 82 KB
30 KB 70ms
21ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 00:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64512
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2024 00:19:10 GMT

GET
H3 200 anti1.png
www.file-upload.org/mngez/images/ 19 KB
19 KB 25ms
25ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1528279
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HyCvvpacQFPoRyXqxJUsBSjdyEWWMfPhsvMn0eHy4ppFJQoMG%2BUJx7zTqEzRnUgBAy2NlA38IjMvt1ENWbSfgH0CgkoODjKZx3jRMlGUwYRfNOSb5cXwcgWAz1wLE8mlTixcQBgkqSG8al14nOfOeXgZ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c41c55cbf30dfa-MXP
expires: Thu, 16 Nov 2023 01:43:03 GMT

GET
H3 200 anti2.png
www.file-upload.org/mngez/images/ 641 B
1 KB 27ms
27ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1530814
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ry5Pft2CyEe6lDRPh%2BC5qL6FUePWjd5SRLf3bWu9jsh%2BAdSFKtO4q5xX8WHjE9fTTWp1w%2F8lxIH0kM0hlNjCwg4YCKgi%2B9vHSh0IoOCrg%2FWSX5NZf43guxrxe9ILZWIfYiQ3lzbEnNk2V6y928sHSJx2"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c41c55fc350dfa-MXP
expires: Thu, 16 Nov 2023 01:00:48 GMT

GET
H2 200 _dmca_premi_badge_4.png
images.dmca.com/Badges/ 4 KB
5 KB 25ms
25ms Image
image/png 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 / ASP.NET
Resource Hash: 0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 19:00:16
cdn-pullzone: 1574055
content-length: 4535
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "0abbdbd420cc1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: 354bbd8b836e1125b1ba126978fb18bd
accept-ranges: bytes
cdn-requestcountrycode: CH
link: <https://dmca-images.azurewebsites.net/Badges/_dmca_premi_badge_4.png?ID=466fa1aa-ce2e-4b71-b329-6cd08d681302>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 norton.png
www.file-upload.org/assets/images/ 5 KB
5 KB 26ms
26ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=5cng0xj2jaea
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1528277
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LuVG%2BRhHvET6op69GHJpap1aMMASd6SuTUQUe4adcu5Tk%2FOAtiFd%2Fb2sfuX%2Fg%2BSM8FFei1WjK02sxUbPZBCx3exwE425z21vWT6t5GDBGv0OFXn1Lm1JRkY8lCuy2Co%2FIVekKlVx73%2Fzs4R7BHyY3kYS"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c41c565caa0dfa-MXP
expires: Thu, 16 Nov 2023 01:43:05 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 302 KB
86 KB 51ms
26ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=0ffb1945ce070180fa58a7404cd77872

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

91671972ce9c24e77c33b2a915212d0d4deb537f9da095d0b671cda3803e6bbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.file-upload.in/
Origin: https://www.file-upload.in
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 26 Nov 2023 18:14:22 GMT
content-md5: k1yaefVbinrRfs1VytYltw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88330
reporting-endpoints
x-fb-debug: h+u5TpNpqeVXUi83cvvj9NNtbzyO2v99LMe1yVEvefSFXZJWzSnPbamLvVhSG7pUYIO0xz+NahYUmjPdar6rhA==
x-fb-content-md5: 8a97ed8715e69eea22d1785ab1ba66f2
cross-origin-opener-policy: same-origin-allow-popups
etag: "1a684b8f5e646a6d7e3984db086fa66e"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Mon, 25 Nov 2024 15:10:25 GMT

GET
H3 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 27ms
27ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1426085
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AFF18NwOLmPsDvMqaYrkEOBCOkudQrxPsAN0OyXXT0IZmFjzdVIbqr0XbQNmvnmcG%2Fm4cKcc6FM7vLVDosqeiA1POokPnzGC%2F4Sau2mevGS6I3pZzC1oLPIRW27LzPIiNxBWQe0baZRIE9l5eAmmKwVQ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c41c569d060dfa-MXP
expires: Fri, 17 Nov 2023 06:06:17 GMT

GET fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 0
0

GET poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET
H3 200 poppins-v5-latin-regular.woff
www.file-upload.org/mngez/fonts/ 10 KB
11 KB 38ms
37ms Font
font/woff 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff?1fce830e6112511a77108832e13172fd
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.in
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 840269
alt-svc: h3=":443"; ma=86400
content-length: 10400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28a0-5fe4d56c936e1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8o4z1Qta9c30d0sFY72rMI6W0%2BE4Zqk6Lya6YcK%2Feqz64CVxZ0846iHblJ%2FStv8Yq73fYjSN2l%2By6i8N83jlBQbFglflKE%2BnH6WwhrJJJcvDiU75IPAwJzD3GTkVTGGkgl8dL59MrJWXypQTYWLKw1vG"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c41c5708795238-MXP

GET
H3 200 poppins-v5-latin-500.woff
www.file-upload.org/mngez/fonts/ 10 KB
11 KB 36ms
36ms Font
font/woff 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff?0261e08bd22d9f91c1d277cd4874ec95
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.in
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 840269
alt-svc: h3=":443"; ma=86400
content-length: 10420
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28b4-5fe4d56c94299"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hD0ZYxRNcdP2YX8ce2B%2BscW3VE0UN6UEgNnXhrlKMTDXU9IpkrvK3fEra3CS8m1VX%2BWgUCFDNyVtIvAh6w2CsfwgRo0xVSpnLoejaa7bXO4ksJrgj8MKuHq05pUNFl4j%2FZQCgW3bu%2FfCWa%2Fq9H9RhG3Q"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c41c5718895238-MXP

GET
H3 200 fontawesome-webfont.woff
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 96 KB
96 KB 37ms
36ms Font
font/woff 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.in
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 840269
alt-svc: h3=":443"; ma=86400
content-length: 98024
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "17ee8-5fe4d56c8f479"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yor1EVRxmbNo4sN401irnxKJFJk%2F2TcI9NguhYM8dtChtXWBb%2Bwyc2YfAXvaXoUooXn09k7hswH0%2BZxzfaBToZXhsjHWeyQfVoEoyrQ4top4ecT7vAqyROcn9nzFfG2Pi%2ByUeaoaQ9ydaXB3VyGdw12i"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c41c5728a95238-MXP

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 224 KB
79 KB 41ms
40ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c3eb6cbe8707539a032552f3da5428f6e2d6fa419e445a10a1a93ca6deb40443

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81009
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 26 Nov 2023 18:14:22 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 65ms
15ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 26 Nov 2023 16:30:31 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6231
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 26 Nov 2023 18:30:31 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 212ms
36ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-3T7TKCZCC9&gtm=45je3b81v9114416819&_p=1701022462371&gcd=11l1l1l1l1&dma=0&cid=1540111154.1701022463&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1701022462&sct=1&seg=0&dl=https%3A%2F%2Fwww.file-upload.in%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=631
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
208 B 28ms
27ms XHR
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1783726712&t=pageview&_s=1&dl=https%3A%2F%2Fwww.file-upload.in%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&ul=en-us&de=UTF-8&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1316788818&gjid=48073550&cid=1540111154.1701022463&tid=UA-119779859-1&_gid=18094710.1701022463&_r=1&gtm=457e3b81&gcd=11l1l1l1l1&dma=0&jsscut=1&z=2068382702

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.file-upload.in/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 impl.v17.21.3.js Show response
live.demand.supply/ 84 KB
28 KB 142ms
141ms Script
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/impl.v17.21.3.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70118c761cd94bb75522b651eeaf62d2fe4e908d98b329c6037dcd72d4ce9afe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HG15ZZQQJ6ZDWNF7XVJ88VSX
date: Sun, 26 Nov 2023 18:14:22 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
age: 175567
cf-polished: origSize=86611
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
server: cloudflare
etag: W/"926fb3ee6f61d527df693901803ad911-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
cf-ray: 82c41c5839693c99-CDG

GET
H2 200 d3d3LmZpbGUtdXBsb2FkLmluLw== Show response
live.demand.supply/p4/v17-21-0/ 2 KB
903 B 302ms
301ms Script
text/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/p4/v17-21-0/d3d3LmZpbGUtdXBsb2FkLmluLw==
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20c8dc265f9bfef0585c87411ff867449f1b642333a55431bc51fb99c9459ab5

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 82c41c58396d3c99-CDG
alt-svc: h3=":443"; ma=86400

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
515 B 164ms
40ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?e=ll&d=410&cs=c&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:22 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840213
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c58fa2cf0cb-CDG

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 101 KB
32 KB 240ms
115ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b8909509c43ce8b934d04ae014693ff4725d3eb9189107736921dcdc0c5528f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31749
x-xss-protection: 0
server: cafe
etag: 880 / 19687 / m202311090101 / config-hash: 16204867678510254442
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 18:14:22 GMT

GET
H3 200 ds.2.html Show response
live.demand.supply/ 413 B
586 B 165ms
41ms XHR
text/html 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/ds.2.html

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HENA90GPES8ZH8TZ8DHTJANP
date: Sun, 26 Nov 2023 18:14:22 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 840213
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
cf-ray: 82c41c58fa2af0cb-CDG
alt-svc: h3=":443"; ma=86400

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
483 B 267ms
143ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/x/e.js?ce=rl&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEWE8MB1SX911MVYFBP7671S
date: Sun, 26 Nov 2023 18:14:22 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840213
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "901b70ae40b5b064aef6259e869a717e-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c58fa28f0cb-CDG

GET
H3 200 file-upload.in_fluid_sq_fluidsquare Show response
live.demand.supply/cp/ 29 B
372 B 271ms
271ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/file-upload.in_fluid_sq_fluidsquare?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=ZmlsZS11cGxvYWQuaW4v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f72695d5e0fde2f25944b48ada6d91cf2befd5285741b7767f8040b934206ab

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 82c41c594a99f0cb-CDG
alt-svc: h3=":443"; ma=86400
content-length: 29

GET
H3 200 file-upload.in_fluid_sq_fluidsquare Show response
live.demand.supply/cp/ 29 B
373 B 279ms
279ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/file-upload.in_fluid_sq_fluidsquare?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=ZmlsZS11cGxvYWQuaW4v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f72695d5e0fde2f25944b48ada6d91cf2befd5285741b7767f8040b934206ab

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 82c41c594a9df0cb-CDG
alt-svc: h3=":443"; ma=86400
content-length: 29

GET
H3 200 file-upload.in_fluid_all_fluidallshapes Show response
live.demand.supply/cp/ 30 B
373 B 306ms
306ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/file-upload.in_fluid_all_fluidallshapes?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=ZmlsZS11cGxvYWQuaW4v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7f956d6fb47d2b64be68785a2da0aa605dfd81d65ce4dff90216dd101d5ff38

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 82c41c594a9ff0cb-CDG
alt-svc: h3=":443"; ma=86400
content-length: 30

GET
H3 200 file-upload.in_fluid_sq_fluidsquare Show response
live.demand.supply/cp/ 29 B
372 B 401ms
400ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/file-upload.in_fluid_sq_fluidsquare?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=ZmlsZS11cGxvYWQuaW4v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f72695d5e0fde2f25944b48ada6d91cf2befd5285741b7767f8040b934206ab

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 82c41c594aa0f0cb-CDG
alt-svc: h3=":443"; ma=86400
content-length: 29

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
480 B 164ms
164ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/x/e.js?ce=fs&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEWE8MB1SX911MVYFBP7671S
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "901b70ae40b5b064aef6259e869a717e-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c594aa1f0cb-CDG

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/ 429 KB
135 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:54:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1191
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137535
x-xss-protection: 0
server: cafe
etag: 18342593356503948095
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 25 Nov 2024 17:54:32 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
480 B 161ms
161ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_auto_interstitial_desktop&sn=1&ific=true&e=iar2&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c5a6d05f0cb-CDG

GET
H2 200 ob.js Show response
cdn-ima.33across.com/ 11 KB
5 KB 76ms
27ms Script
application/javascript 172.64.152.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-ima.33across.com/ob.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.152.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6cfe89b284e6a2100a86b8d6b0e52b76b85cc62622a40d63e929f328d883a6a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 30 Oct 2023 20:31:13 GMT
server: cloudflare
age: 397460
etag: W/"65401291-2b7d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 82c41c5adefc23df-ZRH
expires: Wed, 29 Nov 2023 18:14:23 GMT

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 56ms
18ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:05:33 GMT
content-encoding: gzip
age: 1192130
x-guploader-uploadid: ABPtcPq1Jl-aO9BF9lNu46pS0qpg_SMiW0blRZMTVfGJTUbTsHwLRnd2S7fOjoW1J99JGW2YhMMsZpJ1ndluuDfSZzHbVg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Mon, 11 Nov 2024 23:05:33 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 96ms
36ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx
etag: W/"653b5c0e-a9a7"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 27 Nov 2023 18:14:23 GMT

GET
H2 200 connectId-gpt.js Show response
connectid.analytics.yahoo.com/ 9 KB
9 KB 106ms
26ms Script
application/javascript 2600:9000:218f:4400:10:dd8:5e40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://connectid.analytics.yahoo.com/connectId-gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:218f:4400:10:dd8:5e40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c7f6468c8ac1542980b2d5f637fa933d7d00d2c6ff6690e34505d2aed0c0e23a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:30:08 GMT
via: 1.1 1cfb3433a86e7969c88f0dfbfd15af32.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'
x-amz-cf-pop: CDG52-P2
age: 2656
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 8730
x-amz-expiration: expiry-date="Tue, 17 Oct 2028 00:00:00 GMT", rule-id="webapp-standard-lifecycle"
last-modified: Tue, 17 Oct 2023 13:17:45 GMT
server: AmazonS3
etag: "c46e30de24d0f12167e302e9e32ff4a5"
content-type: application/javascript
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: XsCHWNaw_FNHg_1pjsK1fVn8cE0EViiTF42w7oSeOTOXc0SU-W28hQ==

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 98ms
45ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 41353
x-jsd-version: master
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230096-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dcno%2FEXep2jfHtr%2BXYXltMnJfsv9sOjPvjc371Hb1eiqvmc4LLpwWLoV1ORwXqiCGdeULGrX7%2BEI%2BiqLKz5sYxbdHIOcybtr%2FSluB7RIqEbRKZJJ2qniAJ%2FLmgC%2FWJK7l1DfNfW7wAInWXaLCU0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 82c41c5ae8cbf8cd-CDG

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 156 KB
34 KB 81ms
40ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22a1257891d7523261ed7426751d43a5dfeb83e2211aed3b71f085b5a45149ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Nov 2023 08:19:05 GMT
server: cloudflare
x-amz-request-id: WNETMEQXDVADCZ4A
age: 3108
etag: W/"6d1031a5affe091aafc4dbcf111418ee"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 82c41c5ad82d4c68-MXP
x-amz-id-2: elp9CF3RhLNLVbtVMvU+Ri/zLZp1HO2zWYl2iC48xREJmfFYISfSnCE5WAsb4IoTYZPq4RkTROnzNui3Chog+g==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 74ms
37ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 07d73c8e28421f6304a0bcf8ade28e11
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
3 KB 105ms
31ms Script
text/javascript 2600:9000:2447:7c00:a:e047:753:a221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2447:7c00:a:e047:753:a221 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: KP_OVZMS6roEW_XJdOd.KnSEmM8GWiP3
Date: Sun, 26 Nov 2023 10:03:28 GMT
Via: 1.1 9840468fd7f0cd4b97907be5f049f14a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS58-P5
Age: 29456
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 2776
Last-Modified: Thu, 19 Oct 2023 06:40:11 GMT
Server: AmazonS3
ETag: "a3a9a9ee8e72db69d54e805f0586c651"
Content-Type: text/javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: PNXuLQLb4alNWHf7uLoWEh9FITwj82tClNHHDbhTlzpwyXZGLY-t4w==

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 113ms
35ms Script
text/javascript 18.239.18.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.18.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-18-12.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 07:38:20 GMT
content-encoding: gzip
via: 1.1 297dc74786919df7ba1867fc37f80bb6.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P6
age: 38164
x-amz-server-side-encryption: AES256
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: pVWeacXrl0KDyiocVVLWpE-raMBT18NyGSf1WlM9U8gieIotpnpi8g==

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 221 KB
52 KB 654ms
654ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=364172630815219&correlator=86621998042707&eid=31078986%2C31079659%2C31079662%2C31079240%2C44807747%2C31079525&output=ldjh&gdfp_req=1&vrg=202311090101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2Cd0c94ace-e46e-49b4-ad33-00ec0766b4be&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=1&sfv=1-0-40&ists=1&fas=8&fsapi=1&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701022463114&lmt=1701022463&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1540111154.1701022463&ga_sid=1701022463&ga_hid=1783726712&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRiI6dvmwDFIAFICCGQSHAoNY3J3ZGNudHJsLm5ldBiI6dvmwDFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGIjp2-bAMUgAUgIIZBIZCgpwdWJjaWQub3JnGIjp2-bAMUgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRiI6dvmwDFIAFICCGQSFwoIcnRiaG91c2UYiOnb5sAxSABSAghkEhQKBW9wZW54GIjp2-bAMUgAUgIIZBIZCgp1aWRhcGkuY29tGIjp2-bAMUgAUgIIZBIbCgxpZDUtc3luYy5jb20YiOnb5sAxSABSAghk&dlt=1701022462333&idt=753&prev_scp=ti%3Dd55fc5c6-21c0-468e-9463-667850cbe79e%26interstitials-bid%3D5%26bid-p%3Dgoogle%26bsc%3D92&adks=79733870&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad013b769069b5b614772e168ecb8ba85919cc4a0b002677974ca09fa61d06dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52956
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 61 KB
15 KB 372ms
372ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=364172630815219&correlator=2088176023245983&eid=31078986%2C31079659%2C31079662%2C31079240%2C44807747%2C31079525&output=ldjh&gdfp_req=1&vrg=202311090101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2Cbeac2f13-96f1-49f2-bb26-529dae41904b&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=2&sfv=1-0-40&ists=1&fas=1&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701022463122&lmt=1701022463&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1540111154.1701022463&ga_sid=1701022463&ga_hid=1783726712&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRiI6dvmwDFIAFICCGQSHAoNY3J3ZGNudHJsLm5ldBiI6dvmwDFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGIjp2-bAMUgAUgIIZBIZCgpwdWJjaWQub3JnGIjp2-bAMUgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRiI6dvmwDFIAFICCGQSFwoIcnRiaG91c2UYiOnb5sAxSABSAghkEhQKBW9wZW54GIjp2-bAMUgAUgIIZBIZCgp1aWRhcGkuY29tGIjp2-bAMUgAUgIIZBIbCgxpZDUtc3luYy5jb20YiOnb5sAxSABSAghk&dlt=1701022462333&idt=753&prev_scp=ti%3Dd55fc5c6-21c0-468e-9463-667850cbe79e%26interstitials-bid%3D0.4%26bid-p%3Dgoogle%26stt%3Dbhs%26bsc%3D92&adks=2440838110&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4354046a5d53fda6976fa242f0a2cd17855d3fe225355797a628674a6b5138f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15092
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4DCC 6 KB
3 KB 134ms
54ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:23 GMT
expires: Mon, 25 Nov 2024 18:14:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/ 39 KB
13 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl_page_level_ads.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e329117bbdc12ee0649ed6654138a9ba8e600eaddf9138752631a50d236d135a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:09:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29102
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13750
x-xss-protection: 0
server: cafe
etag: 15254217830347453119
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 25 Nov 2024 10:09:21 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
480 B 172ms
172ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_fluid_sq_fluidsquare&pdc=0.4551178336143493&ucv=null&e=tcp&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c5aede5f0cb-CDG

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
480 B 172ms
172ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/x/e.js?ce=da&r=file-upload.in_fluid_sq_fluidsquare&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEWE8MB1SX911MVYFBP7671S
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "901b70ae40b5b064aef6259e869a717e-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c5aede8f0cb-CDG

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 112 KB
45 KB 392ms
392ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=364172630815219&correlator=571890210945684&eid=31078986%2C31079659%2C31079662%2C31079240%2C44807747%2C31079525&output=ldjh&gdfp_req=1&vrg=202311090101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2Cb6d4a9d1-0710-4eee-90c9-3acb530eed97&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1024x280%7C750x300%7C750x200%7C930x180%7C970x250&ifi=3&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701022463178&lmt=1701022463&adxs=245&adys=231&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=1110x296&msz=1110x296&fws=0&ohw=0&ga_vid=1540111154.1701022463&ga_sid=1701022463&ga_hid=1783726712&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRiI6dvmwDFIAFICCGQSHAoNY3J3ZGNudHJsLm5ldBiI6dvmwDFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGIjp2-bAMUgAUgIIZBIZCgpwdWJjaWQub3JnGIjp2-bAMUgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRiI6dvmwDFIAFICCGQSFwoIcnRiaG91c2UYiOnb5sAxSABSAghkEhQKBW9wZW54GIjp2-bAMUgAUgIIZBIZCgp1aWRhcGkuY29tGIjp2-bAMUgAUgIIZBIbCgxpZDUtc3luYy5jb20YiOnb5sAxSABSAghk&dlt=1701022462333&idt=753&prev_scp=ti%3Dd55fc5c6-21c0-468e-9463-667850cbe79e%26chrand%3Dy%26pof%3D0%26bid%3D0.29%26bid-p%3Dgoogle%26bsc%3D92&adks=2365977148&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

be5e3dd4e11b17fec7bee50d1ba6c9c1804efeea9c1ff1bfd1a892c2d5fa9dfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45842
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
482 B 43ms
43ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_fluid_sq_fluidsquare&pdc=0.4551178336143493&ucv=null&e=tcp&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c5afe09f0cb-CDG

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
481 B 197ms
197ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/x/e.js?ce=da&r=file-upload.in_fluid_sq_fluidsquare&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEWE8MB1SX911MVYFBP7671S
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "901b70ae40b5b064aef6259e869a717e-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c5afe0ef0cb-CDG

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.file-upload.in%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.file-upload.in%2F&rid=esp&cc=1

85 B
193 B

135ms
134ms

Fetch
application/json

34.120.135.53
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.file-upload.in%2F&rid=esp&cc=1
Protocol: H2
Server: 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: a006e7b256245d4e89790993bddb163e4410f57c32fdaeef3a2ae3ea0b1efe01

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-g6lNrjh8LD80NbA732HIbCYtGi0"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.file-upload.in
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Sun, 26 Nov 2023 18:14:23 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://www.file-upload.in
location: /esp?url=https%3A%2F%2Fwww.file-upload.in%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 112 KB
45 KB 429ms
429ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=364172630815219&correlator=1777364492410322&eid=31078986%2C31079659%2C31079662%2C31079240%2C44807747%2C31079525&output=ldjh&gdfp_req=1&vrg=202311090101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2Cb6d4a9d1-0710-4eee-90c9-3acb530eed97&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1024x280%7C750x300%7C750x200%7C930x180%7C970x250&ifi=4&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701022463191&lmt=1701022463&adxs=245&adys=611&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=1110x296&msz=1110x296&fws=0&ohw=0&ga_vid=1540111154.1701022463&ga_sid=1701022463&ga_hid=1783726712&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRiI6dvmwDFIAFICCGQSHAoNY3J3ZGNudHJsLm5ldBiI6dvmwDFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGIjp2-bAMUgAUgIIZBIZCgpwdWJjaWQub3JnGIjp2-bAMUgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRiI6dvmwDFIAFICCGQSFwoIcnRiaG91c2UYiOnb5sAxSABSAghkEhQKBW9wZW54GIjp2-bAMUgAUgIIZBIZCgp1aWRhcGkuY29tGIjp2-bAMUgAUgIIZBIbCgxpZDUtc3luYy5jb20YiOnb5sAxSABSAghk&dlt=1701022462333&idt=753&prev_scp=ti%3Dd55fc5c6-21c0-468e-9463-667850cbe79e%26chrand%3Dy%26pof%3D0%26bid%3D0.29%26bid-p%3Dgoogle%26bsc%3D92&adks=554408032&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

35743f51134f368f39cfd7864fa2a7a3bcc93e7503829abd28b2e655f48a33b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45855
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
480 B 171ms
171ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_fluid_all_fluidallshapes&pdc=0.22755891680717466&ucv=null&e=tcp&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c5b1e69f0cb-CDG

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 91 KB
42 KB 406ms
406ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=364172630815219&correlator=3505787608973127&eid=31078986%2C31079659%2C31079662%2C31079240%2C44807747%2C31079525&output=ldjh&gdfp_req=1&vrg=202311090101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2Ce5d6a113-1897-44a9-a217-a640317b4e22&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=550x600%7C480x320%7C160x600%7C300x250%7C300x600%7C320x480&ifi=5&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701022463222&lmt=1701022463&adxs=245&adys=1074&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=1110x616&msz=1110x616&fws=0&ohw=0&ga_vid=1540111154.1701022463&ga_sid=1701022463&ga_hid=1783726712&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRiI6dvmwDFIAFICCGQSHAoNY3J3ZGNudHJsLm5ldBiI6dvmwDFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGIjp2-bAMUgAUgIIZBIZCgpwdWJjaWQub3JnGIjp2-bAMUgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRiI6dvmwDFIAFICCGQSFwoIcnRiaG91c2UY4enb5sAxSABSAghqEhQKBW9wZW54GIjp2-bAMUgAUgIIZBIZCgp1aWRhcGkuY29tGIjp2-bAMUgAUgIIZBIbCgxpZDUtc3luYy5jb20YiOnb5sAxSABSAghk&dlt=1701022462333&idt=753&prev_scp=ti%3Dd55fc5c6-21c0-468e-9463-667850cbe79e%26chrand%3Dy%26pof%3D0%26bid%3D0.1%26bid-p%3Dgoogle%26bsc%3D92&adks=2135243791&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df32404e6d01fe58aadda8d1d3d459314b6a2534f3fa979f980b6536f83c9905

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43140
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 4A8E 15 KB
6 KB 80ms
27ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.file-upload.in

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:22 GMT
server: Kestrel
server-processing-duration-in-ticks: 360587
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 400 fed Show response
ups.analytics.yahoo.com/ups/58813/ 0
366 B 91ms
23ms XHR
application/json 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ups.analytics.yahoo.com/ups/58813/fed?gpp_sid=-1&v=1&url=https%3A%2F%2Fwww.file-upload.in%2F

Requested by

Host: connectid.analytics.yahoo.com
URL: https://connectid.analytics.yahoo.com/connectId-gpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.87 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.87
age: 0
vary: Origin
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
access-control-allow-origin: https://www.file-upload.in
content-type: application/json
access-control-allow-credentials: true
content-length: 0

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
234 B 70ms
21ms XHR
text/plain 141.95.33.120
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.95.33.120 , Germany, ASN16276 (OVH, FR),

Reverse DNS

ns3203256.ip-141-95-33.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.file-upload.in/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.file-upload.in
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 235 B
695 B 145ms
53ms XHR
application/json 54.194.65.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.65.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-65-19.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 8dd5b0135ae3bbc47fbc4799f68b378426952a4b172527a3fa10386b4bc5735e

Request headers

Referer: https://www.file-upload.in/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache
x-server: 10.45.2.250
access-control-allow-credentials: true
content-length: 235
expires: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
482 B 55ms
54ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_fluid_sq_fluidsquare&pdc=0.4551178336143493&ucv=null&e=tcp&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c5bbf94f0cb-CDG

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
480 B 50ms
50ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/x/e.js?ce=da&r=file-upload.in_fluid_sq_fluidsquare&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEWE8MB1SX911MVYFBP7671S
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "901b70ae40b5b064aef6259e869a717e-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c5bbf95f0cb-CDG

GET
H2

200

sid Show response
mug.criteo.com/ Frame 4A8E
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=file-upload.in&sn=ChromeSyncframe&so=0&topUrl=www.file-upload.in&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=w35EP3xGNlNHdmI3TE9saUVHSVl0c3N2cU9seXNiRFlZN2UvUWVFN2N4eU0zenN1bkU0ZkhmL0MwZzhOMUhWQ1FPYitjdVBuTTRGTFRFc2RmbDNUWkdiQ1FtcU11V2gzaXVsaFdJQXIxSSsvM0htbFNabzdYR3puT1A2Yl...

462 B
661 B

30ms
29ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=w35EP3xGNlNHdmI3TE9saUVHSVl0c3N2cU9seXNiRFlZN2UvUWVFN2N4eU0zenN1bkU0ZkhmL0MwZzhOMUhWQ1FPYitjdVBuTTRGTFRFc2RmbDNUWkdiQ1FtcU11V2gzaXVsaFdJQXIxSSsvM0htbFNabzdYR3puT1A2YlRvZHMwRGhuSGJwVkNxUGIrYU02WjFFT2JJM2FoL0dyNWNaNTE2T25CdFVPWVNhSGIzMjkwa0JXc3hYNmFPV1AyQm9xT2NDQTBmeFA4QS9jZmhKdXYxQWgxL1g0dEkrSzQ5ZEFBOXVNSFcvV1VjSkoxbGpNZzRnVHppbVd5NVF3OHo5cVAvV0FsV1RzMyt6dVZIc2NTc3dQVUJiSjhMOVphU3lpcFArUXVvazd1cE1wL3JqOD18&cppv=2

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

caeccc8f437755b14a601341f9a95c8e8675884042b2df670b81b04afad75de3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2973196
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=w35EP3xGNlNHdmI3TE9saUVHSVl0c3N2cU9seXNiRFlZN2UvUWVFN2N4eU0zenN1bkU0ZkhmL0MwZzhOMUhWQ1FPYitjdVBuTTRGTFRFc2RmbDNUWkdiQ1FtcU11V2gzaXVsaFdJQXIxSSsvM0htbFNabzdYR3puT1A2YlRvZHMwRGhuSGJwVkNxUGIrYU02WjFFT2JJM2FoL0dyNWNaNTE2T25CdFVPWVNhSGIzMjkwa0JXc3hYNmFPV1AyQm9xT2NDQTBmeFA4QS9jZmhKdXYxQWgxL1g0dEkrSzQ5ZEFBOXVNSFcvV1VjSkoxbGpNZzRnVHppbVd5NVF3OHo5cVAvV0FsV1RzMyt6dVZIc2NTc3dQVUJiSjhMOVphU3lpcFArUXVvazd1cE1wL3JqOD18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 246283
content-length: 0
expires: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 120ms
71ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202311090101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dcbc7a3c545f6f4587e0d31d09534d684f93a704f3fd5c5494172e144fb9e915

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12367
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 374ms
373ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=364172630815219&correlator=2294359880291775&eid=31078986%2C31079659%2C31079662%2C31079240%2C44807747%2C31079525&output=ldjh&gdfp_req=1&vrg=202311090101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2Cb6d4a9d1-0710-4eee-90c9-3acb530eed97&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1024x280%7C750x300%7C750x200%7C930x180%7C970x250&ifi=6&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701022463324&lmt=1701022463&adxs=245&adys=1730&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=6&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=1110x296&msz=1110x296&fws=0&ohw=0&ga_vid=1540111154.1701022463&ga_sid=1701022463&ga_hid=1783726712&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRi76tvmwDFIAFICCG8SHAoNY3J3ZGNudHJsLm5ldBiI6dvmwDFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGIjp2-bAMUgAUgIIZBIZCgpwdWJjaWQub3JnGPnp2-bAMUgAUgIIahIdCg5lc3AuY3JpdGVvLmNvbRiI6dvmwDFIAFICCGQSFwoIcnRiaG91c2UY4enb5sAxSABSAghqEhQKBW9wZW54GIjp2-bAMUgAUgIIZBIZCgp1aWRhcGkuY29tGIjp2-bAMUgAUgIIZBIbCgxpZDUtc3luYy5jb20YiOnb5sAxSABSAghk&dlt=1701022462333&idt=753&prev_scp=ti%3Dd55fc5c6-21c0-468e-9463-667850cbe79e%26chrand%3Dy%26pof%3D0%26bid%3D0.29%26bid-p%3Dgoogle%26bsc%3D92&adks=1354342239&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f8f02441e76ea02e785b7e75347c86dd9121ce45b92fbd8d6a6a9798ccf437d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12739
x-xss-protection: 0
google-lineitem-id: 5563951594
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138332681208
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 164ms
117ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 26 Nov 2023 18:14:23 GMT

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 4471 572 B
799 B 83ms
32ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: b00ab38b6c577e674590ab461d7a5c09a910a1d1680a62c334e9201d51f16c10

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 374
content-type: text/html
date: Sun, 26 Nov 2023 18:14:23 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012310301456000/ Frame 0300 196 KB
56 KB 73ms
21ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6077711ce3174050ccebe6559eb5f0e251942c2cad21900d1c3ef316065565b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 25 Nov 2023 04:19:00 GMT
age: 136523
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56081
x-xss-protection: 0
server: sffe
etag: "6a17d296884b026a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 24 Nov 2024 04:19:00 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 0300 15 KB
5 KB 125ms
74ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 23 Nov 2023 21:48:00 GMT
age: 246383
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5225
x-xss-protection: 0
server: sffe
etag: "0b7142e00666043e"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 22 Nov 2024 21:48:00 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 0300 95 KB
29 KB 119ms
67ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 25 Nov 2023 01:47:30 GMT
age: 145613
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29077
x-xss-protection: 0
server: sffe
etag: "7b1f1965b6cd6fda"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 24 Nov 2024 01:47:30 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 0300 5 KB
2 KB 117ms
66ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 24 Nov 2023 22:04:26 GMT
age: 158997
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1911
x-xss-protection: 0
server: sffe
etag: "5b0a82507b260c6e"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 23 Nov 2024 22:04:26 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 0300 40 KB
13 KB 110ms
59ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 23 Nov 2023 23:09:32 GMT
age: 241491
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12952
x-xss-protection: 0
server: sffe
etag: "9817e561a46c70fa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 22 Nov 2024 23:09:32 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0300 4 KB
1 KB 82ms
31ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 26 Nov 2023 16:28:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 26 Nov 2023 18:14:23 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0300 2 KB
3 KB 21ms
21ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:17:56 GMT
x-content-type-options: nosniff
server: cafe
age: 3387
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Mon, 27 Nov 2023 17:17:56 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0300 295 B
665 B 20ms
20ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 21:36:38 GMT
x-content-type-options: nosniff
server: cafe
age: 74265
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sun, 26 Nov 2023 21:36:38 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
480 B 43ms
43ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=0.4&b=1&r=file-upload.in_auto_728x90_sticky_display_bottom&sy=84fe9a21-b333-4c64-8672-e71219db5c13&ts=92&cd=2&pud=410&pus=c&pue=682&pid=150&pis=c&pie=831&ppd=303&pps=a&ppe=985&pcl=440&ttc=986&tti=1460&ttif=0&lca=985&lcak=ppe&lct=985&lctk=ppe&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.file-upload.in&mlre=www.file-upload.org&mlin=0&mlsi=728x90&mlbw=4g&mlcs=NaN&mltp=d55fc5c6-21c0-468e-9463-667850cbe79e&e=lm&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c5d1a44f0cb-CDG

GET
H2 200 6592766407814317453
tpc.googlesyndication.com/simgad/356718658959869157/ Frame 0300 53 KB
53 KB 21ms
21ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/356718658959869157/6592766407814317453

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd1fbf0a32820cd5eaa136a0144b0b37e19c11b07642a21d73208e2855c798d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 11:34:08 GMT
x-content-type-options: nosniff
age: 369615
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53970
x-xss-protection: 0
last-modified: Wed, 22 Nov 2023 09:33:13 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 21 Nov 2024 11:34:08 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/462894021858575030/ Frame 0300 1 KB
1 KB 49ms
49ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/462894021858575030/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2c65fc17976241c7932b0ff1785dd729fcc5ece78273759a9a17302611c71c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:28:24 GMT
x-content-type-options: nosniff
age: 92759
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1238
x-xss-protection: 0
last-modified: Mon, 04 Jul 2022 08:41:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 24 Nov 2024 16:28:24 GMT

GET
DATA 200
OK truncated
/ Frame 0300 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7c64f5f91fab24648cb9728fb05e7dd8092749b557ad00bfde446f44115566b

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 4471
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2350489431911942724

43 B
106 B

49ms
30ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2350489431911942724
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2350489431911942724
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame 4471
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=f3821b63-03dc-c124-12e7-da6306bd0a9c
https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=f3821b63-03dc-c124-12e7-da6306bd0a9c&dcc=t

43 B
855 B

209ms
209ms

Image
image/gif

67.220.228.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=f3821b63-03dc-c124-12e7-da6306bd0a9c&dcc=t

Requested by

Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5

Protocol

HTTP/1.1

Server

67.220.228.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 26 Nov 2023 18:14:23 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: EJM1FSGCT77VWF9ZZERF
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 26 Nov 2023 18:14:23 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: Z9GGVJNJCC04FWD301ES
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=f3821b63-03dc-c124-12e7-da6306bd0a9c&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 4471 70 B
149 B 127ms
40ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=ab54671e-1f76-7ade-d2e9-58f46e8ec17c&gdpr=0
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 4471 170 B
409 B 89ms
30ms Image
image/png 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ODczYmI0ZDQtZDYwMS0yNDdhLWM3MDktMDI0ZGE0NmMwZjFj

Requested by

Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 4471
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPGKZjSzhE7c_vzIo0ddrSY&google_cver=1

43 B
180 B

36ms
30ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPGKZjSzhE7c_vzIo0ddrSY&google_cver=1
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPGKZjSzhE7c_vzIo0ddrSY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C866 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:23 GMT
expires: Mon, 25 Nov 2024 18:14:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
478 B 172ms
172ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=0.29&b=1&r=file-upload.in_fluid_sq_fluidsquare&sy=84fe9a21-b333-4c64-8672-e71219db5c13&ts=92&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.file-upload.in&mlre=www.file-upload.org&mlin=0&mlsi=1024x280&mlbw=4g&mlcs=NaN&mltp=d55fc5c6-21c0-468e-9463-667850cbe79e&e=lm&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c5d9b43f0cb-CDG

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0300 15 KB
16 KB 71ms
22ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.file-upload.in
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 20:50:19 GMT
x-content-type-options: nosniff
age: 163444
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 20:50:19 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0300 15 KB
15 KB 74ms
26ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.file-upload.in
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 21:25:42 GMT
x-content-type-options: nosniff
age: 161321
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 21:25:42 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0C79 13 KB
5 KB 21ms
20ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 805
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:00:58 GMT
expires: Mon, 25 Nov 2024 18:00:58 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E5E7 829 B
1 KB 98ms
38ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b1f40f70b6a433d26b33fea99c33bd2b2dfc8ef6df708a063f91f1286e85f898

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Qy3tqBZoWEmPjhhIE_2W9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Qy3tqBZoWEmPjhhIE_2W9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:23 GMT
expires: Sun, 26 Nov 2023 18:14:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9EA1 478 B
781 B 110ms
61ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGNDjtPEBMAE&v=APEucNWCNvOYarDKQQNQKhs0sQTo_nfcgvyG_lbmdcwWMNakZ8hBqezeic_kVTsBka0hqbETEzKuPTwjVjEuTvhms6g6gpdGjA

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:23 GMT
expires: Sun, 26 Nov 2023 18:14:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame C866 172 KB
61 KB 70ms
21ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Origin: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7021
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 16:17:22 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame C866 7 KB
3 KB 67ms
24ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 14:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12579
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 14:44:44 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame C866 23 KB
9 KB 60ms
23ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 15:58:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 15:58:47 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame C866 41 KB
14 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 93421
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C866 3 KB
1 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28660
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C866 20 KB
9 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C866 42 B
63 B 201ms
163ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BZsUGFx0aAkDToGPnClTdAOc8z_CdWh76xLIE2ZSnlenHFHf3FAMfr6carfI-eIQpKqThmih8OdYAMUqzADYVntfuEw89XjqKzg7ACjSs0KbDwtf0

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C866 202 KB
64 KB 105ms
43ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Nov 2023 18:14:23 GMT

GET
H3 200 container.html Show response
9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BED1 6 KB
3 KB 24ms
23ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:23 GMT
expires: Mon, 25 Nov 2024 18:14:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
480 B 148ms
148ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c5debe9f0cb-CDG

GET
H3 200 container.html Show response
9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 178F 6 KB
3 KB 24ms
23ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:23 GMT
expires: Mon, 25 Nov 2024 18:14:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
479 B 36ms
36ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=0.1&b=2&r=file-upload.in_fluid_all_fluidallshapes&sy=84fe9a21-b333-4c64-8672-e71219db5c13&ts=92&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.file-upload.in&mlre=www.file-upload.org&mlin=0&mlsi=1024x600&mlbw=4g&mlcs=NaN&mltp=d55fc5c6-21c0-468e-9463-667850cbe79e&e=lm&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c5e0c32f0cb-CDG

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B570 478 B
321 B 63ms
59ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGNDjtPEBMAE&v=APEucNX8FN43Fe3DHTi4dJREkuC7CzL372v4hwAcGg9IeyMQFsiVqbaZ-jqM3WODN9h6Q1CfEcoAM56wVSPXtqYvHmvKyaI5IQ

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:23 GMT
expires: Sun, 26 Nov 2023 18:14:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame BED1 172 KB
60 KB 38ms
36ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Origin: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7021
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 16:17:22 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame BED1 7 KB
3 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 14:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12579
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 14:44:44 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame BED1 23 KB
9 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 15:58:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 15:58:47 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame BED1 41 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 93421
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame BED1 3 KB
1 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28660
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame BED1 20 KB
8 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BED1 42 B
63 B 164ms
164ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AfTF_WTZZtrXU7ubilp78IRdpSxdLopMUgXjdUIh80NqwWGO2dIa5U6a-44FLfo9MEC-M7JcK6qH-c-ANG9u5FNPqyYPVfKC2dfBTZGkEv4e_ArIQ

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame BED1 202 KB
64 KB 80ms
79ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Nov 2023 18:14:23 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 76F1 38 KB
13 KB 20ms
20ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 93372
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 16:18:11 GMT
expires: Sun, 24 Nov 2024 16:18:11 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C866 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43af2aa1d560a3822f993fd5ea7a710cbfdb883af872c423a375ad95f5ebe1c5

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET view
securepubads.g.doubleclick.net/pcs/ Frame A9CD 0
0

GET ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame A9CD 0
0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 25 KB
12 KB 338ms
337ms Fetch
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=364172630815219&correlator=4363052857276877&eid=31078986%2C31079659%2C31079662%2C31079240%2C44807747%2C31079525&output=ldjh&gdfp_req=1&vrg=202311090101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2C3cc840b3-083d-48a5-9a39-279da3eea261&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1024x280%7C750x300%7C750x200%7C930x180%7C970x250&ifi=7&sfv=1-0-40&eri=1&sc=1&cookie=ID%3D25a75041df16fbb6%3AT%3D1701022463%3ART%3D1701022463%3AS%3DALNI_MZ3CgH3GZyDI_kKXqIAOn_M_8Zyrg&gpic=UID%3D00000cdcb6e8df0c%3AT%3D1701022463%3ART%3D1701022463%3AS%3DALNI_MZy6E2F1lllZVkpAi_xWYs8e3sEyA&abxe=1&dt=1701022463732&lmt=1701022463&adxs=245&adys=1730&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=7&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=1110x296&msz=1110x296&fws=0&ohw=0&ga_vid=1540111154.1701022463&ga_sid=1701022463&ga_hid=1783726712&ga_fc=true&a3p=EloKDWNyd2RjbnRybC5uZXQSQDcxODJiOGNhYTg2ZGY3OWZjMDM2MzM0NGU4MzU0OTQ1YTcwMmQ1NDUzNzc3YjIzNDkzMmMzOGU2YzQyZjcyYzUY1uvb5sAxSAASGwoMMzNhY3Jvc3MuY29tGIjp2-bAMUgAUgIIZBIZCgpwdWJjaWQub3JnGPnp2-bAMUgAUgIIahIYCgl5YWhvby5jb20Yu-rb5sAxSABSAghvEh0KDmVzcC5jcml0ZW8uY29tGIjp2-bAMUgAUgIIZBIXCghydGJob3VzZRjh6dvmwDFIAFICCGoSPgoFb3BlbngSLGV5SnBJam9pWlZCb1dWSTNZbmhTVTIxSlVEVkJZME54Ym5sblVUMDlJbjA9GIrs2-bAMUgAEhkKCnVpZGFwaS5jb20YiOnb5sAxSABSAghkEhsKDGlkNS1zeW5jLmNvbRiG69vmwDFIAFICCGo.&dlt=1701022462333&idt=753&prev_scp=ti%3Dd55fc5c6-21c0-468e-9463-667850cbe79e%26chrand%3Dy%26pof%3D0%26bid%3D0.08%26bid-p%3Dgoogle%26bsc%3D92&adks=2191225267&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c61e98b1180801c8daa549fb2b41697665091a4248cd75c1d971de27ae9dc42f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12272
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 308D 478 B
321 B 61ms
60ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRi7-tz-ATAB&v=APEucNUnyxv40weTV89OdAQr8zQorRAVoBVRLbVHS3ApCfsm4NCAJgQM8fxJUujzFPsZUW0evNRKCnORFlPQDTzZ3359pIPkkQ

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:23 GMT
expires: Sun, 26 Nov 2023 18:14:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 178F 23 KB
9 KB 25ms
22ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 15:58:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 15:58:47 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 178F 7 KB
3 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 14:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12579
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 14:44:44 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 178F 0
0 120ms
63ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuWaeyZLUEg4N0svWmvG2_V8TABY3Cy87sbULEOYQahPBkdgsObC8J6lPijSgnbbzIhaj6DxUDrEMtrPsQr-SPCjGjvqkcKOtGZFysI8qEb8wHt9I5B20Y5FTx-GRcjg-13RAyPrl5pSDds1VnQDZ9248kSJXgDyxnYm0HhhWM__2CuK6J7TkW67hXa3H1vjS3gtqin2zHHgAVE-xpdAGEGUyl9veDK6fUIeAWVb1M5ABNDQnlTQtM-ZvB4oFWqPNChHZuydzj9kes3r7ssYUi3d3FJsC8JbA_qbZNSPUpk1XYJvGm46SV4o8pVqIegM4VoRv7evVQ_0yJNktw4AUMPlk69cpgvwRBMU9skCnveJLA1fX9Mci0W_cbSh-rxoj-5PThTuzMPi_VuzYNiBUfI9_D3fCi9-bJj17bBkWq9_0ZkeRWtgmW57KJbCZtyQIKTR-0ZgHUllNw1EmXXb1e0u72zaztOwx8sUizSE-olG91RQhVb8-E7yrI8E-fwqBYUl-GKEIHCi6rd8HxUO24kZidgYRkcsHjiZdZW282-EPh9b8sssPSastC-iPJjksjMyM5tlZdw8y-KOEIxTeEk2Neo0gCWsa-RmvVwaZwUFD2C97INQHaVgxrRR5YnFtdh2RjsNRs4oE8HA-vu3uziiT5qAG5jmbMtEfmboOPzPNOY_RQrAq6JwGFkATi7J53bIGqEMaNGAPKb4zAETn-ejcGVB5tMb4Zelhn3gMszAU_4zh9J5K-sV4lP93AN3eh1oGwv1XRoKtC3u63WzB9L8nSMbaRCP6ksNti_9p1Xcu_yr3K4Toibe4WrqZddd7pNkPlgILkBKZ_ZzXSGktr2ClzX899-TAPAGkJA9iBfFAM59dhYT4EgBG8gF_rDHKR8SiYbZiSsUjxRyGStHcW7CVvHvrtW0pUj8lassLGH-52CS0pnTBhobUaH5BWs5tCMv6OgpM7h9a2WOXoHursaw2tfpFNU425HbluQ6ZqHhkAQXareoyiQavvvWNpkg1_TZmStn1mgmWTbj9a6iMmLH2_73debdzSORp9Munng1b2RxlGR40xMAc47Y_5eCdwTTdo85Va_TkMYnri7s9id7KsFirNQt-VfDP2f6dowa-9xtqOIZdNJmtDYGkQs9IFkKNCSO2KygK5P9LZZSOCQSe1hPOXHebV7efnKXJeBy_PGa_EenNsbTdBPvlgJtTKYvV-MeTJ5P2QTLg93fdkE_sDwUVZQAFSC2-s2xgWuspxgcY1Iw9LjSxpD1e7ZJx5MhZ8_SJWHZ-KC-hD8wwp6Qed385hRtejve0iAkf47VCrTb-2JGoIy7mELZbCTdGIzka2CqK5TsVo6seTF5ttuoj966L-NjUXWpdQFflbJzVv48Mn-1zqifzRb8m-Ch9x4MHLvV5nUkkrotnzSsO66FMg&sai=AMfl-YRyz-Gun54Z6vCbKu9VQ8pkoEKMYACul1lsOj3AdhsVRmx8-rCVpOMKs829OEeeNCFMGylqviFKSBGPus2h4P854plPTwIqZu0UnT14v4xFDwlNYxo865hwtAFYrDtzPPBfXLmm_XC2eESgqwvl7bBNNxKiH76T7wig7iSp_qhCyE54dVRLzTj8hDUjKjyp5rLWfkxukhS3cGlcX3XVpuIjdD0RV_5T-Myl38muurVKb2VTR20GPTgVr2fIyhzrTpXUYwynA9-r4Ak8B_we0s8u74iyOaxxuBnG9lKdQQEytmiAVn8nEsi62-x-QUpk-2FaSVPK2NY3l4LuKejj-zBoczwmWAGSwhUNNvX_weS7xa8mqIbEjOvtRMbBBuRrFyD4UgEv5QHUznCjGV-EW5faV2YLxl4KuUC7035DcMFj6KxEzONvJU0IntzFFasTDCEXiTIsIkVueimXE66cci6Wjup4p5O-9oRNJSQtcqglPOoo0s5QIPU&sig=Cg0ArKJSzCLe_H7iTeUiEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231109.56329&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 26 Nov 2023 18:14:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 178F 41 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 93421
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 178F 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28660
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 178F 20 KB
8 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 178F 42 B
63 B 165ms
164ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C3QXhpBvafvV9Igb6RIcg0QYUoGoIsTF8cA3netNK2jHBRRRLwa9-qkgrcPjZj00ufL_orLQBE_QUsUTece90iYfYMSJPr17V2OqwbD0Y-6EhJ6QA

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 178F 202 KB
64 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Nov 2023 18:14:23 GMT

GET
H3 200 16443024057201933705
s0.2mdn.net/simgad/ Frame 178F 90 KB
90 KB 71ms
22ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/16443024057201933705

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0b70a0f342b8f3eb5ba7787ecc51ff651e3b70114d07c96bb77270956a7a470

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 20 Nov 2023 07:59:41 GMT
x-content-type-options: nosniff
age: 555282
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92365
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 14:44:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 19 Nov 2024 07:59:41 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 0C79 39 KB
15 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28655
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 9EA1 170 B
232 B 31ms
30ms Image
image/png 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGNDjtPEBMAE&v=APEucNWCNvOYarDKQQNQKhs0sQTo_nfcgvyG_lbmdcwWMNakZ8hBqezeic_kVTsBka0hqbETEzKuPTwjVjEuTvhms6g6gpdGjA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 9EA1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1&C=1

43 B
525 B

76ms
75ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGNDjtPEBMAE&v=APEucNWCNvOYarDKQQNQKhs0sQTo_nfcgvyG_lbmdcwWMNakZ8hBqezeic_kVTsBka0hqbETEzKuPTwjVjEuTvhms6g6gpdGjA
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mR8v1xQi5Gg53yB2sbak1nfh5Eg2bz47GUNTt5DBMXFG7Xsi4yVKlyMBX9TVePuJ3yn89W8SiVd%2FUJSbFTo%2FglxO3LDN11iBBT%2F%2BfGWoXlEd5Mb6OnFCzjaCZf0RD6IefNbN6TEDK41PjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c41c5f7b21f1a8-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KQhlCXQDIqwAnZnc%2FkpLG1US8HiGamHnPjXPJmAaNJhWeAXn6hZoU9VhKYHg9ZkNicgy99dyEfBKjFgx3yck%2Fs8K0QrLWKgbnnVieZrctPbumYxFQcnL5u5pfTYA%2B7Nn%2BcTjHptrTpGiMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1&C=1
cache-control: no-cache
cf-ray: 82c41c5f0a41f1a8-CDG
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 9EA1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWOK-80lH6xRrrEu1AxxfAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1

43 B
729 B

45ms
45ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGNDjtPEBMAE&v=APEucNWCNvOYarDKQQNQKhs0sQTo_nfcgvyG_lbmdcwWMNakZ8hBqezeic_kVTsBka0hqbETEzKuPTwjVjEuTvhms6g6gpdGjA
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eICLdxSB7wQuva118no6svmHu0gIYqCta9cBE%2FAGXJxc7YMgVDe52Ncm5mRTPTIIFl8jbmDfObn8ugX7SPNz7LqJzOvQ2dSF0NQg5v4SDPoxbV2EesEtRGx%2FShg7geQi0RImhBxAgdAmFA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c41c601d0f01e7-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/13100828894569693184/ Frame 985A 12 KB
3 KB 55ms
30ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985702cc838817c226167bf2081596a6b5fabbb42c3ddee39eacea7f2d27d690

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2799
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:23 GMT
expires: Mon, 25 Nov 2024 18:14:23 GMT
last-modified: Wed, 30 Aug 2023 15:05:03 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C866 0
0 93ms
64ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvCIf6ATKinE0fEQL7Ada-AURUXcvQJoIyFiUPgD_Rco3ZhB6ZlwuLlbLMlFiS3G2oG_8mZ5PMYsqLIY9OHYdfgnT_M0HMxe_CDtD0xiHtz6x2Ar-Cnm0GLTD91oAKy3EgE5NNmNfI_uHUiXfg-Tk6RT965a_FsylKrE_NnT0oN2BDhAX9JtgX5ATKSDRQboD7SiN_PCZm1mvoKPZNh86S-DPfgT5x7gGuJ2n8q86Ym2vk_1hnyyksbeHsM4GRU6tqaF-ckz-rpE973SO9WLm_8YEdllpLMcMki7sqYin_58pgYOPR8Re8KTzUK_JPglcMrXE8IcWEKVIIGGpT02pyJfCctAXesxO-zQQGhsmdIrqT8JEjZQsDNUDOP6ydxHhZHxS0HhaBOoC3KgMbGMmZKhZIp4PcPgc5hKKld6lMCeUJPFRdGHY_uA5o7Hsq9CNwY_5a3VI6oBUAVGNoxY5LkqW-M9XqobKcHHkGYbXH93zoh-9xTfNRzX_O8wt-D9-JQAmwBVtn18k4R210N1psONI8ywUNRFsb2oxTcAUHTbBTfny2K-FPpz_Pq5j0LPaxuD8UPSCY3hWtEZr_dEJDhw6jN3ZXQylU7iRU1z182Jk3KkstYQCqrtJBALGfk--2zBEPqyVZfu_32GoCTWCmD0CHDR1M8ZUFoX9Pc-34Xy7ghftAzwQTm5vuHm8VXg6xWBjq9nat7tNm4KlT9yKzB_x3yYcUmfCx4ciAWAg2hTtLHorgLADNNEuWtf_hCTOogxzvWXhRgRMsqk0pSFQj7qLXt8NWjOGN1TZ2sbOWb6yv7K9htxhzfiYLG5xKbx3SiPRnxICDg9B1-2M5MjFdocxRu3q0_ISXXanQCkQAeq27V2Mb9yRYbjKRgCZYcb4JaTihg5pJp1t6kCEyvJuTpX58wxNx_c3YsuzV9o5yMJnm6nLD4rwCP0QAR2wy7OYBTcCUxl_gG7iYCdNmnQybzJSDyoDVT6XAwt-vcmrBgfKzrXrvclWWHfDfLlJCxs8btqREPOsjdXFxFPRxZNkGEy8UfdJkQNcw5SYtcJ7rJtaldd9ecvp3PL3tH_xqOrH2SGXjxsvd7bZjDGi8j6JfjazcbXd6GpqkPU0CnYmok5VzxkQ89flsGjTAQSKRPxJK0pbroTAHpBYgbhUsBOoqTiPx0H0OKjOy625bLWCftoi82UD20YjV3HyXnVNBe5oyY_cpWYEcW-15qmIGF0ss4JR8kuSZtcCOIsoiDH_rL4GRsc8-Y3yY4-tb6l7orckq_IEb5wQXyFwA844xYR7DfsDcyK4-EAAF91TB7QftbteTJMJsb_ojexeAqa76pXoyfnUX7QKrZWaodAAQxhhYmdJ_jmgM5-BmMs3jmkX5Is0AL-y63Kx5nRFOXXX9-L76Fc1DzzWvEb5f7itJi7SGeAfGUlA&sai=AMfl-YRwkKILPI1ZGXtsoDvlFaIQXBiiZofFss02SzGVpXu3GUrGTlF5o2hzRhinO87pKwoayZTvntsuOdJkq4AKXeiG54RYGphWcMfbukh1w0TdddBzh7blQOiqklWZjrhPOR4KOycYFYFL1JLBZt7T2KJ53rq3ZHxj8o1d_C5UJe28I012ydYD3AoHRe3qxEL60WoOQE2vsQNcb_qKHwpzsY9z0Jgj3_aMEZD8xmSYOv5G8CzqkmT_QtlCIkdUxk8tovmwAiCGKAFSauCGneWJi9rST1QhHFY468kuPu-MQ1HfEvLMX2OSB_lQpEe9sbcNOEbyZF7MZZ8UN87TEtW_1C6OKRZh5OuVuGPzzp-Akx6n8jHY45as-KX2mXGXDuS4LSTYCTQtl1pWL84k9A20gyBWdmb0uRVUoAztQj34WGRS-Ch_kQmMtBoM-Xb3ER4xZQngZGR5P3n4bVOOYcSE7FL8V5Fs3PBWK9e53nn-TD8KbNvkcJZO8jB-5Hf8ig&sig=Cg0ArKJSzENKfXXdSur4EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=134&cbvp=1&cstd=130&cisv=r20231109.42405&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 26 Nov 2023 18:14:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0300 0
0 70ms
69ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CwMd9_4pjZeq3CqL1x_APjtyQwA2d57yWdOSWrqCVEse319C0QRABIJWbyiFg9YWAgPwDoAG52cH8A8gBCakCTjWKi1YAsz7gAgCoAwHIAwqqBLQCT9D1KopcfwXgHkCEuQGzMZip0khAjy2c2ObcyMsYhyzew0bWtHbMuDOOhmQJnA3lsXuIXPSPe-BZRzDx3QwB3ZsZHpa8WE0R-5eSNtUVcIAuOxPiedx5ITcKC9UhENeDZy2MbvwYaslNFt2RoFKDNxS8lskMNfEulGiOUz64qKFni-OLWQeJI0UMBD_yOFM1K1sfphZYaHEaP_2GKx8tw4jJdtyAIWjw_Js3f7AA_3t9MaAl2S8ePWiw4PnFnAA1MQCj9DYKX08gmFjVJHxyePjUzlxv9wte0Hh5ulnTovMhY0r8mR3qF9UMzEJp0aSSain7RFV21AY-wH5j31InPdenjty8cgIFhcIgUUt2De3ePmSVrG4D--Y50dnyEqn_jLwXtSaTiD-vkN4zl_m_pPUwk6HABMKdm_DhA-AEAYgF0Zb6owaSBQQIBBgBkgUECAUYBKAGLoAHr6a-A6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEELfKH9IIFAiAYRABGB0yAooCOgKAQEi9_cE6mgmGAWh0dHBzOi8vd3d3LnlhbGxvLmNoL2VuL2JsYWNrZnJpZGF5P3V0bV9zb3VyY2U9c21hcnRkaXNwbGF5JnV0bV9tZWRpdW09ZGlzcGxheSZ1dG1fY2FtcGFpZ249bW9iaWxlJnV0bV9jb250ZW50PWJsYWNrZnJpZGF5JnV0bV90ZXJtPWVugAoDyAsBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbEC2gwQCgoQgOmlkNfjr6FCEgIBA-INEwjmsK-9ouKCAxWi-hEIHQ4uBNi4E-QD2BMNiBQE0BUBgBcBshceChwIABIUcHViLTc1MDc0MzkyMzM4NjU0MTUY_fkT&sigh=SWd6fQUEzcw&uach_m=%5B%5D&ase=2&nis=5&cid=CAQSTwDICaaNIifslPLkxxUUGtS1rgyBciplbi5VSRMrQCa7aOXDcLnYr7T8Gi88hRqllT3I9THTYLWJw4Uh-g-4rKB0IXTrxegmI5HfPBontTIYAQ&template_id=484&cbvp=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame C0CC 38 KB
13 KB 21ms
21ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 93372
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 16:18:11 GMT
expires: Sun, 24 Nov 2024 16:18:11 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E5E7 0
0 163ms
163ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202311090101&jk=364172630815219&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame B570 170 B
232 B 38ms
36ms Image
image/png 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGNDjtPEBMAE&v=APEucNX8FN43Fe3DHTi4dJREkuC7CzL372v4hwAcGg9IeyMQFsiVqbaZ-jqM3WODN9h6Q1CfEcoAM56wVSPXtqYvHmvKyaI5IQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame B570
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1&C=1

43 B
332 B

65ms
64ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGNDjtPEBMAE&v=APEucNX8FN43Fe3DHTi4dJREkuC7CzL372v4hwAcGg9IeyMQFsiVqbaZ-jqM3WODN9h6Q1CfEcoAM56wVSPXtqYvHmvKyaI5IQ
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0sxhrmLGCzvLqVYPNjT%2BxD6Ak7s0XLwcBGBZ0LxmdRjZsN3FEz%2F1aLI9gw4uFDpC6Yadl6JcfmkxthdCY%2FzjoGEixJt%2B0v6HNTM3NIWbVTjYjcM9orf7A%2BN02OGn%2BH3CyVggkjPRP%2FDupw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c41c5f7b2ff1a8-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vOSrTxT%2B8qwtjjRS8XyMBblV0isx4A8XaFOFFKsgAbJGGh3hlfVuxTVmL2%2BmndiNJ1pGjhXbdwGRoUnbjCTLjwiWnosTXIyo%2FqOKNkNzDz5DJuwmGmUEo334Btvtfh7fEcek%2FM3HavD22A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1&C=1
cache-control: no-cache
cf-ray: 82c41c5f0a43f1a8-CDG
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame B570
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWOK-80lH6xRrrEu1AxxfAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1

43 B
739 B

41ms
41ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGNDjtPEBMAE&v=APEucNX8FN43Fe3DHTi4dJREkuC7CzL372v4hwAcGg9IeyMQFsiVqbaZ-jqM3WODN9h6Q1CfEcoAM56wVSPXtqYvHmvKyaI5IQ
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xPfbkz3mOLkfRx5umM%2BDxFge7XvLcpY0udN4obvBdeKYabL9nI87H%2BpIc3YW%2BIuL1OyoB5Zig%2B6ahmJO4xTU%2BVO2E5Cn62HQhGZ%2B9Du3PUnyeXMj5D8T3pE1WxpudUCuoDDW%2BOGOe3%2FWJA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c41c600d0301e7-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame BED1 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9612e9c2043adc2c4ca822988e78c18442e811aa4b0df7f37f4455ed086a44bd

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 76F1 39 KB
15 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28655
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/13100828894569693184/ Frame 26C4 12 KB
3 KB 39ms
32ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985702cc838817c226167bf2081596a6b5fabbb42c3ddee39eacea7f2d27d690

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2799
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:23 GMT
expires: Mon, 25 Nov 2024 18:14:23 GMT
last-modified: Wed, 30 Aug 2023 15:05:03 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BED1 0
0 77ms
65ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssMLsvG_WCazLMjPHMQjH14a8Zc3owQJJjAwRngul7G3n9ZpiJQPOW8p1TbW5l6CTUnKjnss0JP6j-NlZxwrHuV5CAG9fQv0bmdcDARK5jreBFBYTOdzUL4Qg2YWsHGpqWreY4K2mPUVw7B8AsiyuhzqohIwPxJQ3SOCvnaIVPH4IIm1rM6UuUfneGmRjJzeGMFWYNFYLBg6uE5y1BlL_2RFVHiLQMBM9U72MpNAj-j6vbF5hsPxUraTXJBMjCm_hkVNiz_sbnJao_38W9lIcp65BVbFqxCFIroa1Euz93K7wengCzU4WvI-gbD41solrW33F34xoPPFf1mGOVN103LDfLloKJcxViVDwu240UKyjeeoDMRW9qdcVAerUpkUAVDLV37pUanEZ5BwM7wflWWUeyw1VxwT9aouhbOwQNHdtXOu52ud3Gsiflxmfa0jswOb7mPFZ313TrggEbqqj9ERRCNWwdCY9HZirDY1crRN6lMgSTPB0JE5oAF0F5XxQwm-dL2q0t3DhDO9Cg7ZGtBg8EFQBcmIQyWYIc6dr3wOq0LFqzApxHJkfFn7ldSy5ju6jofP63z6R-rop8cOL09vOkzBBqje6qxoKLZ4rNwLXnm1hB9u7dFBazwfTK5gAn-YWHpJhZW3tj4cMY7-dx0lsXJmPeCYnmiRy8bYj6CiGnWsk-51myL9uiKeYDlRU-33D4tXu3-FNazsRRf91-ct45DGiZ9OFSF_f6FupJdo_Z4bVtMZYv6Uo-F8yjrQPLx9ErA8S4_6SsvmXwG3kPuocjPCxkcGt-ZGzlqm54NOTPn0BG0dST6FwArt_flZJnovjnJuTQDhO-hl5FeO3uxqNmIB-xNgcNbIVBZhE8BEPxSyg8l6RuXKSjLzU63v8CxLgIf7B7SaeJjimESvCZvK9McnW08_w3qA4TGJHjL0QZiiAb9GCxhz_C_zx1zkisgPH-hrvVHxDgpHT01E4k-HmIZuMB5j5kSnO3P09mBye7GzC3SGkS3mHh0eGjQJNM5q5xrwa2VarPIHHhB40W4fdiuhqaGvsjcGiN8CVTM1eSc7JN1Mo13IjMxygyu1LEG_dPpbnC3oHrmnHrRAt5S7lXqH2YWN7v5BqHJfRpTKCI7GKxJ1k-12qAOpu-W3RL9KD-hHRrw35cjz72Guks9EfrLvb3HU7jaSwwmp4kakBxowCFerBCd1r9y-9lWQS1OQzCH21r2v4yCPNPBM0sC6B453RxU6X4flNxSTzC_HVqbcOu8tsw7vmkjrlxLBrWP9a-Iu3HZd6VYSha9Y3iW7BWiCK6mA7E5mfvzPdjb3UXNCFjPcfbv-Z5Qw8WRWtWaOGugV1QD4eXnVzpRRfdvyNpfQEc2ZdBfge-68boeapy9toNSVJ7wPeyjxh7KIPsXVdGmTXugu5k1ooKXpdep&sai=AMfl-YTW7KEuNmtf76ms6CQOej41Kaza8GQCMsqphxSRzgBV3OnvgdCDsqPL270_Kk0CZpmSEInjwQXkuLq5gWwgvSBRX8J5mrmIi8w70FMRJEvadJrFvOEf_QVgPOrhNrhVJej1WpbhycGezki9tUS8yx3IqjbAJL6HBrZ448UZh9HjUBp8v8KseePXSQfGcynABhFs-DIPxfuVvjXdzzBRmvCBFHVNd71JypviKDcJmQo4F9GDHxdUeLr_HMeXk9iTVw72ZwjsrV-CfxZak8C0-_P1-WUo-c3QFaQDkVfsIg9QMTrceA_iNkjLlqrG4suMlBnuXoI34S0K2IljhQ4fP2RdvrNKmgtpvnYZ37hVrBo-iHSYslj9Yr8ssfa491x-22-sloLlACY_fTkOx3_Hr_9tdaLUTOMITpKeuEYYilax2t-1OOwAB1-GoTHpdAs3_vGKTOQC1h07pAesGGuAO0dbLgIf2UYWui5_7KKNstShKfPRjueuMYr6xqNZnQ&sig=Cg0ArKJSzJgcACJszOwVEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=85&cbvp=1&cstd=82&cisv=r20231109.93986&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 26 Nov 2023 18:14:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 container.html Show response
9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 743D 6 KB
3 KB 23ms
22ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:23 GMT
expires: Mon, 25 Nov 2024 18:14:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
481 B 34ms
34ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=5.37&b=1&r=file-upload.in_auto_interstitial_desktop&sy=84fe9a21-b333-4c64-8672-e71219db5c13&ts=92&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.file-upload.in&mlre=www.file-upload.org&mlin=1&mlsi=undefinedxundefined&mlbw=4g&mlcs=NaN&mltp=d55fc5c6-21c0-468e-9463-667850cbe79e&e=lm&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840214
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c5f1e23f0cb-CDG

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 2B49 38 KB
13 KB 20ms
20ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 93372
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 16:18:11 GMT
expires: Sun, 24 Nov 2024 16:18:11 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 178F 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 32fd0dfe77f8d8c1fa5dc80a0b05db4c7d2607d593604b8f88563336cf3c0784

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 308D 170 B
188 B 35ms
35ms Image
image/png 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRi7-tz-ATAB&v=APEucNUnyxv40weTV89OdAQr8zQorRAVoBVRLbVHS3ApCfsm4NCAJgQM8fxJUujzFPsZUW0evNRKCnORFlPQDTzZ3359pIPkkQ

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 308D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1

43 B
459 B

58ms
57ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRi7-tz-ATAB&v=APEucNUnyxv40weTV89OdAQr8zQorRAVoBVRLbVHS3ApCfsm4NCAJgQM8fxJUujzFPsZUW0evNRKCnORFlPQDTzZ3359pIPkkQ
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mItUpnai53VKi%2FtMsHncDOtNkGuIHdrip2oazk%2FWrAXSDMU5tXI4nYY48QTaYyaN301rEgygzZ7MlYPbDDYkZLJ%2Fg0EmbWDhWee4ZmimNOXPTHiS52o5gNF7FH81toeGTuRPoo%2BYy%2BiN4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c41c5f7b16f1a8-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 308D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWOK-72vWO6MZIoGcFS2pAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1

43 B
734 B

46ms
46ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRi7-tz-ATAB&v=APEucNUnyxv40weTV89OdAQr8zQorRAVoBVRLbVHS3ApCfsm4NCAJgQM8fxJUujzFPsZUW0evNRKCnORFlPQDTzZ3359pIPkkQ
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hh%2FDUMWWAi2%2By3P1NLbwEynOBOFxegZU9HxraHo20w4rHJBt0GLrvb8ChoiaCjUmIRE5R7W2%2BXzTKdzKud4Da4anZaMCGuAgkQsy5x%2BJIPdWLSlFyBs%2BiEehvSP0ftnw1KGuy6IJP2jk1g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c41c607dbc01e7-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/13100828894569693184/ Frame 985A 7 KB
2 KB 25ms
24ms Stylesheet
text/css 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13100828894569693184/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8835f150ccbfbbea9e5cf7bab74d0d2dab47411928e07ef496fe71cfd4677425

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 12:07:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 454032
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1672
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 15:05:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 20 Nov 2024 12:07:11 GMT

GET
H3 200 MuseoSans_300-webfont.woff
s0.2mdn.net/creatives/assets/4466103/ Frame 985A 22 KB
22 KB 36ms
35ms Font
font/woff 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_300-webfont.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

602a48d8418dc75bc51795b3f33e2e49ee38d40c4a658723b0878f1c64a68265

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:06:09 GMT
x-content-type-options: nosniff
age: 494
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22016
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:01:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:21:09 GMT

GET
H3 200 MuseoSans_100-webfont.woff
s0.2mdn.net/creatives/assets/4466103/ Frame 985A 21 KB
21 KB 35ms
33ms Font
font/woff 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_100-webfont.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4da56999476a0550c62f0a269cda43474aaa0f7ba5c461cee58ac2af893bab90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:06:32 GMT
x-content-type-options: nosniff
age: 471
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21880
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:00:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:21:32 GMT

GET
H3 200 MuseoSans_700-webfont.woff
s0.2mdn.net/creatives/assets/4466103/ Frame 985A 22 KB
22 KB 32ms
30ms Font
font/woff 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_700-webfont.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ccc354572f46ed4b26ffec17c24264cce720c1ebab7693af8e88032e46b6544

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:06:09 GMT
x-content-type-options: nosniff
age: 494
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22640
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:03:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:21:09 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 985A 120 KB
41 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7018
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 16:17:25 GMT

GET
H3 200 gsap_3.11.5_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 985A 70 KB
27 KB 83ms
81ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.11.5_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5118140a15e5dbb471f19c06816bcfa44170878bd8fe0ade80c24b7a988d8ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27946
x-xss-protection: 0
last-modified: Fri, 12 May 2023 16:06:19 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:14:23 GMT

GET
H3 200 SplitText.min.js Show response
s0.2mdn.net/creatives/assets/4895796/ Frame 985A 15 KB
5 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4895796/SplitText.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc1627bb5a3f6f3c3cf51ab01bc67a74a851bd203c51fa9210fe41ab096f56ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:05:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 517
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5285
x-xss-protection: 0
last-modified: Mon, 22 May 2023 12:46:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:20:46 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/13100828894569693184/ Frame 985A 14 KB
3 KB 60ms
59ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13100828894569693184/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7e024c6ca820b01d8e6fabf1f416154b5f7c337e4892cecd8e2078fd9cb397f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 12:05:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 454147
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3510
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 15:05:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 20 Nov 2024 12:05:16 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/13100828894569693184/ Frame 26C4 7 KB
2 KB 25ms
24ms Stylesheet
text/css 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13100828894569693184/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8835f150ccbfbbea9e5cf7bab74d0d2dab47411928e07ef496fe71cfd4677425

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 12:07:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 454032
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1672
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 15:05:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 20 Nov 2024 12:07:11 GMT

GET
H3 200 MuseoSans_300-webfont.woff
s0.2mdn.net/creatives/assets/4466103/ Frame 26C4 22 KB
22 KB 53ms
52ms Font
font/woff 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_300-webfont.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

602a48d8418dc75bc51795b3f33e2e49ee38d40c4a658723b0878f1c64a68265

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:06:09 GMT
x-content-type-options: nosniff
age: 494
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22016
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:01:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:21:09 GMT

GET
H3 200 MuseoSans_100-webfont.woff
s0.2mdn.net/creatives/assets/4466103/ Frame 26C4 21 KB
21 KB 50ms
49ms Font
font/woff 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_100-webfont.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4da56999476a0550c62f0a269cda43474aaa0f7ba5c461cee58ac2af893bab90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:06:32 GMT
x-content-type-options: nosniff
age: 471
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21880
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:00:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:21:32 GMT

GET
H3 200 MuseoSans_700-webfont.woff
s0.2mdn.net/creatives/assets/4466103/ Frame 26C4 22 KB
22 KB 49ms
48ms Font
font/woff 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_700-webfont.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ccc354572f46ed4b26ffec17c24264cce720c1ebab7693af8e88032e46b6544

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:06:09 GMT
x-content-type-options: nosniff
age: 494
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22640
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:03:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:21:09 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 26C4 120 KB
41 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7018
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 16:17:25 GMT

GET
H3 200 gsap_3.11.5_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 26C4 70 KB
27 KB 82ms
81ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.11.5_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5118140a15e5dbb471f19c06816bcfa44170878bd8fe0ade80c24b7a988d8ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27946
x-xss-protection: 0
last-modified: Fri, 12 May 2023 16:06:19 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:14:23 GMT

GET
H3 200 SplitText.min.js Show response
s0.2mdn.net/creatives/assets/4895796/ Frame 26C4 15 KB
5 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4895796/SplitText.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc1627bb5a3f6f3c3cf51ab01bc67a74a851bd203c51fa9210fe41ab096f56ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:05:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 517
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5285
x-xss-protection: 0
last-modified: Mon, 22 May 2023 12:46:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:20:46 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/13100828894569693184/ Frame 26C4 14 KB
3 KB 59ms
58ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13100828894569693184/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7e024c6ca820b01d8e6fabf1f416154b5f7c337e4892cecd8e2078fd9cb397f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 12:05:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 454147
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3510
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 15:05:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 20 Nov 2024 12:05:16 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 178F 0
0 57ms
57ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuWaeyZLUEg4N0svWmvG2_V8TABY3Cy87sbULEOYQahPBkdgsObC8J6lPijSgnbbzIhaj6DxUDrEMtrPsQr-SPCjGjvqkcKOtGZFysI8qEb8wHt9I5B20Y5FTx-GRcjg-13RAyPrl5pSDds1VnQDZ9248kSJXgDyxnYm0HhhWM__2CuK6J7TkW67hXa3H1vjS3gtqin2zHHgAVE-xpdAGEGUyl9veDK6fUIeAWVb1M5ABNDQnlTQtM-ZvB4oFWqPNChHZuydzj9kes3r7ssYUi3d3FJsC8JbA_qbZNSPUpk1XYJvGm46SV4o8pVqIegM4VoRv7evVQ_0yJNktw4AUMPlk69cpgvwRBMU9skCnveJLA1fX9Mci0W_cbSh-rxoj-5PThTuzMPi_VuzYNiBUfI9_D3fCi9-bJj17bBkWq9_0ZkeRWtgmW57KJbCZtyQIKTR-0ZgHUllNw1EmXXb1e0u72zaztOwx8sUizSE-olG91RQhVb8-E7yrI8E-fwqBYUl-GKEIHCi6rd8HxUO24kZidgYRkcsHjiZdZW282-EPh9b8sssPSastC-iPJjksjMyM5tlZdw8y-KOEIxTeEk2Neo0gCWsa-RmvVwaZwUFD2C97INQHaVgxrRR5YnFtdh2RjsNRs4oE8HA-vu3uziiT5qAG5jmbMtEfmboOPzPNOY_RQrAq6JwGFkATi7J53bIGqEMaNGAPKb4zAETn-ejcGVB5tMb4Zelhn3gMszAU_4zh9J5K-sV4lP93AN3eh1oGwv1XRoKtC3u63WzB9L8nSMbaRCP6ksNti_9p1Xcu_yr3K4Toibe4WrqZddd7pNkPlgILkBKZ_ZzXSGktr2ClzX899-TAPAGkJA9iBfFAM59dhYT4EgBG8gF_rDHKR8SiYbZiSsUjxRyGStHcW7CVvHvrtW0pUj8lassLGH-52CS0pnTBhobUaH5BWs5tCMv6OgpM7h9a2WOXoHursaw2tfpFNU425HbluQ6ZqHhkAQXareoyiQavvvWNpkg1_TZmStn1mgmWTbj9a6iMmLH2_73debdzSORp9Munng1b2RxlGR40xMAc47Y_5eCdwTTdo85Va_TkMYnri7s9id7KsFirNQt-VfDP2f6dowa-9xtqOIZdNJmtDYGkQs9IFkKNCSO2KygK5P9LZZSOCQSe1hPOXHebV7efnKXJeBy_PGa_EenNsbTdBPvlgJtTKYvV-MeTJ5P2QTLg93fdkE_sDwUVZQAFSC2-s2xgWuspxgcY1Iw9LjSxpD1e7ZJx5MhZ8_SJWHZ-KC-hD8wwp6Qed385hRtejve0iAkf47VCrTb-2JGoIy7mELZbCTdGIzka2CqK5TsVo6seTF5ttuoj966L-NjUXWpdQFflbJzVv48Mn-1zqifzRb8m-Ch9x4MHLvV5nUkkrotnzSsO66FMg&sai=AMfl-YRyz-Gun54Z6vCbKu9VQ8pkoEKMYACul1lsOj3AdhsVRmx8-rCVpOMKs829OEeeNCFMGylqviFKSBGPus2h4P854plPTwIqZu0UnT14v4xFDwlNYxo865hwtAFYrDtzPPBfXLmm_XC2eESgqwvl7bBNNxKiH76T7wig7iSp_qhCyE54dVRLzTj8hDUjKjyp5rLWfkxukhS3cGlcX3XVpuIjdD0RV_5T-Myl38muurVKb2VTR20GPTgVr2fIyhzrTpXUYwynA9-r4Ak8B_we0s8u74iyOaxxuBnG9lKdQQEytmiAVn8nEsi62-x-QUpk-2FaSVPK2NY3l4LuKejj-zBoczwmWAGSwhUNNvX_weS7xa8mqIbEjOvtRMbBBuRrFyD4UgEv5QHUznCjGV-EW5faV2YLxl4KuUC7035DcMFj6KxEzONvJU0IntzFFasTDCEXiTIsIkVueimXE66cci6Wjup4p5O-9oRNJSQtcqglPOoo0s5QIPU&sig=Cg0ArKJSzCLe_H7iTeUiEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=143&vt=11&dtpt=142&dett=2&cstd=0&cisv=r20231109.56329&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 743D 4 KB
744 B 29ms
29ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 26 Nov 2023 18:01:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 26 Nov 2023 18:14:23 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 5F0C 2 KB
553 B 31ms
30ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A400%2C600

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e537bb0b81601eabcdc6dd4e2eb938917a7c6887765651882ec0ed5081c26c67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 26 Nov 2023 18:14:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 26 Nov 2023 18:14:23 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 5F0C 2 KB
822 B 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:09:15 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 5F0C 23 KB
9 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:09:15 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 5F0C 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28660
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 5F0C 20 KB
8 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5F0C 202 KB
64 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Nov 2023 18:14:23 GMT

GET
H2 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame 5F0C 37 KB
16 KB 72ms
21ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 10:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 461109
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 19 Feb 2024 10:09:15 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 743D 15 KB
7 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 07:40:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38034
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6702
x-xss-protection: 0
server: cafe
etag: 11213825687312121238
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 07:40:29 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 743D 205 B
520 B 74ms
26ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 07:42:07 GMT
x-content-type-options: nosniff
age: 469937
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 20 Nov 2024 07:42:07 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 743D 604 B
695 B 75ms
27ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 12:20:23 GMT
x-content-type-options: nosniff
age: 21241
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 25 Nov 2024 12:20:23 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 743D 21 KB
9 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8781
x-xss-protection: 0
server: cafe
etag: 9666818975682992898
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:09:15 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame C0CC 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28655
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 2B49 39 KB
15 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28656
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C866 0
0 58ms
58ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvCIf6ATKinE0fEQL7Ada-AURUXcvQJoIyFiUPgD_Rco3ZhB6ZlwuLlbLMlFiS3G2oG_8mZ5PMYsqLIY9OHYdfgnT_M0HMxe_CDtD0xiHtz6x2Ar-Cnm0GLTD91oAKy3EgE5NNmNfI_uHUiXfg-Tk6RT965a_FsylKrE_NnT0oN2BDhAX9JtgX5ATKSDRQboD7SiN_PCZm1mvoKPZNh86S-DPfgT5x7gGuJ2n8q86Ym2vk_1hnyyksbeHsM4GRU6tqaF-ckz-rpE973SO9WLm_8YEdllpLMcMki7sqYin_58pgYOPR8Re8KTzUK_JPglcMrXE8IcWEKVIIGGpT02pyJfCctAXesxO-zQQGhsmdIrqT8JEjZQsDNUDOP6ydxHhZHxS0HhaBOoC3KgMbGMmZKhZIp4PcPgc5hKKld6lMCeUJPFRdGHY_uA5o7Hsq9CNwY_5a3VI6oBUAVGNoxY5LkqW-M9XqobKcHHkGYbXH93zoh-9xTfNRzX_O8wt-D9-JQAmwBVtn18k4R210N1psONI8ywUNRFsb2oxTcAUHTbBTfny2K-FPpz_Pq5j0LPaxuD8UPSCY3hWtEZr_dEJDhw6jN3ZXQylU7iRU1z182Jk3KkstYQCqrtJBALGfk--2zBEPqyVZfu_32GoCTWCmD0CHDR1M8ZUFoX9Pc-34Xy7ghftAzwQTm5vuHm8VXg6xWBjq9nat7tNm4KlT9yKzB_x3yYcUmfCx4ciAWAg2hTtLHorgLADNNEuWtf_hCTOogxzvWXhRgRMsqk0pSFQj7qLXt8NWjOGN1TZ2sbOWb6yv7K9htxhzfiYLG5xKbx3SiPRnxICDg9B1-2M5MjFdocxRu3q0_ISXXanQCkQAeq27V2Mb9yRYbjKRgCZYcb4JaTihg5pJp1t6kCEyvJuTpX58wxNx_c3YsuzV9o5yMJnm6nLD4rwCP0QAR2wy7OYBTcCUxl_gG7iYCdNmnQybzJSDyoDVT6XAwt-vcmrBgfKzrXrvclWWHfDfLlJCxs8btqREPOsjdXFxFPRxZNkGEy8UfdJkQNcw5SYtcJ7rJtaldd9ecvp3PL3tH_xqOrH2SGXjxsvd7bZjDGi8j6JfjazcbXd6GpqkPU0CnYmok5VzxkQ89flsGjTAQSKRPxJK0pbroTAHpBYgbhUsBOoqTiPx0H0OKjOy625bLWCftoi82UD20YjV3HyXnVNBe5oyY_cpWYEcW-15qmIGF0ss4JR8kuSZtcCOIsoiDH_rL4GRsc8-Y3yY4-tb6l7orckq_IEb5wQXyFwA844xYR7DfsDcyK4-EAAF91TB7QftbteTJMJsb_ojexeAqa76pXoyfnUX7QKrZWaodAAQxhhYmdJ_jmgM5-BmMs3jmkX5Is0AL-y63Kx5nRFOXXX9-L76Fc1DzzWvEb5f7itJi7SGeAfGUlA&sai=AMfl-YRwkKILPI1ZGXtsoDvlFaIQXBiiZofFss02SzGVpXu3GUrGTlF5o2hzRhinO87pKwoayZTvntsuOdJkq4AKXeiG54RYGphWcMfbukh1w0TdddBzh7blQOiqklWZjrhPOR4KOycYFYFL1JLBZt7T2KJ53rq3ZHxj8o1d_C5UJe28I012ydYD3AoHRe3qxEL60WoOQE2vsQNcb_qKHwpzsY9z0Jgj3_aMEZD8xmSYOv5G8CzqkmT_QtlCIkdUxk8tovmwAiCGKAFSauCGneWJi9rST1QhHFY468kuPu-MQ1HfEvLMX2OSB_lQpEe9sbcNOEbyZF7MZZ8UN87TEtW_1C6OKRZh5OuVuGPzzp-Akx6n8jHY45as-KX2mXGXDuS4LSTYCTQtl1pWL84k9A20gyBWdmb0uRVUoAztQj34WGRS-Ch_kQmMtBoM-Xb3ER4xZQngZGR5P3n4bVOOYcSE7FL8V5Fs3PBWK9e53nn-TD8KbNvkcJZO8jB-5Hf8ig&sig=Cg0ArKJSzENKfXXdSur4EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=360&vt=11&dtpt=226&dett=3&cstd=130&cisv=r20231109.42405&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BED1 0
0 58ms
58ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssMLsvG_WCazLMjPHMQjH14a8Zc3owQJJjAwRngul7G3n9ZpiJQPOW8p1TbW5l6CTUnKjnss0JP6j-NlZxwrHuV5CAG9fQv0bmdcDARK5jreBFBYTOdzUL4Qg2YWsHGpqWreY4K2mPUVw7B8AsiyuhzqohIwPxJQ3SOCvnaIVPH4IIm1rM6UuUfneGmRjJzeGMFWYNFYLBg6uE5y1BlL_2RFVHiLQMBM9U72MpNAj-j6vbF5hsPxUraTXJBMjCm_hkVNiz_sbnJao_38W9lIcp65BVbFqxCFIroa1Euz93K7wengCzU4WvI-gbD41solrW33F34xoPPFf1mGOVN103LDfLloKJcxViVDwu240UKyjeeoDMRW9qdcVAerUpkUAVDLV37pUanEZ5BwM7wflWWUeyw1VxwT9aouhbOwQNHdtXOu52ud3Gsiflxmfa0jswOb7mPFZ313TrggEbqqj9ERRCNWwdCY9HZirDY1crRN6lMgSTPB0JE5oAF0F5XxQwm-dL2q0t3DhDO9Cg7ZGtBg8EFQBcmIQyWYIc6dr3wOq0LFqzApxHJkfFn7ldSy5ju6jofP63z6R-rop8cOL09vOkzBBqje6qxoKLZ4rNwLXnm1hB9u7dFBazwfTK5gAn-YWHpJhZW3tj4cMY7-dx0lsXJmPeCYnmiRy8bYj6CiGnWsk-51myL9uiKeYDlRU-33D4tXu3-FNazsRRf91-ct45DGiZ9OFSF_f6FupJdo_Z4bVtMZYv6Uo-F8yjrQPLx9ErA8S4_6SsvmXwG3kPuocjPCxkcGt-ZGzlqm54NOTPn0BG0dST6FwArt_flZJnovjnJuTQDhO-hl5FeO3uxqNmIB-xNgcNbIVBZhE8BEPxSyg8l6RuXKSjLzU63v8CxLgIf7B7SaeJjimESvCZvK9McnW08_w3qA4TGJHjL0QZiiAb9GCxhz_C_zx1zkisgPH-hrvVHxDgpHT01E4k-HmIZuMB5j5kSnO3P09mBye7GzC3SGkS3mHh0eGjQJNM5q5xrwa2VarPIHHhB40W4fdiuhqaGvsjcGiN8CVTM1eSc7JN1Mo13IjMxygyu1LEG_dPpbnC3oHrmnHrRAt5S7lXqH2YWN7v5BqHJfRpTKCI7GKxJ1k-12qAOpu-W3RL9KD-hHRrw35cjz72Guks9EfrLvb3HU7jaSwwmp4kakBxowCFerBCd1r9y-9lWQS1OQzCH21r2v4yCPNPBM0sC6B453RxU6X4flNxSTzC_HVqbcOu8tsw7vmkjrlxLBrWP9a-Iu3HZd6VYSha9Y3iW7BWiCK6mA7E5mfvzPdjb3UXNCFjPcfbv-Z5Qw8WRWtWaOGugV1QD4eXnVzpRRfdvyNpfQEc2ZdBfge-68boeapy9toNSVJ7wPeyjxh7KIPsXVdGmTXugu5k1ooKXpdep&sai=AMfl-YTW7KEuNmtf76ms6CQOej41Kaza8GQCMsqphxSRzgBV3OnvgdCDsqPL270_Kk0CZpmSEInjwQXkuLq5gWwgvSBRX8J5mrmIi8w70FMRJEvadJrFvOEf_QVgPOrhNrhVJej1WpbhycGezki9tUS8yx3IqjbAJL6HBrZ448UZh9HjUBp8v8KseePXSQfGcynABhFs-DIPxfuVvjXdzzBRmvCBFHVNd71JypviKDcJmQo4F9GDHxdUeLr_HMeXk9iTVw72ZwjsrV-CfxZak8C0-_P1-WUo-c3QFaQDkVfsIg9QMTrceA_iNkjLlqrG4suMlBnuXoI34S0K2IljhQ4fP2RdvrNKmgtpvnYZ37hVrBo-iHSYslj9Yr8ssfa491x-22-sloLlACY_fTkOx3_Hr_9tdaLUTOMITpKeuEYYilax2t-1OOwAB1-GoTHpdAs3_vGKTOQC1h07pAesGGuAO0dbLgIf2UYWui5_7KKNstShKfPRjueuMYr6xqNZnQ&sig=Cg0ArKJSzJgcACJszOwVEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=298&vt=11&dtpt=213&dett=3&cstd=82&cisv=r20231109.93986&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0C79 0
10 B 21ms
20ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?NxAD_A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 container.html Show response
9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 43A8 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:23 GMT
expires: Mon, 25 Nov 2024 18:14:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
479 B 37ms
37ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_fluid_sq_fluidsquare&pn=1&sn=2&pc=0.4551178336143493&ds=true&e=wdp&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:24 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840215
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c60ca37f0cb-CDG

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
482 B 43ms
43ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=0.08&b=2&r=file-upload.in_fluid_sq_fluidsquare&sy=84fe9a21-b333-4c64-8672-e71219db5c13&ts=92&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.file-upload.in&mlre=www.file-upload.org&mlin=0&mlsi=1024x280&mlbw=4g&mlcs=NaN&mltp=d55fc5c6-21c0-468e-9463-667850cbe79e&e=lm&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:24 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840215
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c60ca47f0cb-CDG

GET
H3 200 MuseoSans_100-webfont.woff2
s0.2mdn.net/creatives/assets/4466103/ Frame 985A 17 KB
17 KB 21ms
21ms Font
font/woff2 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_100-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80517662352655810cd94d92070d02d75b231c2159cb5b92e6c9b6ceb1bea2d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/style.css
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:59:26 GMT
x-content-type-options: nosniff
age: 898
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17148
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:00:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:14:26 GMT

GET
H3 200 MuseoSans_700-webfont.woff2
s0.2mdn.net/creatives/assets/4466103/ Frame 985A 17 KB
17 KB 26ms
26ms Font
font/woff2 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_700-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2408e86e87c5df52e8160530980e94acf40b083adb5f330abd9ad21b5b5f65e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/style.css
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:05 GMT
x-content-type-options: nosniff
age: 19
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17804
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:03:46 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:29:05 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 985A 8 KB
6 KB 65ms
63ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ebef5f6a2c155457cc6be25fe8f2e8e4e38811aecf159fc41576f9475538819f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:24 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5849
x-xss-protection: 0

GET
H3 200 bg_AG_994x250-1_sprite_loop.jpg_1695026509831_bg_AG_994x250-1_sprite_loop.jpg
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/ Frame 985A 588 KB
589 KB 35ms
35ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/bg_AG_994x250-1_sprite_loop.jpg_1695026509831_bg_AG_994x250-1_sprite_loop.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7efc89ac4db458d3a22b50571053c844d6f2ada30f441f3df27aaf990233f79a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 02:52:54 GMT
x-content-type-options: nosniff
age: 141690
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 602538
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:42:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 24 Nov 2024 02:52:54 GMT

GET
H3 200 bg_AG_994x250-2_sprite_loop.jpg_1695026509831_bg_AG_994x250-2_sprite_loop.jpg
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/ Frame 985A 598 KB
598 KB 43ms
42ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/bg_AG_994x250-2_sprite_loop.jpg_1695026509831_bg_AG_994x250-2_sprite_loop.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cb3354a147145129541ccc6fc2652fb83784a9be01f924f02d21ade8ddab389e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 21:22:39 GMT
x-content-type-options: nosniff
age: 334305
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 612249
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:41:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Nov 2024 21:22:39 GMT

GET
H3 200 bg_AG_994x250-3_sprite_loop.jpg_1695026509831_bg_AG_994x250-3_sprite_loop.jpg
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/ Frame 985A 598 KB
598 KB 33ms
32ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/bg_AG_994x250-3_sprite_loop.jpg_1695026509831_bg_AG_994x250-3_sprite_loop.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69ae973a822fba162d3599a0c97a3267fb0d30111a116d832266705923b1db6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 02:52:54 GMT
x-content-type-options: nosniff
age: 141690
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 612615
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:42:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 24 Nov 2024 02:52:54 GMT

GET
H3 200 front_994x250_voegel-1_sprite_loop.png_1695026509831_front_994x250_voegel-1_sprite_loop.png
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/ Frame 985A 42 KB
42 KB 25ms
24ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/front_994x250_voegel-1_sprite_loop.png_1695026509831_front_994x250_voegel-1_sprite_loop.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8227c98e487f64f10143f209d9c28456ed437e4c1938df44d167ab5708ed200f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 17:27:07 GMT
x-content-type-options: nosniff
age: 434837
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42841
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:41:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Nov 2024 17:27:07 GMT

GET
H3 200 front_994x250_voegel-2_sprite_loop.png_1695026509831_front_994x250_voegel-2_sprite_loop.png
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/ Frame 985A 26 KB
26 KB 31ms
31ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/front_994x250_voegel-2_sprite_loop.png_1695026509831_front_994x250_voegel-2_sprite_loop.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a83479b3d7d46e2791bf97a3f2aeff203c1fdf67e54a737e5870049e9b90aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 04:31:06 GMT
x-content-type-options: nosniff
age: 222198
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26254
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:41:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 23 Nov 2024 04:31:06 GMT

GET
H3 200 front_994x250_voegel-3_sprite_loop.png_1695026509831_front_994x250_voegel-3_sprite_loop.png
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/ Frame 985A 37 KB
37 KB 28ms
28ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/front_994x250_voegel-3_sprite_loop.png_1695026509831_front_994x250_voegel-3_sprite_loop.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5993446c48c18adf7077df5ad327811f386261239693c889db7a0f2368c38347

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 17:27:07 GMT
x-content-type-options: nosniff
age: 434837
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37761
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:41:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Nov 2024 17:27:07 GMT

GET
H3 200 flagAG-970x250.png_1695026509831_flagAG-970x250.png
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4933729/ Frame 985A 7 KB
7 KB 29ms
29ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4933729/flagAG-970x250.png_1695026509831_flagAG-970x250.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8408cb444438bb2b15ec0563ee4df596c661d038f4f0af22b0703aa4c2faaccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=QXaMe3KVL5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 16:26:26 GMT
x-content-type-options: nosniff
age: 438478
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6727
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:41:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Nov 2024 16:26:26 GMT

GET
H3 200 6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js Show response
pagead2.googlesyndication.com/bg/ Frame 42DC 39 KB
15 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea1ece673616b82840316d3236fc1a02a37f6eb1fcf653812c7117a3c11b315a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 23 Nov 2023 23:16:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 241087
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15097
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 22 Nov 2024 23:16:17 GMT

GET
H3 200 bg_AG_994x250-1_sprite_loop.jpg_1695026509831_bg_AG_994x250-1_sprite_loop.jpg
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/ Frame 26C4 588 KB
589 KB 33ms
33ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/bg_AG_994x250-1_sprite_loop.jpg_1695026509831_bg_AG_994x250-1_sprite_loop.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7efc89ac4db458d3a22b50571053c844d6f2ada30f441f3df27aaf990233f79a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 02:52:54 GMT
x-content-type-options: nosniff
age: 141690
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 602538
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:42:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 24 Nov 2024 02:52:54 GMT

GET
H3 200 bg_AG_994x250-2_sprite_loop.jpg_1695026509831_bg_AG_994x250-2_sprite_loop.jpg
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/ Frame 26C4 598 KB
598 KB 36ms
35ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/bg_AG_994x250-2_sprite_loop.jpg_1695026509831_bg_AG_994x250-2_sprite_loop.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cb3354a147145129541ccc6fc2652fb83784a9be01f924f02d21ade8ddab389e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 21:22:39 GMT
x-content-type-options: nosniff
age: 334305
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 612249
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:41:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Nov 2024 21:22:39 GMT

GET
H3 200 bg_AG_994x250-3_sprite_loop.jpg_1695026509831_bg_AG_994x250-3_sprite_loop.jpg
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/ Frame 26C4 598 KB
598 KB 36ms
36ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/bg_AG_994x250-3_sprite_loop.jpg_1695026509831_bg_AG_994x250-3_sprite_loop.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69ae973a822fba162d3599a0c97a3267fb0d30111a116d832266705923b1db6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 02:52:54 GMT
x-content-type-options: nosniff
age: 141690
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 612615
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:42:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 24 Nov 2024 02:52:54 GMT

GET
H3 200 front_994x250_voegel-1_sprite_loop.png_1695026509831_front_994x250_voegel-1_sprite_loop.png
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/ Frame 26C4 42 KB
42 KB 38ms
37ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/front_994x250_voegel-1_sprite_loop.png_1695026509831_front_994x250_voegel-1_sprite_loop.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8227c98e487f64f10143f209d9c28456ed437e4c1938df44d167ab5708ed200f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 17:27:07 GMT
x-content-type-options: nosniff
age: 434837
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42841
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:41:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Nov 2024 17:27:07 GMT

GET
H3 200 front_994x250_voegel-2_sprite_loop.png_1695026509831_front_994x250_voegel-2_sprite_loop.png
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/ Frame 26C4 26 KB
26 KB 43ms
43ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/front_994x250_voegel-2_sprite_loop.png_1695026509831_front_994x250_voegel-2_sprite_loop.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a83479b3d7d46e2791bf97a3f2aeff203c1fdf67e54a737e5870049e9b90aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 04:31:06 GMT
x-content-type-options: nosniff
age: 222198
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26254
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:41:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 23 Nov 2024 04:31:06 GMT

GET
H3 200 front_994x250_voegel-3_sprite_loop.png_1695026509831_front_994x250_voegel-3_sprite_loop.png
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/ Frame 26C4 37 KB
37 KB 46ms
46ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4860974/front_994x250_voegel-3_sprite_loop.png_1695026509831_front_994x250_voegel-3_sprite_loop.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5993446c48c18adf7077df5ad327811f386261239693c889db7a0f2368c38347

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 17:27:07 GMT
x-content-type-options: nosniff
age: 434837
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37761
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:41:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Nov 2024 17:27:07 GMT

GET
H3 200 flagAG-970x250.png_1695026509831_flagAG-970x250.png
s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4933729/ Frame 26C4 7 KB
7 KB 47ms
47ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11111642/s0.2mdn.net/creatives/assets/4933729/flagAG-970x250.png_1695026509831_flagAG-970x250.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8408cb444438bb2b15ec0563ee4df596c661d038f4f0af22b0703aa4c2faaccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/index.html?e=69&leftOffset=0&topOffset=0&c=C78F2N7oj8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 16:26:26 GMT
x-content-type-options: nosniff
age: 438478
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6727
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 08:41:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Nov 2024 16:26:26 GMT

GET
H3 200 MuseoSans_100-webfont.woff2
s0.2mdn.net/creatives/assets/4466103/ Frame 26C4 17 KB
17 KB 24ms
24ms Font
font/woff2 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_100-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80517662352655810cd94d92070d02d75b231c2159cb5b92e6c9b6ceb1bea2d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/style.css
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:59:26 GMT
x-content-type-options: nosniff
age: 898
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17148
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:00:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:14:26 GMT

GET
H3 200 MuseoSans_700-webfont.woff2
s0.2mdn.net/creatives/assets/4466103/ Frame 26C4 17 KB
17 KB 25ms
24ms Font
font/woff2 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_700-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13100828894569693184/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2408e86e87c5df52e8160530980e94acf40b083adb5f330abd9ad21b5b5f65e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/13100828894569693184/style.css
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:05 GMT
x-content-type-options: nosniff
age: 19
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17804
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:03:46 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 18:29:05 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 26C4 8 KB
6 KB 63ms
63ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99ebf6f970c9f2c4b831666c5677a6de4a4896db819fcfafcced097322836563

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:24 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5946
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 76F1 0
20 B 174ms
174ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BGELQ_4pjZdzkDYL6gQeRkIfgDAAAAAA4AeAEAg&bg=!3N-l35DNAAZxrfrxUa07ADQBe5WfOLGMYGDM8MtV1nj7b-zwq5iF-00Jlxm4sNWvygFs1z9unTVG9nQ5-5QSPQoBn5cBAgAAALNSAAAAAmgBBwoAg2DxbfAr4xLk7wl8_XfQhbufy7uiDB-M5DS0i1xEk9s7ubFYKY4QRIFcu44jCScxb4CeQAE0Ff2JDW0UxNPgmp-irGuev-XtvxCqObJHg9Yxe8kB-3UQAtFeTq4Kq8pXs8gWB_Dd6w2C1h-CVqTDuV6c6_hPkP6kdFKW6q3mZfsbANxumQMK0uMsekMn34Zrs_y1vP1nEksHH929n3RKo2cCDScR0R0I8i60eWTQqz-HYjMyNt6UsLK_HbBPyOeLJMCj0moEOZPvF7YsqaWHm7J5OLQXN-VKtYlKVdDK3n190pc2kWUTzKWDZeeW7T2pYrTFv3wcsG1vFLLr-gWtsuIsZ6r8GEHitFw4FRub7_n0FWfKjEPgSGgVziea8g7R6bVPgVWeIFLUIjNhefk_vDWaMbeGJCjgjF25E52T2h_kcbpQcBAHvExZqRN-yZ6DCjIh91e7wHGCRZBVrDUF0hRTd-EGP3WTSp6j8OkyiLQTWU9RuCIspQXfoIEELYXAx-Uz9oNqsXtTNmldiNl71kQ456tBiSyE1cHyjo6p2egF56r6SdQUZLkcJqBeizYDfkCbnxWw2ZSVqJaEbUCyaxlEdbX5Moc5ttKwMoifD1_7bYWdO7pAbdg7u-Whf5R_L0EY1BBD_ujNwYqSYdILFK_2x1ipjXmFoaIZ7os-bN1xGJewZ0Xvbfo2FbKzSMmIzhLIs69ZkLAKBbk7PWMa3FKH4E-EercgZlQOoSGiZdwlct278g8y--hfRRWKjZ8qvPAtNR3uA00gvF8QphKwQYeiHf_Lh_KfRPtwuOoPYZ71_AgUQvEfWHxviCKR4JnLfzF-CjdNBDnAYvl9IySm9JcuakFeWzf6udL5GvNonW9sUo7gxN9pA4ia7XK794FKnhnduUc8cajJwTzxY5MATiesOEUh9mRRSKKi3Z0Md0rEocmFDIaVeRIAyZgDqty1UbunXMkrWiXpeRBrdIwf-FVL5vvvk1zf8f6DX6_qtTS36bFzIEf2z6EtG1nhG3vprrPwC78S_jmAJ2JMlVjkMalcwnDMF-oYIS1TjuethIp6uT1nna40vZniQrJfSSBHdpmaeE63vjCvM0bvvVtJLVIs3mZDs7EAQ25Mvqdvskhf_k4uFeDDKIoTPMKkuL753j8J0G3GgpPb6AzAimpbyoSyyvKGNt3H9V097s1f_XcpvWarRY9utzgkxJVqlIy7tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 854A 478 B
238 B 65ms
63ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CICSjpAFEL_Xk7MFGJ2mn_oBMAE&v=APEucNU59hrU_CbEe_s6CjYnCinMNucxSrOhm78GFH9SJmRiSK08HGbGgH9xDVaKxeJfKMd0WiLb9XgB2Y97Xt1nHgJEaY3kvw

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 18:14:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 43A8 89 KB
31 KB 114ms
112ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 18:14:24 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 43A8 42 B
63 B 171ms
169ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DlU6e_RvTVyPJMiSnwlwxqXYIZMp92foXOM3Isr1dSoOHOwjhZi5nquz3FH81Edz1T8Sxw7b-1K0q1IFrjvgRlXKpGZr0LXoIL4vR7TxoTl4tDZE0

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 43A8 0
20 B 172ms
170ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11119664449793097701&x=1&ct=76

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 43A8 3 KB
1 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28661
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 43A8 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7025
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 43A8 0
0 30ms
28ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTk3kNfkX8hInXfOCjnBUkbvaNp90VKxpba4ck3ShpJLdc27rrbqEc7vFswFEhzjFY_-S0qBfxbjaS5EUabDG99O-F9eQ
Requested by: Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 43A8 202 KB
64 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Nov 2023 18:14:24 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 985A 17 KB
6 KB 85ms
85ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 26 Nov 2023 18:14:24 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 26C4 17 KB
6 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 26 Nov 2023 18:14:24 GMT

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 854A 170 B
188 B 43ms
43ms Image
image/png 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICSjpAFEL_Xk7MFGJ2mn_oBMAE&v=APEucNU59hrU_CbEe_s6CjYnCinMNucxSrOhm78GFH9SJmRiSK08HGbGgH9xDVaKxeJfKMd0WiLb9XgB2Y97Xt1nHgJEaY3kvw

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 854A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1

43 B
731 B

40ms
39ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICSjpAFEL_Xk7MFGJ2mn_oBMAE&v=APEucNU59hrU_CbEe_s6CjYnCinMNucxSrOhm78GFH9SJmRiSK08HGbGgH9xDVaKxeJfKMd0WiLb9XgB2Y97Xt1nHgJEaY3kvw
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WodKx4qXWerBFJefw1eWMQiWmu8DdBW0wLxRBUJRepyrDkATBinMp1WrkDtY03W40vhBCT0vExLqSCqgeCN%2B2H9NlZYRT2V3%2F8O1bGxei1T08ajU2G1VK%2B249rveLGQ8CefF4Rfq4VwLrA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c41c61e83f01e7-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 854A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWOK-80lH6xRrrEu1AxxfAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1

43 B
735 B

49ms
48ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICSjpAFEL_Xk7MFGJ2mn_oBMAE&v=APEucNU59hrU_CbEe_s6CjYnCinMNucxSrOhm78GFH9SJmRiSK08HGbGgH9xDVaKxeJfKMd0WiLb9XgB2Y97Xt1nHgJEaY3kvw
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pjg4bSZKnMSI8eMZnI6qukxjmnebaejQogY3e%2BR5aq60yrYmVbXR4qFMLS57WQAZCDP%2Ffkj%2BMWbvuzIFBh7zwKTqQeq%2FB6MaoUmyUsXKqJ7ZBgpLE5diyeI5GS9zKR7bwb5l4dc7JPxEfg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c41c6258ca01e7-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcuyc243chqJMmQQuIS0NM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C0CC 0
20 B 171ms
171ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BaQqp_4pjZf6zDsjVgQfTj7zADwAAAAA4AeAEAg&bg=!nZ6lntHNAAZxrfrxUa07ADQBe5WfOGvF1D8kbQWtnkdi83GChzzJtKsIOiV3pRe35t9I9SLPEApJf62-HVkoCZGW8f9bAgAAAK1SAAAAAmgBBwoAG50u5ykCt-Pt0lieFhlCoRGlepz6nwbYGNcdDZkDBhAvjGbF1J9v6CEJ9pZ7uqoSlJM1GJrgZPsquimQcWM7AM_ev7CxUZmnJYEQrsNrjssXnMtdKqDllPBD9p1KAT-_Tufqrasj0g2zw5Rv2sO73MB7_qPyapd79X-4QoT2YY2MVL0KPD0T_tVyAbyywZiJV6xrMve8VC1sPMYCAd7oorv0uldQyF_xisp2ONKk67DU-PI_ZEQ1RcvOltsor2erpT7QLGovuVqUrc_CVA3y0mtq7UQ5hdq9jYz5bCtzz5e_cjXCHy1iQEpgnLgDzKlG7n6rLsyFCr2N2_VyAXVstyBqdRJvvkEsD9SmBTKlKTALVNExe2DrDzxVLckFctdZ0oaDzbDNa2NfWSizq-2AKSYCj1qJdS1Vt4ocoPP6rtFNaibFNHpRdGyZuBOTS84RVfRegCFqdwpjwhGU7DIpsl9UrsGr4F-XZrFM61_H-ffB7hT2IXof1oAQ-osjwTP2jyayXfPIZyECud2NwV0MO8x-QedOsujLSCJxb1X014WG8XDwcw2cLPeY_z19mGPKIQRWzjCJ5kkj-TjQelJ-LsrKtOifI3_xZuOTbp1YtqpbbqaoANCxbH36r2s2olPLOxkC1w1SMoWF2IsmRyLf91qpQOCO-CRzF4qL82PEcmzw81KFrMIK7el9M7uKwf2wRsFSi5oXaVGjdGep-VGHIctYTp8hD9P9CLX86_xmj8FhR3H8Abq2plCAvE5iCQFn3P889Doa-80LnOAoGkqo9r_g2pH2HvEKIoOy1gyGGsxgY-E1rjxabmFCnl5NVRXq9wOgAvADI57RJI2lK02w3uikm7w7z9SUWogYLcmQokj82laf47k_VGB4KSxvwK9Op4azKsH3EiYtIN8hZ0TUhIKdOzQlEkU2sSxOBJTH-MhVM-IeGNwISrmpN6mvebvPEVPeeccKrWO6KO2xdDu8F2skxARO4uQ_DO4OdZz_z2eyoHWOu9MjFl3BkaS1Au2I-UBP1fSoyy4njCEPS_Xpg5iDc8Jx0w8OiVgBF8PM4qcQr-TTkw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 43A8 0
20 B 164ms
163ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4596230834272&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 43A8 0
20 B 163ms
163ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4596230834272&version=m202309260101&ct=76&x=1&cor=11119664449793098000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 43A8 90 KB
38 KB 78ms
77ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AkNqEc2L1EZdXMuLFT_byNmtUjMafVS3Li_Y8aCTp1d7JK4sY-Xi1JotADvirul8aqR5ScMP6BkvpO3eFPmbjK7EXiQtYYXjpq5-y7URQBKR-Jm9eTVLFJ6dtYWl3BZXCGHMfaDje6UQ4dGnyo4cQPxIt2BgcqRILUsbd-QpZSDE9QlqY&dbm_d=AKAmf-DzAL_FrIGXoJUzZDxNoovXkwZ5mdjMg7d-RGs9F3Wk4-0X10UfyLT3wUHxOd1VIvi4RFLtsJNBiBxht_0eisY_ccnz9Q34knOgCB5CPZK8j3HhacDBxQQFnRhPkTfW7Bi14_Vz-UAwNgqXQAhM1FoHnFd-rsu1Hv02MlyiN6uZ8YehCUcCVfOPD1gUUrSqe0pY1BoPNr6LZ0VDXOuCoe5Ki1KjNbm7nUdnISc0lKd-oFl1X-3uprw8WE0nyO4_xS6TxxCKqWO3sg9yDiqMF1OzYVvOOFFQZ0rkcdd17X-tdihmp5iVMDhbhzo9H4rR1T8CYqhfZvffNkSPjUyclxN0eUcZflGULoh7CifKBeJMMVy23FWTiikp7wC5WHpq5PmGV2dgww8FTHP4vBe_OLPEBVGbe9S5U9lgtEfL2ukFcAmfwCAwmnsXFJYDoTPE1BRFiuLLQsLVq0BVOM4pAo3cwU9RD6RL1SUSbQkp3u4nWWlsKlQL_d8AFFGQpDyjzEIo-OsdWKoE_qrstF7jUd-DVpwTibwBvp-OTnvxZ5Qhg1LVPYiWgjpTOWAujEYa5iUcSCg5WpoLxBRbK5QYgwFcxbEEueuz3hKk9PscKgtbsImau-ISK4gijsE-DTLKqIkQILFSAjMd24Bpz-szdfxvGUQd0rINf2bHuGSBuWw9Zf7U-G2d6_EIiiKdp7IIaZGocXw3iQt9tU7dVxEKKEIdbPiBDOSoceI2PEjRHEOOkzseJ-yCTu-KBjvy6YFMnluzuXo-IiKMEv0z0iYfiFL3HDxR04E2FzS8tIbF-PYbZWZJj0lYVzzpOII8j251yq-fgEq-qox-6fz60md6hoOuR1IU0sX-WMmxx5pe25by5ppSIQzucK8b-0RSLA9cXZmoiWhAwCvAwRKyjFaDrJS_12cJvTeR0KhNkiu1VRGZ42cDdpm6PZm91SAUG1bBQK44SzpFtBtIUwp_sdAfh6qOreQti3Xar5RnNFiF9imfFZM_So0HmYYwLWotsTELPItNnOLE22XbHbPqeYQCPD-n02LGWBANYWV2daVg4ePeHdum-nKVfLvG_VocLBzE22d5d0sb8WesYprIewkC9XktitayVmMRuwiila0jPyWf9GgQw7t_lfBYzL-Ilc9rz7xCMe8SWtQIscqv8JJW_iEvzUx81JkUGBvMcbHWt69RTw4RNywp1wu0ChV73S47sKC8hOqdX9LhU6puAi2GDQhm1B3XqivI1XoGa7MRYKvIsqu38eXWLYgGxlXq3LzQ4RdlYiGyu8mTkoe5jPTZGIjS2gG6ZxXjCIXmvdnSniV43dDulkQ_ggPxMtwvX558z_FCu6FcE0rkz10K61xLVEVDEtfdPG07rbwC_ajDL3FO__bzrGbfpUQ50fnszNmeoN_MZg48uqUmOzQbnkTX4c4RqTIS-M2auqVfkx-LsMzPF8x59xh0wemBRbAr0FlJ0e2jAlT59BmMyXyqaxhr-38JYgFJZfkrZUjyyLb6QFEaarwZTVBJ8exQxkPk62Cm7pQYD-ctan7UZ98D6YY4Ed02qwU8nosKjQwAqgvVi1q7sMMZ2MW-oH-nHC3h2dbsonttFuMBkgaA9OYdbqzYV1jAAQg7dpLBoZyc8lRCT_XAPM-heuYG0HaMOS12DFfiaplLk2oKy9p7pmNnPaQcjU3FvlH4xBzvK_OoIWUAl_n_A-1wKG-0ySpe6Wdizbx07ZA1ewfevZkj2H61-TY7rM3mheWretpsD9JJj905m1-eFH9ZRvqcwNKXwSA074pHGr3gahjdIYus_HD55P89Yz10Cl0cl0ExQhy2AiZ7m6RtLoZJrpMaVKJWAfk5DCEvLqe-RupxnputDxdgg2mtOFg51LKNai8kxTyPSTiQZq3vUoxtTvVCdz-mq4IslS7ACaw-xJTIy439cthy24SDE7aBKkIxucQTzlEJCcCOq2s4UvxnZvv9Lb2q3tJ_ikGAvtlFEsjVjDL_xxI3yGkLJ5eXynvevji8tKiNyf5A9dCl-wXQljhktImc65xrQKXsaBX6rCOtDEcyjJ_zKNPxHPOG01N4G3ZueL6GYEWTB44bcsHYWzZm4Dud58oIioNbdEef0o87LeMXAbp23uA9xjkXs29qmVnaKPjCqrSEuuR-pKPsJA9lY7WKficktKT5jGpNSp-xpEciU3nySo65Kna3v90w2ocIBrWxcLkP4LKAr9DBORyuG5RfdiPN-AJikbwLupyvM91dg1hTBfxAJW7iSNO6cMBU2npX6SiHEB8VmxqsbNPQBOS_225m4gnsISOaW-2ZQpTsulY6J7ZtLllMV4GDCktnil4Ukk8ceGA1mngiRvMEDeIS6aGEusprTxMweTa1mKLNktv90_4zppRQninybhA-eUttPDgpwnUOBYoIJsYKZr2hHMtWONRZ4HWZNm_skMjy565mAqYzegers1TM3rVNt896MNo9Iyze0AK3qqfgPFT9JbeDTmai0J8CAtXlgwPuqEP7e89z84GT23sP4dx0Dv5DL0puguR8N8ddlCp0Y9TFJ4E68o6aqj5ECy2XtalUcPLPNmkJClhVD1L6TqKZ9pDRzSJuM23NZQbKjtkmJBvBuGuVN2hfaN9fwRNz5_uLYtlogTTiMM10royQWvCidS04n3LYy6DsvqzcqD-Yn0U4ZRf3k8bgWBu51Xsofu99emToGErPyPYWNaZGAQiOF8YRTjp9rWs280-j9NPc9pLUmjojj8KVpiuDFMq1MV5SV4b8uA6moJ4-ueB3oqVJaVG3iglh9kUUb-Ybo7CULusRDtN3LHbQpB-vdLp9rdhwvzWRsE0h6kVkrY1cKAkKkFb-CcEFXQspsOtNXuNXj-ddz3mCkEn9KW0r464Bl6uEJNqfTE6ExuKSt9aE-E20jKymr-stjR-1yQsJNo-da2v7qm6NEi5dH7tfqkNULaNT1XQOwO1y_iXwmKa8YCZYTUb5QV0ei9O8blOQvs1Tb1GjTdlrSxlCHu3j3Uuw6z-SpB48O0AyAXLOPDudyeJpNSP_2l_IxUukfstZ-7_GBkb4Q8vB3uDhn4DIw0_i14PkI3D0naUgmd-3GEuechP_ssQi9iLtKij1krnTBdmSHUZ2Byh9cd0cftYiI6L5oD7j2rzEQFM9nd-1HcpjLNB1tm3FgnwyFaCKPLSm3HqZkA70zwK-a8SHdnj5GJoE5-hGOCrltQvhmSoHQFsKpC9EcU23CI8hwkpZN9x6pNavnTjTa01Kke5dnPircGwjmGyLLo-Q--eLvBnzJ_rSvx76IHuc-vKEw6XjO43BteS06TJI7Ddbw61nfBP63dD6eGCVunTei-60mz3QC-rrlMvic_z-h-l4V3Cpu6CoRtzeWE5EQu1XCsgLebxP2cTJUBM1zZLZoGACAyO1UKsEupXISz7HlvetLv6FbsZNPSMWV5b_eXRu5ISUjxnuL-6aXTBscgMjdAlfUxrsKKS1E_CMuHo6-UctrKW9F4X602xNirD4mgdzinCmDyc8i39R7Yk1DBlylEwYcqXH2U_-3oWImkPVks48MkJcd4oupUq98sYMqIPyEjBAu_p8ROYbgKefdtKyyq3iMNVGbm8Pfkit4UVj63_e8vDp1MW2_HgeXpz_ug81AY5Ih0ToSE8EFC2vxjZbVPrrRMmq3rj7KZXRXMMtF_uu_lHQS3HptFJ89yrOQRgq2D9IFHPgUZvjOqW-h7Zw0mQUYxJM-2VXab9wzufaAloCUEACNO18DClel0iNbMjk9p5249hCW2l2zXdzD2S2mKZzAtDVrT3XaPSiyfK2uhdwyJUFVEX5Ei8L6S-B7D-fFA94Y493BnE0XTpjjVyS8IyIgrRWwm5YQWlhhyQ-S03TFDuPm3dHEMelFMI_GcfaR4boYtloakh1M52mJw589-BEUeyhT8p_OL2Qpc7D0uWUdDreLQfkqlhc7kx40hEFMJMY7ghUtOJhirCS-N-50wb8wNod-KjiiA&cid=CAQSOwDICaaNr9UtvLOLsFzD6h1v_dyQx8l-YogOygc8Psz8-e3Q9tjJ7Kb7uVluuH0djCDEC_-2S-ts6h2KGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.file-upload.in%2F&ds=l&xdt=1&iif=1&cor=11119664449793098000&adk=943508955&idt=121&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4c90b0ad1755b4eb30c42da08e2960f6203fdc4dbab86c4903e839855e3936e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38437
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2B49 0
20 B 170ms
170ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bk93b_4pjZa7XEMXE7gO5uoOADQAAAAA4AeAEAg&bg=!VlWlVRrNAAZxrfrxUa07ADQBe5WfOMGfvcaUV1xrMCoz_iWCwshOHTTejoyL3j4nTV4wskQtbi8u7qFAHk8XMkKGCU_rAgAAAMRSAAAAAWgBB5kDAbr2XN0j9gZlFUJn6qsAO4JCy7JMM6qpumRbAlLQngluuCipgs-ILtv271So7gEy96XJTzx1bx7cDv6j4RnXTltDM_T_eZx_0kyycn3ees6GdcBoYODyHp_Z4U77sjjoBYJjbhHVCHnyCzg8pviJwTuPBBEqHkDaRzivaJmU97_XIfK6RFzzQJSaOK4uoYgb5witwlORpfzH2YjT7wWwdYdi2Kknd11R4v5E68fPonL7rtTLf_YBC1B-jSu6BXQGPRt_fKkkVSx3NSdZDRAppJt3txpi167Mtyc1io6KDGH5Wm8imst-dXbvlZtJaBvvGUy8uKtayqd7GLnLriM8Kky1TvU7KW0FyWYwjO-ekwyBTuvAus44E1Wigw1FoC-JIky7Mdhbjl3uVEtHai6zbxxlhxomnGCfL74rEgZhg_7kL-sw82aceJMT3B6DL-Q5dFAUrmu9kF4nc5yzVmNk8MfmTlDMJiPUXKJqriYe_mLNghqEd2YCBO3mFozNFrSTpsErUZ_F2zDcwwLwXEBw7cvD1AV9s6LqqWrGOilzy9qu4Ghw80zZeI__ahtrBdkh6Ms3IRjZtiOOH4i1NL_h56JTyZ47ctmLngGLgDP3H7IJWQUrvNMlDL6Hk_nZnTM62wxZ5DaAgyYNnbUmeMuZoshHYYhF0W-17j0tZh7UP31XORa5g0SSnhUKKemvJhmk4qgJWxGP8zzA63aJ0ECLh_XWmopmVuymm3f0GFfnW2UhbrJ8sSwiJT-9hXLHGXi0ZE4WEHiSjKSCSz4w305B8o1ItRSNW-6SSHRMTTJFVonkUbKSa3lUiFDTasknNttGm9rXVFTlfUYQ1x5RPZeUXcaCxgSa49V8U9Ctuy6GLbdH3bL8ggOH0LrU9WrZPYo0UanB2mXW4lTUKSYraPcMz3cvAeq7TT4cB1DoUZ8nSnz5ugEbhr3nMyEXlZ_3yzM7Dj5bxcW-qelKL8Sikq-x-PoyNEAzgd8gb18To3OGxTUcPXwnWshWRc7IZnkln_x7tM4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame C2DD 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28656
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame D13C 39 KB
15 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28656
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 43A8 111 KB
39 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Origin: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 07:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38036
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 07:40:28 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 43A8 11 KB
4 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AkNqEc2L1EZdXMuLFT_byNmtUjMafVS3Li_Y8aCTp1d7JK4sY-Xi1JotADvirul8aqR5ScMP6BkvpO3eFPmbjK7EXiQtYYXjpq5-y7URQBKR-Jm9eTVLFJ6dtYWl3BZXCGHMfaDje6UQ4dGnyo4cQPxIt2BgcqRILUsbd-QpZSDE9QlqY&dbm_d=AKAmf-DzAL_FrIGXoJUzZDxNoovXkwZ5mdjMg7d-RGs9F3Wk4-0X10UfyLT3wUHxOd1VIvi4RFLtsJNBiBxht_0eisY_ccnz9Q34knOgCB5CPZK8j3HhacDBxQQFnRhPkTfW7Bi14_Vz-UAwNgqXQAhM1FoHnFd-rsu1Hv02MlyiN6uZ8YehCUcCVfOPD1gUUrSqe0pY1BoPNr6LZ0VDXOuCoe5Ki1KjNbm7nUdnISc0lKd-oFl1X-3uprw8WE0nyO4_xS6TxxCKqWO3sg9yDiqMF1OzYVvOOFFQZ0rkcdd17X-tdihmp5iVMDhbhzo9H4rR1T8CYqhfZvffNkSPjUyclxN0eUcZflGULoh7CifKBeJMMVy23FWTiikp7wC5WHpq5PmGV2dgww8FTHP4vBe_OLPEBVGbe9S5U9lgtEfL2ukFcAmfwCAwmnsXFJYDoTPE1BRFiuLLQsLVq0BVOM4pAo3cwU9RD6RL1SUSbQkp3u4nWWlsKlQL_d8AFFGQpDyjzEIo-OsdWKoE_qrstF7jUd-DVpwTibwBvp-OTnvxZ5Qhg1LVPYiWgjpTOWAujEYa5iUcSCg5WpoLxBRbK5QYgwFcxbEEueuz3hKk9PscKgtbsImau-ISK4gijsE-DTLKqIkQILFSAjMd24Bpz-szdfxvGUQd0rINf2bHuGSBuWw9Zf7U-G2d6_EIiiKdp7IIaZGocXw3iQt9tU7dVxEKKEIdbPiBDOSoceI2PEjRHEOOkzseJ-yCTu-KBjvy6YFMnluzuXo-IiKMEv0z0iYfiFL3HDxR04E2FzS8tIbF-PYbZWZJj0lYVzzpOII8j251yq-fgEq-qox-6fz60md6hoOuR1IU0sX-WMmxx5pe25by5ppSIQzucK8b-0RSLA9cXZmoiWhAwCvAwRKyjFaDrJS_12cJvTeR0KhNkiu1VRGZ42cDdpm6PZm91SAUG1bBQK44SzpFtBtIUwp_sdAfh6qOreQti3Xar5RnNFiF9imfFZM_So0HmYYwLWotsTELPItNnOLE22XbHbPqeYQCPD-n02LGWBANYWV2daVg4ePeHdum-nKVfLvG_VocLBzE22d5d0sb8WesYprIewkC9XktitayVmMRuwiila0jPyWf9GgQw7t_lfBYzL-Ilc9rz7xCMe8SWtQIscqv8JJW_iEvzUx81JkUGBvMcbHWt69RTw4RNywp1wu0ChV73S47sKC8hOqdX9LhU6puAi2GDQhm1B3XqivI1XoGa7MRYKvIsqu38eXWLYgGxlXq3LzQ4RdlYiGyu8mTkoe5jPTZGIjS2gG6ZxXjCIXmvdnSniV43dDulkQ_ggPxMtwvX558z_FCu6FcE0rkz10K61xLVEVDEtfdPG07rbwC_ajDL3FO__bzrGbfpUQ50fnszNmeoN_MZg48uqUmOzQbnkTX4c4RqTIS-M2auqVfkx-LsMzPF8x59xh0wemBRbAr0FlJ0e2jAlT59BmMyXyqaxhr-38JYgFJZfkrZUjyyLb6QFEaarwZTVBJ8exQxkPk62Cm7pQYD-ctan7UZ98D6YY4Ed02qwU8nosKjQwAqgvVi1q7sMMZ2MW-oH-nHC3h2dbsonttFuMBkgaA9OYdbqzYV1jAAQg7dpLBoZyc8lRCT_XAPM-heuYG0HaMOS12DFfiaplLk2oKy9p7pmNnPaQcjU3FvlH4xBzvK_OoIWUAl_n_A-1wKG-0ySpe6Wdizbx07ZA1ewfevZkj2H61-TY7rM3mheWretpsD9JJj905m1-eFH9ZRvqcwNKXwSA074pHGr3gahjdIYus_HD55P89Yz10Cl0cl0ExQhy2AiZ7m6RtLoZJrpMaVKJWAfk5DCEvLqe-RupxnputDxdgg2mtOFg51LKNai8kxTyPSTiQZq3vUoxtTvVCdz-mq4IslS7ACaw-xJTIy439cthy24SDE7aBKkIxucQTzlEJCcCOq2s4UvxnZvv9Lb2q3tJ_ikGAvtlFEsjVjDL_xxI3yGkLJ5eXynvevji8tKiNyf5A9dCl-wXQljhktImc65xrQKXsaBX6rCOtDEcyjJ_zKNPxHPOG01N4G3ZueL6GYEWTB44bcsHYWzZm4Dud58oIioNbdEef0o87LeMXAbp23uA9xjkXs29qmVnaKPjCqrSEuuR-pKPsJA9lY7WKficktKT5jGpNSp-xpEciU3nySo65Kna3v90w2ocIBrWxcLkP4LKAr9DBORyuG5RfdiPN-AJikbwLupyvM91dg1hTBfxAJW7iSNO6cMBU2npX6SiHEB8VmxqsbNPQBOS_225m4gnsISOaW-2ZQpTsulY6J7ZtLllMV4GDCktnil4Ukk8ceGA1mngiRvMEDeIS6aGEusprTxMweTa1mKLNktv90_4zppRQninybhA-eUttPDgpwnUOBYoIJsYKZr2hHMtWONRZ4HWZNm_skMjy565mAqYzegers1TM3rVNt896MNo9Iyze0AK3qqfgPFT9JbeDTmai0J8CAtXlgwPuqEP7e89z84GT23sP4dx0Dv5DL0puguR8N8ddlCp0Y9TFJ4E68o6aqj5ECy2XtalUcPLPNmkJClhVD1L6TqKZ9pDRzSJuM23NZQbKjtkmJBvBuGuVN2hfaN9fwRNz5_uLYtlogTTiMM10royQWvCidS04n3LYy6DsvqzcqD-Yn0U4ZRf3k8bgWBu51Xsofu99emToGErPyPYWNaZGAQiOF8YRTjp9rWs280-j9NPc9pLUmjojj8KVpiuDFMq1MV5SV4b8uA6moJ4-ueB3oqVJaVG3iglh9kUUb-Ybo7CULusRDtN3LHbQpB-vdLp9rdhwvzWRsE0h6kVkrY1cKAkKkFb-CcEFXQspsOtNXuNXj-ddz3mCkEn9KW0r464Bl6uEJNqfTE6ExuKSt9aE-E20jKymr-stjR-1yQsJNo-da2v7qm6NEi5dH7tfqkNULaNT1XQOwO1y_iXwmKa8YCZYTUb5QV0ei9O8blOQvs1Tb1GjTdlrSxlCHu3j3Uuw6z-SpB48O0AyAXLOPDudyeJpNSP_2l_IxUukfstZ-7_GBkb4Q8vB3uDhn4DIw0_i14PkI3D0naUgmd-3GEuechP_ssQi9iLtKij1krnTBdmSHUZ2Byh9cd0cftYiI6L5oD7j2rzEQFM9nd-1HcpjLNB1tm3FgnwyFaCKPLSm3HqZkA70zwK-a8SHdnj5GJoE5-hGOCrltQvhmSoHQFsKpC9EcU23CI8hwkpZN9x6pNavnTjTa01Kke5dnPircGwjmGyLLo-Q--eLvBnzJ_rSvx76IHuc-vKEw6XjO43BteS06TJI7Ddbw61nfBP63dD6eGCVunTei-60mz3QC-rrlMvic_z-h-l4V3Cpu6CoRtzeWE5EQu1XCsgLebxP2cTJUBM1zZLZoGACAyO1UKsEupXISz7HlvetLv6FbsZNPSMWV5b_eXRu5ISUjxnuL-6aXTBscgMjdAlfUxrsKKS1E_CMuHo6-UctrKW9F4X602xNirD4mgdzinCmDyc8i39R7Yk1DBlylEwYcqXH2U_-3oWImkPVks48MkJcd4oupUq98sYMqIPyEjBAu_p8ROYbgKefdtKyyq3iMNVGbm8Pfkit4UVj63_e8vDp1MW2_HgeXpz_ug81AY5Ih0ToSE8EFC2vxjZbVPrrRMmq3rj7KZXRXMMtF_uu_lHQS3HptFJ89yrOQRgq2D9IFHPgUZvjOqW-h7Zw0mQUYxJM-2VXab9wzufaAloCUEACNO18DClel0iNbMjk9p5249hCW2l2zXdzD2S2mKZzAtDVrT3XaPSiyfK2uhdwyJUFVEX5Ei8L6S-B7D-fFA94Y493BnE0XTpjjVyS8IyIgrRWwm5YQWlhhyQ-S03TFDuPm3dHEMelFMI_GcfaR4boYtloakh1M52mJw589-BEUeyhT8p_OL2Qpc7D0uWUdDreLQfkqlhc7kx40hEFMJMY7ghUtOJhirCS-N-50wb8wNod-KjiiA&cid=CAQSOwDICaaNr9UtvLOLsFzD6h1v_dyQx8l-YogOygc8Psz8-e3Q9tjJ7Kb7uVluuH0djCDEC_-2S-ts6h2KGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.file-upload.in%2F&ds=l&xdt=1&iif=1&cor=11119664449793098000&adk=943508955&idt=121&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 02:35:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56363
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 02:35:01 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 43A8 31 KB
12 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 04:49:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48275
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 04:49:49 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 43A8 41 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 93422
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C61A 1 KB
643 B 23ms
23ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 31749
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 09:25:15 GMT
etag: 48472445140208031
expires: Mon, 27 Nov 2023 09:25:15 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 43A8 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a7ca43a0fa1db3eb376497ac34e321f9646bd136c33a2bbe906112e4e0f4d1d7

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 6FBB 38 KB
13 KB 20ms
20ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 93373
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 16:18:11 GMT
expires: Sun, 24 Nov 2024 16:18:11 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame C61A 35 B
463 B 84ms
26ms Image
image/gif 2620:116:800d:21:de2e:c7b3:55c0:d5a0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENicraphzThgXB8_189-bwI&google_cver=1&google_push=AXcoOmR4jt67_5xcVAJAlZ57MJqK6Vh6BpA533lpQxDAJTEd2hVVTvIKF4-qcnNh0ZWi3j7dq8XlHPnDxQGgck85Z-NWuYy1LlwZ

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C61A
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=BiVjW5LvQh21tbMxw8twXQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=BiVjW5LvQh21tbMxw8twXQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmQ_1_pdWdUImgUsX983S0dB08zdOVqlO81aCm0UIlGq7eoiN7LNK_0TwWNKUUvzat57zEn3phscPDzUbBi82MLHAEeTNqNPVA

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=BiVjW5LvQh21tbMxw8twXQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmQ_1_pdWdUImgUsX983S0dB08zdOVqlO81aCm0UIlGq7eoiN7LNK_0TwWNKUUvzat57zEn3phscPDzUbBi82MLHAEeTNqNPVA
date: Sun, 26 Nov 2023 18:14:24 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame C61A 42 B
233 B 332ms
93ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESEIO_yWqga50fNk1f3HJPMv4&google_cver=1&google_push=AXcoOmS2DOgW6mOPun1FnHh6cDzpIlSyLCmElsMu2Swna7sW9JTfxaeq79ssZZZn6nLtr_3cHfBaccebTQYkUe84xJGiJMbWsrnPfQ
Requested by: Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 26 Nov 2023 18:14:24 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C61A
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAXcoOmT--aFEN1vgG_M4rTrP6aMsCMIHV-RSIRS8K-kqPz9ECXQUz7KNXyi1KK83b1_R6gzXRRqk3G-Fdk...
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmT--aFEN1vgG_M4rTrP6aMsCMIHV-RSIRS8K-kqPz9ECXQUz7KNXyi1KK83b1_R6gzXRRqk3G-Fdk0MNH8gHJaXM-82KWTTWQ&google_hm=c1932030-bc8e-48aa-...

170 B
188 B

32ms
31ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmT--aFEN1vgG_M4rTrP6aMsCMIHV-RSIRS8K-kqPz9ECXQUz7KNXyi1KK83b1_R6gzXRRqk3G-Fdk0MNH8gHJaXM-82KWTTWQ&google_hm=c1932030-bc8e-48aa-b733-87a7752e2121

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
server: sonobi-go
vary: negotiate,Accept-Encoding
x-go-server: go-iad-2-6-138
content-type: text/plain; charset=utf8
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmT--aFEN1vgG_M4rTrP6aMsCMIHV-RSIRS8K-kqPz9ECXQUz7KNXyi1KK83b1_R6gzXRRqk3G-Fdk0MNH8gHJaXM-82KWTTWQ&google_hm=c1932030-bc8e-48aa-b733-87a7752e2121
cache-control: no-cache, no-store, private
tcn: Choice
content-length: 0
x-xss-protection: 0
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C61A
Redirect Chain

https://ads.yieldmo.com/exptsync?google_gid=CAESENeANbtnr10HbOCfRQwdDgw&google_cver=1&google_push=AXcoOmSqlWrhoBh6aDrwzSaBVxCuSHgbE3UtYEUKPlj2XY3_MVV9i0FWV-Tf59uhIFAqVadiyTRhU8C_2D75nkbOqKmJZpThiBn-
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmSqlWrhoBh6aDrwzSaBVxCuSHgbE3UtYEUKPlj2XY3_MVV9i0FWV-Tf59uhIFAqVadiyTRhU8C_2D75nkbOqKmJZpThiBn-&google_hm=M0Z3eDFKSkJCMkpVT3V6...

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmSqlWrhoBh6aDrwzSaBVxCuSHgbE3UtYEUKPlj2XY3_MVV9i0FWV-Tf59uhIFAqVadiyTRhU8C_2D75nkbOqKmJZpThiBn-&google_hm=M0Z3eDFKSkJCMkpVT3V6UmFrbUs=

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmSqlWrhoBh6aDrwzSaBVxCuSHgbE3UtYEUKPlj2XY3_MVV9i0FWV-Tf59uhIFAqVadiyTRhU8C_2D75nkbOqKmJZpThiBn-&google_hm=M0Z3eDFKSkJCMkpVT3V6UmFrbUs=
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame C61A 0
44 B 728ms
239ms Image
text/plain 52.198.239.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEDBwQRZkFZekiMjK-mBo8Mk&google_cver=1&google_push=AXcoOmTlLoG1AAweMdFrLOaCK_xKl-2Etfsjl1Tt07llulx0gsXIJb7Vappv5Qfb0yBRuBoovlXhMEpcDv-9v0V1YS7gZjg_Hojr
Requested by: Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.198.239.233 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-198-239-233.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:25 GMT
server: awselb/2.0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C61A
Redirect Chain

https://trace.mediago.io/cs/google?google_gid=CAESEKH4LgBl2CCTckWZlYHg-sA&google_cver=1&google_push=AXcoOmSo8MHYsiPHvQu89jWTXbQKdKITjRKIelnqRL62CNnrs1rfo_QVHUBIJNv8nkdTwXKRqPV3EODY6DcvyTVSe2KBcGdQr...
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSo8MHYsiPHvQu89jWTXbQKdKITjRKIelnqRL62CNnrs1rfo_QVHUBIJNv8nkdTwXKRqPV3EODY6DcvyTVSe2KBcGdQrpjez1E&google_hm=f34e969976a...

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSo8MHYsiPHvQu89jWTXbQKdKITjRKIelnqRL62CNnrs1rfo_QVHUBIJNv8nkdTwXKRqPV3EODY6DcvyTVSe2KBcGdQrpjez1E&google_hm=f34e969976ae7c471vkt5m00lpfsutxk

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSo8MHYsiPHvQu89jWTXbQKdKITjRKIelnqRL62CNnrs1rfo_QVHUBIJNv8nkdTwXKRqPV3EODY6DcvyTVSe2KBcGdQrpjez1E&google_hm=f34e969976ae7c471vkt5m00lpfsutxk
date: Sun, 26 Nov 2023 18:14:24 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 249
content-type: text/html; charset=utf-8

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame C61A 0
12 B 32ms
32ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IM1WdBLH_H7ozMfk1WqhxP2_prUqJLbwztj4wXBcQTtboCYalp0PhnDSbRzXmw8Z0TRdb4mw

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:24 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 43A8 0
0 68ms
68ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvIoDD84gq3MmNpBiLjXuHu3UPGWwmQOzt5zK-rahAFz7RWGdjUv71uKpe_9orxVkzjZ_3TuMd57uzHLXr1AYeCjBt70jTCFuInGTLTVY87QjD41ElT-IQjPOVybVCNGacSEaROC_gmzZGmH8mSfNLNcbnAJiYMNEjAr8C4-N7QhHyAPK7nJ4RmkQ1GeI73nAxRACHOzB-hd8wnNtAnJUsCzIZS91LdJOL1Cxlrd5qrAqem1H1SHCNxm6mjy1GBE45cw-h034AQduAPSWNs51TZJWioy0xgIIm6bGiEcxXT54NutyGA4Tm7yKzm73LT6cLFY-_x9j-mjD9-kNx2oqLUHQNDSCuJzd_W8osYk-ZJuDCxWTdO_xIDC8LJCKfeHuqeXaHFO0q3T-nneXSQZI1th40vlCca002Fp4Rv5Y6FN0gyZowdyQMBUzvWNBye8gXWerwvQ75WzQzt8nLGioksoYrHnkKoZq63l7zNAW5hIcRCrehvuofpeckOdTCDsx8ZbwZGYJ4L06kzKJ_k6gVKRHEU-DT-BBRFHJe4FTrLnMInXEcFkFM5bbc5BDgddaBMEEh9XcaqHMeafgr8lVM7b6wSXJ0nYXC9-FUDhZlPRVOpJ6gMNLXlagKdkGSYKtGWn2zbxUvokmFMHzbpZqcs0oQMJ_z7rSwAsJiSBdoQzZvxnBKgEFTbPtkbghDmT2BMuajahWjAumB8_b6qAXNp0ch9EXPC8A5h3fk-f6QDIAZhH0-1bOQ5y2BOblBRsR1-_9xfjBkULmsvzD1NocZmSWkAgmFkqTrelfgAjU4-Ahi9M8xPa1DRG7DeZ9BYsSCoi6B1lxqn_asi9-hTSgTtEoQi9pbn16uGIwnD5gxoUYOGPnRybZaPHeRy2Jifb9pvzYaW7mLlZTy2cpgXpTKsfe_877a89_Hm_sIh5Pth__wFqrTUCsB4efU6jD-ucyR2PuSVoa7DpuepXjG3ew0WtBJKdRLMifMg1UZUzcZ3gl50vpJCw6lx6DpA1l4wbn4QJZN_VtCvmg1XPKh-MTvvr3pJ-ZSd7OlxcRfilB8-XZIdsnCg9j7ia_CGYjsNarWVNALgV-bDhm-mYQcLkQfcSA4QJaEDhQU6lmjPoPXqqvkUo9bOkvCfSJ8wrfT6ydPnqk31pBbiXp_i0N7t7y0j1oBJGIgL4DkfUmkqCSRD6QYTsCia_ccAb-Qr0fuj5In5Y0msN0foc1LBricnB8uUPseVYdtFh5AODqf60f8ILQ7ZYGa9J1qMkvdi-j6YkWUj0moBe19OFFt87T1QUXrHJu2knSZ61i68p0uTK7CzhoB2vG3xtA2A9PnKxBcRkThjGEfVmHS5yMtPbVAArcdMywwk3mLCUpQ7edzeD3q_hghL8AtqwlpgnQHVGbL3M4AXRZj_JUeXk1cfZ-c9E7GHyPThYjM71O1U55IPe4VImZ6qx8LRun7ZVg5-WN4oMA&sai=AMfl-YT-0OdORtsWacM-bN5HWj0FDX2D1L6K8bgt-0o0nHtOKDntuJPn-sHneS7xDC61LFu-ZA4psOC6HMjfljbULyqVqgahT-DZ70kPReJHEVW0_rWhiJupCtAdmV89_4uS-8KihAlFfyYF8fKoogPRbODaADAAJZ0EBMF4OM5AN7QaxxqmFyfyLL--X9o9UA-B1-aleJKHSyjnw_payUwYg02bUhDtT9T3_fS9orXhmu_lydvSKFVl9Xlh1IKnqW9NiAAlrksOn8LmlSLLSSWeMKrqjPseat4&sig=Cg0ArKJSzPKGs2bGvZlDEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=42&cbvp=1&cisv=r20231109.80765&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 26 Nov 2023 18:14:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 4532404259925179382
s0.2mdn.net/simgad/ Frame 43A8 32 KB
32 KB 26ms
26ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/4532404259925179382

Requested by

Host: 9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
URL: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba68b1ac5a88f445afc8ed51db9c593b1b7d0531587b3a6af76e0f23b2cae065

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 12:00:34 GMT
x-content-type-options: nosniff
age: 454430
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32465
x-xss-protection: 0
last-modified: Wed, 11 Oct 2023 09:04:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 20 Nov 2024 12:00:34 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 6FBB 39 KB
15 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28656
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 43A8 0
0 57ms
57ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvIoDD84gq3MmNpBiLjXuHu3UPGWwmQOzt5zK-rahAFz7RWGdjUv71uKpe_9orxVkzjZ_3TuMd57uzHLXr1AYeCjBt70jTCFuInGTLTVY87QjD41ElT-IQjPOVybVCNGacSEaROC_gmzZGmH8mSfNLNcbnAJiYMNEjAr8C4-N7QhHyAPK7nJ4RmkQ1GeI73nAxRACHOzB-hd8wnNtAnJUsCzIZS91LdJOL1Cxlrd5qrAqem1H1SHCNxm6mjy1GBE45cw-h034AQduAPSWNs51TZJWioy0xgIIm6bGiEcxXT54NutyGA4Tm7yKzm73LT6cLFY-_x9j-mjD9-kNx2oqLUHQNDSCuJzd_W8osYk-ZJuDCxWTdO_xIDC8LJCKfeHuqeXaHFO0q3T-nneXSQZI1th40vlCca002Fp4Rv5Y6FN0gyZowdyQMBUzvWNBye8gXWerwvQ75WzQzt8nLGioksoYrHnkKoZq63l7zNAW5hIcRCrehvuofpeckOdTCDsx8ZbwZGYJ4L06kzKJ_k6gVKRHEU-DT-BBRFHJe4FTrLnMInXEcFkFM5bbc5BDgddaBMEEh9XcaqHMeafgr8lVM7b6wSXJ0nYXC9-FUDhZlPRVOpJ6gMNLXlagKdkGSYKtGWn2zbxUvokmFMHzbpZqcs0oQMJ_z7rSwAsJiSBdoQzZvxnBKgEFTbPtkbghDmT2BMuajahWjAumB8_b6qAXNp0ch9EXPC8A5h3fk-f6QDIAZhH0-1bOQ5y2BOblBRsR1-_9xfjBkULmsvzD1NocZmSWkAgmFkqTrelfgAjU4-Ahi9M8xPa1DRG7DeZ9BYsSCoi6B1lxqn_asi9-hTSgTtEoQi9pbn16uGIwnD5gxoUYOGPnRybZaPHeRy2Jifb9pvzYaW7mLlZTy2cpgXpTKsfe_877a89_Hm_sIh5Pth__wFqrTUCsB4efU6jD-ucyR2PuSVoa7DpuepXjG3ew0WtBJKdRLMifMg1UZUzcZ3gl50vpJCw6lx6DpA1l4wbn4QJZN_VtCvmg1XPKh-MTvvr3pJ-ZSd7OlxcRfilB8-XZIdsnCg9j7ia_CGYjsNarWVNALgV-bDhm-mYQcLkQfcSA4QJaEDhQU6lmjPoPXqqvkUo9bOkvCfSJ8wrfT6ydPnqk31pBbiXp_i0N7t7y0j1oBJGIgL4DkfUmkqCSRD6QYTsCia_ccAb-Qr0fuj5In5Y0msN0foc1LBricnB8uUPseVYdtFh5AODqf60f8ILQ7ZYGa9J1qMkvdi-j6YkWUj0moBe19OFFt87T1QUXrHJu2knSZ61i68p0uTK7CzhoB2vG3xtA2A9PnKxBcRkThjGEfVmHS5yMtPbVAArcdMywwk3mLCUpQ7edzeD3q_hghL8AtqwlpgnQHVGbL3M4AXRZj_JUeXk1cfZ-c9E7GHyPThYjM71O1U55IPe4VImZ6qx8LRun7ZVg5-WN4oMA&sai=AMfl-YT-0OdORtsWacM-bN5HWj0FDX2D1L6K8bgt-0o0nHtOKDntuJPn-sHneS7xDC61LFu-ZA4psOC6HMjfljbULyqVqgahT-DZ70kPReJHEVW0_rWhiJupCtAdmV89_4uS-8KihAlFfyYF8fKoogPRbODaADAAJZ0EBMF4OM5AN7QaxxqmFyfyLL--X9o9UA-B1-aleJKHSyjnw_payUwYg02bUhDtT9T3_fS9orXhmu_lydvSKFVl9Xlh1IKnqW9NiAAlrksOn8LmlSLLSSWeMKrqjPseat4&sig=Cg0ArKJSzPKGs2bGvZlDEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=75&vt=11&dtpt=33&dett=3&cstd=72&cisv=r20231109.80765&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/5cng0xj2jaea

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 CH_EN_Stocks_Track1_Range-2-ENCH-970x250-638326118677785326-26b1a8a3-7a8f-4f22-8b49-33fe21b525b3.html Show response
s0.2mdn.net/sadbundle/3978026277272551424/ Frame 503D 4 KB
1 KB 26ms
25ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3978026277272551424/CH_EN_Stocks_Track1_Range-2-ENCH-970x250-638326118677785326-26b1a8a3-7a8f-4f22-8b49-33fe21b525b3.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ccc0942757b3a89e163b2015721485b214afd0ab567332575f723799974f639

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 291721
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1418
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Nov 2023 09:12:23 GMT
expires: Fri, 22 Nov 2024 09:12:23 GMT
last-modified: Wed, 11 Oct 2023 09:04:35 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6FBB 0
20 B 171ms
170ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bv1_zAItjZZfmE5WnjuwP5sCJuA4AAAAAOAHgBAI&bg=!6Oul66TNAAZxrfrxUa07ADQBe5WfOFocLAY3dBXP9vCOnTqJOVtVBB9MxjSl-vNld0GxbuQPD5AQGatT1MRsDLuVwwodAgAAADFSAAAAAWgBB5kDDn-bYajlFC4SSPvcBXWnpD_houudOM_9gwN8n572uPRH7yAA49End0PRsecyOueChAtLJyO9sxZxDsmNK6XfsZ0NxoZ4f2yEXt2VDw3RyqNL3hnupS-LyTM1--QjKwDvG-mXN9xfxuGedrtToh6qZVL7L94KpQlKRfkiZN5XU2N7O37goKtGCCJWjnyL9dBAloLLcu087XXkEE5GhOP0xLGcENYlknDhUpFi9zjlvLSxiVo3yAB0rPtc-vew_mJmvJ3qegckXbrO99UuvdgVP9TPTKQ96KsL8fBL3NFPDl5ysw83YzvxPq7fbpSrY3a3B_It7V1XQBAVhIU8VuGeOHQz8MGc_8J87n4g-HP_l-E2N4z9od30T9dpKdUns4_gkHsJHkZ1A3Ow7VOXQHx0908i2jpQJ66PULBORp_yu_epscPn9MFZP8vHHKMuxyr2Asot2pZfGhyNltgl9aIN9NM5ITXL-SEZSu8RqLIDpz0dHjW8-lPeyuoa7ltTUKJy3cFcV2aYHXarbXj9zZnsQM6OQS26ijRqXYiHz7ILZw2VTy0KmctjFGxaV6a8S2fMjTmEhNhX3RKcWGlkic-n-cVxghLSZ7SzbJO4pWDKrEBk_8Fx2pp70luH_XrkckmHNj3lsLDDP5SjPOvKqaRRYcAPSaL37NUna69NP25Xr7Srdp0j-rv9iijyxlkaMsApvcjlQvFV0MQwG4KKq-PyeAHFTzK11MSMyMPcpUe8ZtjjB-TNtbJIzIVXehoBDX1QD99mtS0G0S9rrUMOzOsacrwra72wZk-cUbd7Mamwk6GX5lSzgS_EqkKsRKZ23Lz3sC2jcQVmwDqo0SQpdEgFHTP8BA9pIjvhPuLhd-EOdgNQ_LKauiOUkzz9TgVo-7J1HmKlK_4DN9ONTLmMIprJUpeHxhVb4oVvPQU6xm4begs9-kIDSr336Q8aTA2jsyCeYEcqZWRXDXql54NRPSkRlAKAbsz0vc_VHiA1cqKOenvow5hdSa1LklPXqSe8a4sePsG1IKTRS27CL-LrUAO5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 65266504843eb9eeda762f7e Show response
c.bannerflow.net/a/ Frame 503D 74 KB
25 KB 191ms
73ms Script
application/javascript 2606:4700::6811:c96e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/a/65266504843eb9eeda762f7e?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv9IUuA6HJ8c3le0tMucXBsVgCjOPG2Ypq7SHOrDZIQA05FmZHKyDxAo1LzykInxhuF8EEn071GHhNcM2g5E51FJK9AnVzfntYftX-O5vXD0Hrb6CheF7RfcM0bCECjfMZ4FOWWASLwBSyCGD5Gi6Kh1XwzY3xSSz2P60JKZzzKpqwP9at0Pk6IbcuwYKK4ygSN1LxyAtmOFJ904tYHUJSaETkeT1N1l71Gtxjd02xTvKpCKk5yvvBCwRo-hoPsYttUbAuBkf7tOr58YZYFeiR4zJzt8I2tqVzdYGFomikcp-EfHaAVJhupiT8WMWGlwVaK9C5oFVHSIeSHKE7B01A_1Uuq5xFCUh3A6kLKBSGNK5SS_FWcgvXGFlLlAae_Owfj3qdn6B6VcXWQ06KO_TReckNDLomZW0nAPVcutFrUTVsgAuiBQd8pktBkhneJbyKeoIAqr2qrBEDaLfx-EY7sYyzlzC3vpOT0kO7mswCEm8eY2Z96skxHZ-YrNB091j3_z0RGnMAVjB9RS2VUC_MD9P2S91GYk8UnKO9mzTAhxVKzeOAlS_QExqi7uH_i6gh57sQkYOaIhzNlvLC5ZSKSzpI69iQez_Sbuiv7tOvvAlsq8w07BB7OXKbLlJm7_1e_rfOlwQarWyZNemaCSxmenQB3DDv44HewYD5AL3b0m_rzXmB1YSoWhgLjxUHC38I5Vh6dvWHsvOY9U7unvtmz48DRpgNqlyddezLVIvHpO_DbeTmw-r0B9oYFH0-1RacAjoI_O6WB8-O_5_5T2iYK992_RaPuy36RmzutYuW_NX47SOFxiFS27X09nAiI4HnrwDTn_NUXvS7XbZky2Jtl0cmMuN7_1a23bxb1zUQt51GbhLGMvGXmVinSFviwvxUPo-gehoNNLKcK_vRrg8d4gzPWhBKSMkdMh0iNW200m9uhQxMgso7_FjShtiND5M3Zb0TLUgkLDDKcNEFc-um_twhP6jj0h-qM4Ao4XMnba3zv51FDCsPA0aCt0ojxT75YXyllNl6nBruXA5RXO_B93nLSv17KIR7jdb-KP-IcNWl-_p-t1PzpHcJq-Z6Sn-MKvILNIeVeguWv9UNJ-EJGLGXJsUIb6CoKBhvrX0_i1OxFjA0IuSv-0ilekaCRluf3l_e0JanSmvGErflGOPSmfYT9cohA4pe8khct09LiNdWNA5X2R4eK1ebsKlWux-KeGIRLVrFjHF-b64iz9z62Hbkr5nii8XxqvODl_tMzxNLpCNeRj6005G3yv7R9XvkgRIF6GtthgQINQJ3h8HDNVbs1usTfaqnWtFBKAffmzMJpUGnu-IOYw8lyvHt78deBLmDcq183kNqAFyyo6R5zyJ0A_ffCZ71FgP6qCtHQxRfe6sInHYgxabzz_XchH5KynJEzHHBlPTwo3J_aIacMQRvAZyqbtcsZCKDJPkXOxiO_yamSd6BHgttwF1xz%26sai%3DAMfl-YQmTGzqEbXVULMP_A5f3TKX6-UnvIgIFDEAEt-YpD7D3zICWz9sJjmvzAG7Nto3_nrsdPp2G3_UNGygPczoSSW2YoFnWOxSzKzcRQXIkAq3VLjhuBglIolLxxNkfxy_LFmG2axI-MwqH7GP8BqBwGiWRi3QysvGwojRf8eGteBd-SuO5YzRyiLpHYhfzeHXTe7KgTeZ0KI5Tflncsinb4fV6uR8Nx7e5gAQxwMZwRsANpPTkwxvJVATUi7Iwx6yFh3s96OFUSldf1uQ0mE7IX7zpGqf3O4J4KqFQA72nw%26sig%3DCg0ArKJSzF50Q0RR08i7EAE%26cry%3D1%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26rm_eid%3D5362262%26adurl%3Dhttps%253A%252F%252Fwww.home.saxo%252Fen-ch%252Fproducts%252Fstocks%253Fdclid%253D%2525edclid!%2526cmpid%253Ddisp_cm_1014735043_20642156636_524800797
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3978026277272551424/CH_EN_Stocks_Track1_Range-2-ENCH-970x250-638326118677785326-26b1a8a3-7a8f-4f22-8b49-33fe21b525b3.html?ev=01_250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c96e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0e71bd14f13c304e51c6bb7daef95a44d902a19a0a2ae06f33273b6c72b9439

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 26 Nov 2023 18:14:24 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, s-maxage=10
cf-ray: 82c41c645e4a22b5-CDG
request-context: appId=cid-v1:1a5f66bd-0229-467a-a946-b3753e659ecb

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 170ms
170ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202311090101&jk=364172630815219&bg=!Pj2lPXLNAAZxrfrxUa07ADQBe5WfONEpad-yiA_dx2I3dyLXXioR9DKvCsiThW3mPw9TcUiAP92F5fJrQmsNQjkqULPAAgAAAMlSAAAAAWgBB5kCwgHa7GS8BrmtN2k35C6ikqSOo7dh6mPS3EXt_QTX2J9txMH3G3cF67iOgDeLEQcuC389e7maz6fBvEmhq6uZ-e5mhcjit632zmtxVl530FzadO5NlZ482LCVXbv0FhaTo25LphokwVIikjP1nLYnDJOgtUp7VHBInj5RL9nWf3o6UCmZ-G4c9WcNDctU7VF0EhesIZ3u0WJGuoskMBB4owhWu71qDIa4Rzu3vdZTj4E0srQhcCMFkS9zX_EIg7yeQgdv8GBRqtzLvVIg8KvZGj3FciFxnv-OpfEmN1A8AWEVlpHiKWMoQ7B7LqFKFqRjgWALD-p_mK1kbyzIMLN-To55kYQmjgDPq3oUYIFUfOR6chSYPEjjBI1cgxIgMvYPoGlZ1vrZ4RhEn55x88f3a_KdC3fCvpU72BBQr-cYoZ0WGglsQU4yuwBnVe2SYtrbIW9Vwzoz3Lc-dE87t35YKWazueK0k5lsLykZzts8UfhzozJSe-3ENG96AHihB4ThxdLpkW7gHXhgiZ_OyBotwxtsn81bA-7P8Qwq52KJ-9l028AYCGxgJPh5pDfrOmviVgD_ONthY4H7z0GSnOU-C8FvTEytZQyyD9nQGopO6AJ5R76lFDGbBajtl3Wxq9vYCFdwaSvNL6nUgiNBMKccV7i7cV_FKv89HYaL19VJhqiPK9sq0KG-6jQbs8q1dgxQHPLwDgcUfZUJUro0VMMJ8LU_fje8y38fESnZSPkK4ONXXN6qyulbY8T__vcie0KNJJVLcY_pYZsCtzoAryjnXhrFlOVMm-3H5uowvXOTyi6sngTngjoZx8duSt6BcQyIjEthWlGZqsMTsBodaWGKbvoYqkPXExxRq6JdYD8nAiT0Z5tM6B7B69G1AVlbUjrgdHP4W8cSlCgtVlftfy1aTnGRxSly7SakHL0Zbrk2RiUISuc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 widget.e53c0145f118df2f5218.js Show response
c.bannerflow.net/scripts/ Frame 503D 24 KB
9 KB 43ms
42ms Script
application/javascript 2606:4700::6811:c96e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/scripts/widget.e53c0145f118df2f5218.js
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/65266504843eb9eeda762f7e?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv9IUuA6HJ8c3le0tMucXBsVgCjOPG2Ypq7SHOrDZIQA05FmZHKyDxAo1LzykInxhuF8EEn071GHhNcM2g5E51FJK9AnVzfntYftX-O5vXD0Hrb6CheF7RfcM0bCECjfMZ4FOWWASLwBSyCGD5Gi6Kh1XwzY3xSSz2P60JKZzzKpqwP9at0Pk6IbcuwYKK4ygSN1LxyAtmOFJ904tYHUJSaETkeT1N1l71Gtxjd02xTvKpCKk5yvvBCwRo-hoPsYttUbAuBkf7tOr58YZYFeiR4zJzt8I2tqVzdYGFomikcp-EfHaAVJhupiT8WMWGlwVaK9C5oFVHSIeSHKE7B01A_1Uuq5xFCUh3A6kLKBSGNK5SS_FWcgvXGFlLlAae_Owfj3qdn6B6VcXWQ06KO_TReckNDLomZW0nAPVcutFrUTVsgAuiBQd8pktBkhneJbyKeoIAqr2qrBEDaLfx-EY7sYyzlzC3vpOT0kO7mswCEm8eY2Z96skxHZ-YrNB091j3_z0RGnMAVjB9RS2VUC_MD9P2S91GYk8UnKO9mzTAhxVKzeOAlS_QExqi7uH_i6gh57sQkYOaIhzNlvLC5ZSKSzpI69iQez_Sbuiv7tOvvAlsq8w07BB7OXKbLlJm7_1e_rfOlwQarWyZNemaCSxmenQB3DDv44HewYD5AL3b0m_rzXmB1YSoWhgLjxUHC38I5Vh6dvWHsvOY9U7unvtmz48DRpgNqlyddezLVIvHpO_DbeTmw-r0B9oYFH0-1RacAjoI_O6WB8-O_5_5T2iYK992_RaPuy36RmzutYuW_NX47SOFxiFS27X09nAiI4HnrwDTn_NUXvS7XbZky2Jtl0cmMuN7_1a23bxb1zUQt51GbhLGMvGXmVinSFviwvxUPo-gehoNNLKcK_vRrg8d4gzPWhBKSMkdMh0iNW200m9uhQxMgso7_FjShtiND5M3Zb0TLUgkLDDKcNEFc-um_twhP6jj0h-qM4Ao4XMnba3zv51FDCsPA0aCt0ojxT75YXyllNl6nBruXA5RXO_B93nLSv17KIR7jdb-KP-IcNWl-_p-t1PzpHcJq-Z6Sn-MKvILNIeVeguWv9UNJ-EJGLGXJsUIb6CoKBhvrX0_i1OxFjA0IuSv-0ilekaCRluf3l_e0JanSmvGErflGOPSmfYT9cohA4pe8khct09LiNdWNA5X2R4eK1ebsKlWux-KeGIRLVrFjHF-b64iz9z62Hbkr5nii8XxqvODl_tMzxNLpCNeRj6005G3yv7R9XvkgRIF6GtthgQINQJ3h8HDNVbs1usTfaqnWtFBKAffmzMJpUGnu-IOYw8lyvHt78deBLmDcq183kNqAFyyo6R5zyJ0A_ffCZ71FgP6qCtHQxRfe6sInHYgxabzz_XchH5KynJEzHHBlPTwo3J_aIacMQRvAZyqbtcsZCKDJPkXOxiO_yamSd6BHgttwF1xz%26sai%3DAMfl-YQmTGzqEbXVULMP_A5f3TKX6-UnvIgIFDEAEt-YpD7D3zICWz9sJjmvzAG7Nto3_nrsdPp2G3_UNGygPczoSSW2YoFnWOxSzKzcRQXIkAq3VLjhuBglIolLxxNkfxy_LFmG2axI-MwqH7GP8BqBwGiWRi3QysvGwojRf8eGteBd-SuO5YzRyiLpHYhfzeHXTe7KgTeZ0KI5Tflncsinb4fV6uR8Nx7e5gAQxwMZwRsANpPTkwxvJVATUi7Iwx6yFh3s96OFUSldf1uQ0mE7IX7zpGqf3O4J4KqFQA72nw%26sig%3DCg0ArKJSzF50Q0RR08i7EAE%26cry%3D1%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26rm_eid%3D5362262%26adurl%3Dhttps%253A%252F%252Fwww.home.saxo%252Fen-ch%252Fproducts%252Fstocks%253Fdclid%253D%2525edclid!%2526cmpid%253Ddisp_cm_1014735043_20642156636_524800797
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c96e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ccc73644afcea0862b8aec123ddee9e17c8a2cd8e82f8526e63700a5d4e4e3cf

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 26 Nov 2023 18:14:24 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: O/JEW+6nwDFyi4qO2v1f5Q==
age: 1442089
cf-polished: origSize=24228
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Fri, 18 Aug 2023 11:29:30 GMT
server: cloudflare
etag: W/"0x8DB9FDE635FCEFB"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b1be7459-401e-003e-6576-1342ac000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2011-08-18
cf-ray: 82c41c64cf3c22b5-CDG

GET
H2 200 document.000000B5896595.js Show response
c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/published/4729601/6325512/ Frame 503D 124 KB
29 KB 66ms
66ms Script
application/javascript 2606:4700::6811:c96e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/published/4729601/6325512/document.000000B5896595.js
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/65266504843eb9eeda762f7e?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv9IUuA6HJ8c3le0tMucXBsVgCjOPG2Ypq7SHOrDZIQA05FmZHKyDxAo1LzykInxhuF8EEn071GHhNcM2g5E51FJK9AnVzfntYftX-O5vXD0Hrb6CheF7RfcM0bCECjfMZ4FOWWASLwBSyCGD5Gi6Kh1XwzY3xSSz2P60JKZzzKpqwP9at0Pk6IbcuwYKK4ygSN1LxyAtmOFJ904tYHUJSaETkeT1N1l71Gtxjd02xTvKpCKk5yvvBCwRo-hoPsYttUbAuBkf7tOr58YZYFeiR4zJzt8I2tqVzdYGFomikcp-EfHaAVJhupiT8WMWGlwVaK9C5oFVHSIeSHKE7B01A_1Uuq5xFCUh3A6kLKBSGNK5SS_FWcgvXGFlLlAae_Owfj3qdn6B6VcXWQ06KO_TReckNDLomZW0nAPVcutFrUTVsgAuiBQd8pktBkhneJbyKeoIAqr2qrBEDaLfx-EY7sYyzlzC3vpOT0kO7mswCEm8eY2Z96skxHZ-YrNB091j3_z0RGnMAVjB9RS2VUC_MD9P2S91GYk8UnKO9mzTAhxVKzeOAlS_QExqi7uH_i6gh57sQkYOaIhzNlvLC5ZSKSzpI69iQez_Sbuiv7tOvvAlsq8w07BB7OXKbLlJm7_1e_rfOlwQarWyZNemaCSxmenQB3DDv44HewYD5AL3b0m_rzXmB1YSoWhgLjxUHC38I5Vh6dvWHsvOY9U7unvtmz48DRpgNqlyddezLVIvHpO_DbeTmw-r0B9oYFH0-1RacAjoI_O6WB8-O_5_5T2iYK992_RaPuy36RmzutYuW_NX47SOFxiFS27X09nAiI4HnrwDTn_NUXvS7XbZky2Jtl0cmMuN7_1a23bxb1zUQt51GbhLGMvGXmVinSFviwvxUPo-gehoNNLKcK_vRrg8d4gzPWhBKSMkdMh0iNW200m9uhQxMgso7_FjShtiND5M3Zb0TLUgkLDDKcNEFc-um_twhP6jj0h-qM4Ao4XMnba3zv51FDCsPA0aCt0ojxT75YXyllNl6nBruXA5RXO_B93nLSv17KIR7jdb-KP-IcNWl-_p-t1PzpHcJq-Z6Sn-MKvILNIeVeguWv9UNJ-EJGLGXJsUIb6CoKBhvrX0_i1OxFjA0IuSv-0ilekaCRluf3l_e0JanSmvGErflGOPSmfYT9cohA4pe8khct09LiNdWNA5X2R4eK1ebsKlWux-KeGIRLVrFjHF-b64iz9z62Hbkr5nii8XxqvODl_tMzxNLpCNeRj6005G3yv7R9XvkgRIF6GtthgQINQJ3h8HDNVbs1usTfaqnWtFBKAffmzMJpUGnu-IOYw8lyvHt78deBLmDcq183kNqAFyyo6R5zyJ0A_ffCZ71FgP6qCtHQxRfe6sInHYgxabzz_XchH5KynJEzHHBlPTwo3J_aIacMQRvAZyqbtcsZCKDJPkXOxiO_yamSd6BHgttwF1xz%26sai%3DAMfl-YQmTGzqEbXVULMP_A5f3TKX6-UnvIgIFDEAEt-YpD7D3zICWz9sJjmvzAG7Nto3_nrsdPp2G3_UNGygPczoSSW2YoFnWOxSzKzcRQXIkAq3VLjhuBglIolLxxNkfxy_LFmG2axI-MwqH7GP8BqBwGiWRi3QysvGwojRf8eGteBd-SuO5YzRyiLpHYhfzeHXTe7KgTeZ0KI5Tflncsinb4fV6uR8Nx7e5gAQxwMZwRsANpPTkwxvJVATUi7Iwx6yFh3s96OFUSldf1uQ0mE7IX7zpGqf3O4J4KqFQA72nw%26sig%3DCg0ArKJSzF50Q0RR08i7EAE%26cry%3D1%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26rm_eid%3D5362262%26adurl%3Dhttps%253A%252F%252Fwww.home.saxo%252Fen-ch%252Fproducts%252Fstocks%253Fdclid%253D%2525edclid!%2526cmpid%253Ddisp_cm_1014735043_20642156636_524800797
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c96e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7e749c05c43d338e5cc69831a6d6c7e4fc4a7622d00f0e691ce372b82b03e01

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 26 Nov 2023 18:14:24 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: 3KWCI0yAyTG3R2AV3w/tpA==
age: 1375724
cf-polished: origSize=133012
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Thu, 07 Sep 2023 11:04:39 GMT
server: cloudflare
etag: W/"0x8DBAF923AE84234"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a82d7250-301e-001b-4911-14ebd0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2011-08-18
cf-ray: 82c41c64cf4022b5-CDG

GET
H2 200 animated-creative.b105a4e6577fb08357fd.js Show response
c.bannerflow.net/scripts/ Frame 503D 156 KB
53 KB 44ms
44ms Script
application/javascript 2606:4700::6811:c96e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/scripts/animated-creative.b105a4e6577fb08357fd.js
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/65266504843eb9eeda762f7e?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv9IUuA6HJ8c3le0tMucXBsVgCjOPG2Ypq7SHOrDZIQA05FmZHKyDxAo1LzykInxhuF8EEn071GHhNcM2g5E51FJK9AnVzfntYftX-O5vXD0Hrb6CheF7RfcM0bCECjfMZ4FOWWASLwBSyCGD5Gi6Kh1XwzY3xSSz2P60JKZzzKpqwP9at0Pk6IbcuwYKK4ygSN1LxyAtmOFJ904tYHUJSaETkeT1N1l71Gtxjd02xTvKpCKk5yvvBCwRo-hoPsYttUbAuBkf7tOr58YZYFeiR4zJzt8I2tqVzdYGFomikcp-EfHaAVJhupiT8WMWGlwVaK9C5oFVHSIeSHKE7B01A_1Uuq5xFCUh3A6kLKBSGNK5SS_FWcgvXGFlLlAae_Owfj3qdn6B6VcXWQ06KO_TReckNDLomZW0nAPVcutFrUTVsgAuiBQd8pktBkhneJbyKeoIAqr2qrBEDaLfx-EY7sYyzlzC3vpOT0kO7mswCEm8eY2Z96skxHZ-YrNB091j3_z0RGnMAVjB9RS2VUC_MD9P2S91GYk8UnKO9mzTAhxVKzeOAlS_QExqi7uH_i6gh57sQkYOaIhzNlvLC5ZSKSzpI69iQez_Sbuiv7tOvvAlsq8w07BB7OXKbLlJm7_1e_rfOlwQarWyZNemaCSxmenQB3DDv44HewYD5AL3b0m_rzXmB1YSoWhgLjxUHC38I5Vh6dvWHsvOY9U7unvtmz48DRpgNqlyddezLVIvHpO_DbeTmw-r0B9oYFH0-1RacAjoI_O6WB8-O_5_5T2iYK992_RaPuy36RmzutYuW_NX47SOFxiFS27X09nAiI4HnrwDTn_NUXvS7XbZky2Jtl0cmMuN7_1a23bxb1zUQt51GbhLGMvGXmVinSFviwvxUPo-gehoNNLKcK_vRrg8d4gzPWhBKSMkdMh0iNW200m9uhQxMgso7_FjShtiND5M3Zb0TLUgkLDDKcNEFc-um_twhP6jj0h-qM4Ao4XMnba3zv51FDCsPA0aCt0ojxT75YXyllNl6nBruXA5RXO_B93nLSv17KIR7jdb-KP-IcNWl-_p-t1PzpHcJq-Z6Sn-MKvILNIeVeguWv9UNJ-EJGLGXJsUIb6CoKBhvrX0_i1OxFjA0IuSv-0ilekaCRluf3l_e0JanSmvGErflGOPSmfYT9cohA4pe8khct09LiNdWNA5X2R4eK1ebsKlWux-KeGIRLVrFjHF-b64iz9z62Hbkr5nii8XxqvODl_tMzxNLpCNeRj6005G3yv7R9XvkgRIF6GtthgQINQJ3h8HDNVbs1usTfaqnWtFBKAffmzMJpUGnu-IOYw8lyvHt78deBLmDcq183kNqAFyyo6R5zyJ0A_ffCZ71FgP6qCtHQxRfe6sInHYgxabzz_XchH5KynJEzHHBlPTwo3J_aIacMQRvAZyqbtcsZCKDJPkXOxiO_yamSd6BHgttwF1xz%26sai%3DAMfl-YQmTGzqEbXVULMP_A5f3TKX6-UnvIgIFDEAEt-YpD7D3zICWz9sJjmvzAG7Nto3_nrsdPp2G3_UNGygPczoSSW2YoFnWOxSzKzcRQXIkAq3VLjhuBglIolLxxNkfxy_LFmG2axI-MwqH7GP8BqBwGiWRi3QysvGwojRf8eGteBd-SuO5YzRyiLpHYhfzeHXTe7KgTeZ0KI5Tflncsinb4fV6uR8Nx7e5gAQxwMZwRsANpPTkwxvJVATUi7Iwx6yFh3s96OFUSldf1uQ0mE7IX7zpGqf3O4J4KqFQA72nw%26sig%3DCg0ArKJSzF50Q0RR08i7EAE%26cry%3D1%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26rm_eid%3D5362262%26adurl%3Dhttps%253A%252F%252Fwww.home.saxo%252Fen-ch%252Fproducts%252Fstocks%253Fdclid%253D%2525edclid!%2526cmpid%253Ddisp_cm_1014735043_20642156636_524800797
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c96e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80c1a71b0825d5c2a91d238da77ede821f8df46b20974aa774f5bc03aefe6a45

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 26 Nov 2023 18:14:24 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: lEV9j3pUvMgu01szZkbLog==
age: 2287272
cf-polished: origSize=159577
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Thu, 31 Aug 2023 09:36:51 GMT
server: cloudflare
etag: W/"0x8DBAA05CE239A64"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 1cf3bb30-f01e-0014-5cc6-0ba549000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2011-08-18
cf-ray: 82c41c64cf4422b5-CDG

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C866 42 B
64 B 172ms
171ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstgUXFrvefHwypONv6gDrXQNERwNDUVPE_EOUE0xO6WabsXe6BKzUXRTQ1UiOUGQPCpnT3KsBOd4NinISFBaIMWjB2VDVCrlh-HzEGMom7-VXBN0WPg64NIc3_XwMoep0phLsP64DWWvw&sai=AMfl-YSUkGmG-qb0k2Eurd24w2OX-qXNNRqzlVeAzEUCkfLXfPn5hf8GC8c6v5OtvEeN7VjJHNglaOOVUOBiStuTky9-6JIBMUs3tSyrVl6EloBu1bFp8SH6ALXaSzlB_YDwTk1Sumrs_GcbwAGal9iNQw&sig=Cg0ArKJSzFZCm00UScaqEAE&cid=CAQSTwDICaaNWW5gznb2bYPsDNY1CUp1zgxHYFE9szmVxZjPpmknlH5RAyGaSsAYZOL-7ySnj3IQxugjzZiH3suh62Lfo_BowWL9s5suYw9FMDMYAQ&id=lidar2&mcvt=1000&p=231,315,481,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2365977148&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701022463598&rpt=223&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BED1 42 B
64 B 171ms
170ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvtdbd2uRGEYpX1jtXQ1E3hZyaczqdRJ0Q9dLk22VzbuyVCS6pZ4XTbXfC_BLKDRv0YBUdYsWuwr10GWfOhD0Yq0PEeTniE7MizqNPFL9UCT03z3HLrqxmaXo5Z28EsDkPkLnuk2IlYig&sai=AMfl-YQPBWcFhH29Fyk_NZDaL1mTtH0nwOOdGWiZFI0tglWB0CbTYkiSV7l4Pi3Dx9_sT3YJm7-rSq5SZteKf5IPbBpyucH9BaLWh2Okxir7kj1Rx_rE2GxG83crMoNizkoJOmr0-GC3s3xvtPPYnLVhwA&sig=Cg0ArKJSzLsIrOCvnNiTEAE&cid=CAQSTwDICaaN8XStFIrWOCUBFGXOUldBTOinOqtfu_H0SLQ7LAYHXRh6VuXL9vTQNH29FTRzGDRq7_1IofODoLM3tFXor_kMayX10z-Zzh9B6qoYAQ&id=lidar2&mcvt=1001&p=611,315,861,1285&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=554408032&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701022463648&rpt=253&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 503D 66 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
BLOB 200
OK 779693e0-a36d-4e20-ada5-aaf803550c58 Show response
https://s0.2mdn.net/ Frame CB88 668 B
0 Script
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://s0.2mdn.net/779693e0-a36d-4e20-ada5-aaf803550c58
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/scripts/animated-creative.b105a4e6577fb08357fd.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 668
Content-Type

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0300 42 B
64 B 171ms
171ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss3KuugtklEH8jaTVJOfjCq0jmEGyjWRbQiOFjkHxy2fcVpKsNgcPGSHRTcCDuIHvnDGEReC4l7tQwk9HG6U23YJoIR_E2etYbzIaEgs7QkUawKcJedmkjzv-D-BoZTDcP6SN1w2cc3WZKWtUazRd5w_wvJZKfchtaLhCCE&sai=AMfl-YQHm9TE6cz6deSVVrZFtTrLuhhk_KioKRMOJlx2blnCYe8zZVxpd8kky--Gx4Vho3__5GsP8ciJNr2jxzhjpeMz_gZwqqg2I-O9hyhM88FelRb8EvlaTW72dtK_Rf_SfFwNfGMGgwQbZTdLPcQHSQ&sig=Cg0ArKJSzGgEomWSNelpEAE&cid=CAQSTwDICaaNIifslPLkxxUUGtS1rgyBciplbi5VSRMrQCa7aOXDcLnYr7T8Gi88hRqllT3I9THTYLWJw4Uh-g-4rKB0IXTrxegmI5HfPBontTIYAQ&id=ampim&o=298,1193&d=1005,124&ss=1600,1200&bs=1600,1200&mcvt=1005&mtos=0,0,1005,1005,1005&tos=0,0,1005,0,0&tfs=250&tls=1459&g=51.61290168762207&h=100&tt=1459&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 font
c.bannerflow.net/fs/api/v2/ Frame 503D 25 KB
25 KB 92ms
40ms Font
font/woff 2606:4700::6811:c96e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F5a0d39df4b0d911948f0e725%2F80e96a5f-eddf-4121-a75c-0206e164272c.woff&t=%0A%20%2C.37ELSTUabcdefghiklmnoprstuvwxyz
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3978026277272551424/CH_EN_Stocks_Track1_Range-2-ENCH-970x250-638326118677785326-26b1a8a3-7a8f-4f22-8b49-33fe21b525b3.html?ev=01_250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c96e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e82df9c163555b86425f1fa06923f32ccb6dcc1c98f17339f9d3d2decca86e0a

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:25 GMT
cf-cache-status: HIT
last-modified: Fri, 10 Nov 2023 07:50:02 GMT
server: cloudflare
age: 1419863
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition: attachment; filename=80e96a5f-eddf-4121-a75c-0206e164272c-subset.woff
cf-ray: 82c41c668ae2f0df-CDG
expires: Sat, 09 Nov 2024 07:50:02 GMT

GET
H2 200 font
c.bannerflow.net/fs/api/v2/ Frame 503D 4 KB
4 KB 34ms
34ms Font
font/woff 2606:4700::6811:c96e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F5a0d39df4b0d911948f0e725%2F0f63eea9-bff4-46f1-b0c4-c0bc6ce3911c.woff&t=%20Oacenoptu
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3978026277272551424/CH_EN_Stocks_Track1_Range-2-ENCH-970x250-638326118677785326-26b1a8a3-7a8f-4f22-8b49-33fe21b525b3.html?ev=01_250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c96e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebcdd90f705f01c91da674e074106ae4459ca7c02767e6a1959b119279f30ced

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:25 GMT
cf-cache-status: HIT
last-modified: Sun, 12 Nov 2023 03:59:46 GMT
server: cloudflare
age: 1260879
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition: attachment; filename=0f63eea9-bff4-46f1-b0c4-c0bc6ce3911c-subset.woff
cf-ray: 82c41c66cb7ff0df-CDG
expires: Mon, 11 Nov 2024 03:59:46 GMT

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame BEFF 3 KB
3 KB 38ms
38ms Image
image/webp 2606:4700::6811:c96e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fsaxo-bank%2F5a0d3b1088665f7354f5da6c%2Fimages%2F9f0ed779-182e-4c28-adce-8e9c63d05cba.png&w=215&h=311&q=99&f=webp&rt=contain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c96e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59c709c3b953b4bbb1b4bebaa3092c08577304b9506ea8e56c0ac6a65289224d

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:25 GMT
cf-cache-status: HIT
last-modified: Sun, 26 Nov 2023 07:11:55 GMT
api-supported-versions: 2.0
server: cloudflare
age: 39750
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 82c41c672be922b5-CDG
content-length: 2590
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 200 9385cbed-00ad-4793-94f1-014c2e89e9b8.svg
c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/images/ Frame BEFF 217 B
338 B 46ms
46ms Image
image/svg+xml 2606:4700::6811:c96e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/images/9385cbed-00ad-4793-94f1-014c2e89e9b8.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c96e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58550bfbd57abaa8f64bf8a14889e10a3726eaea36bf0c08a9f613fc29916c17

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 26 Nov 2023 18:14:25 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: jWK2YKDGtOC5ylmcMWhtkw==
age: 2060
x-ms-lease-status: unlocked
last-modified: Thu, 22 Sep 2022 09:21:09 GMT
server: cloudflare
etag: W/"0x8DA9C7BC8F9699C"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 661ded2d-701e-0068-553a-0d8bb6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version: 2011-08-18
cf-ray: 82c41c672bee22b5-CDG

GET
H2 200 301871cb-4ee2-47fb-a505-d8a1e2677930.svg
c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/images/ Frame BEFF 152 B
287 B 46ms
45ms Image
image/svg+xml 2606:4700::6811:c96e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/images/301871cb-4ee2-47fb-a505-d8a1e2677930.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c96e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 307279644d7cf64dc9ee86371da7a27bb581695aeef145df65476f1f0364b990

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 26 Nov 2023 18:14:25 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: lx/tqoPhxe1djqV9/qEdwQ==
age: 107
x-ms-lease-status: unlocked
last-modified: Tue, 27 Sep 2022 13:23:17 GMT
server: cloudflare
etag: W/"0x8DAA08B70B1F9D9"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 6c7be7f8-701e-0035-74f1-11b9c7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version: 2011-08-18
cf-ray: 82c41c672bf422b5-CDG

GET
H2 200 7d56cabf-5616-4f5c-98e3-0898795d6f2c.svg
c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/images/ Frame BEFF 361 B
507 B 37ms
37ms Image
image/svg+xml 2606:4700::6811:c96e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/images/7d56cabf-5616-4f5c-98e3-0898795d6f2c.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c96e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 148786284342af63df57c33534fa5940616d81a9d181b789016dfdc2c26f1da5

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 26 Nov 2023 18:14:25 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: RUbP+sQxMgp/o5unKdEvSg==
age: 4744
x-ms-lease-status: unlocked
last-modified: Tue, 13 Dec 2022 12:36:07 GMT
server: cloudflare
etag: W/"0x8DADD069B8C58B6"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 8d7be33f-401e-003e-5ba0-1342ac000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version: 2011-08-18
cf-ray: 82c41c672bf622b5-CDG

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame BEFF 3 KB
3 KB 40ms
40ms Image
image/webp 2606:4700::6811:c96e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fsaxo-bank%2F5a0d3b1088665f7354f5da6c%2Fimages%2Fd3bc406b-e9da-4faa-b2a9-03d21dd7d364.png&w=134&h=60&q=99&f=webp&rt=contain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c96e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a28283a9b717b42cd3970f0707475394e6c5b2a678f354bc25027d0cad00b17

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 18:14:25 GMT
cf-cache-status: HIT
last-modified: Sun, 26 Nov 2023 08:09:06 GMT
api-supported-versions: 2.0
server: cloudflare
age: 36319
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 82c41c672bfa22b5-CDG
content-length: 3346
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 206 AOT_CH_EN_Stocks_Range_1080x1080.webm
dfghidiqaynia.cloudfront.net/go-to-market/Display/AOT_2021/ Frame 8CCB 333 KB
0 122ms
40ms Media
video/webm 2600:9000:2449:e800:16:eff:6080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dfghidiqaynia.cloudfront.net/go-to-market/Display/AOT_2021/AOT_CH_EN_Stocks_Range_1080x1080.webm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2449:e800:16:eff:6080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

x-amz-version-id: 1nikIMyuUHEIK3ru0o81FzMzVoLLGexg
date: Sun, 26 Nov 2023 01:04:54 GMT
via: 1.1 2fb699a7d2ee3ddd9b1caad139f90e76.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
age: 61772
x-cache: Hit from cloudfront
Content-Range: bytes 0-863104/863105
alt-svc: h3=":443"; ma=86400
Content-Length: 863105
last-modified: Wed, 14 Apr 2021 15:41:12 GMT
server: AmazonS3
etag: "1ebb3b6eff73e749ab5a7313672c2f40"
vary: Accept-Encoding
content-type: video/webm
accept-ranges: bytes
x-amz-cf-id: B1_mM4V9JNrjyn0D8VFbXiOaUL1v97fEm4Q83xW9rIfqoS53DHzNiQ==

GET
H2 206 AOT_CH_EN_Stocks_Range_1080x1080.webm
dfghidiqaynia.cloudfront.net/go-to-market/Display/AOT_2021/ Frame 8CCB 11 KB
11 KB 43ms
42ms Media
video/webm 2600:9000:2449:e800:16:eff:6080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dfghidiqaynia.cloudfront.net/go-to-market/Display/AOT_2021/AOT_CH_EN_Stocks_Range_1080x1080.webm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2449:e800:16:eff:6080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 69f2a0cdab9b7927578dc91f022683167c9e81e0852c0b26e0cb9177b7b44241

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=851968-

Response headers

x-amz-version-id: 1nikIMyuUHEIK3ru0o81FzMzVoLLGexg
date: Sun, 26 Nov 2023 01:04:54 GMT
via: 1.1 2fb699a7d2ee3ddd9b1caad139f90e76.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
age: 61772
x-cache: Hit from cloudfront
Content-Range: bytes 851968-863104/863105
alt-svc: h3=":443"; ma=86400
Content-Length: 11137
last-modified: Wed, 14 Apr 2021 15:41:12 GMT
server: AmazonS3
etag: "1ebb3b6eff73e749ab5a7313672c2f40"
vary: Accept-Encoding
content-type: video/webm
accept-ranges: bytes
x-amz-cf-id: LaPOrbNrIm57ZvzEIjZiCIVOQUCenNykVlEPGW8GDmh2FOs5i9PQgw==

POST
H2 200 /
c.bannerflow.net/tr/v2/pixel/ Frame 503D 0
81 B 66ms
66ms Ping
text/plain 2606:4700::6811:c96e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/tr/v2/pixel/
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/65266504843eb9eeda762f7e?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv9IUuA6HJ8c3le0tMucXBsVgCjOPG2Ypq7SHOrDZIQA05FmZHKyDxAo1LzykInxhuF8EEn071GHhNcM2g5E51FJK9AnVzfntYftX-O5vXD0Hrb6CheF7RfcM0bCECjfMZ4FOWWASLwBSyCGD5Gi6Kh1XwzY3xSSz2P60JKZzzKpqwP9at0Pk6IbcuwYKK4ygSN1LxyAtmOFJ904tYHUJSaETkeT1N1l71Gtxjd02xTvKpCKk5yvvBCwRo-hoPsYttUbAuBkf7tOr58YZYFeiR4zJzt8I2tqVzdYGFomikcp-EfHaAVJhupiT8WMWGlwVaK9C5oFVHSIeSHKE7B01A_1Uuq5xFCUh3A6kLKBSGNK5SS_FWcgvXGFlLlAae_Owfj3qdn6B6VcXWQ06KO_TReckNDLomZW0nAPVcutFrUTVsgAuiBQd8pktBkhneJbyKeoIAqr2qrBEDaLfx-EY7sYyzlzC3vpOT0kO7mswCEm8eY2Z96skxHZ-YrNB091j3_z0RGnMAVjB9RS2VUC_MD9P2S91GYk8UnKO9mzTAhxVKzeOAlS_QExqi7uH_i6gh57sQkYOaIhzNlvLC5ZSKSzpI69iQez_Sbuiv7tOvvAlsq8w07BB7OXKbLlJm7_1e_rfOlwQarWyZNemaCSxmenQB3DDv44HewYD5AL3b0m_rzXmB1YSoWhgLjxUHC38I5Vh6dvWHsvOY9U7unvtmz48DRpgNqlyddezLVIvHpO_DbeTmw-r0B9oYFH0-1RacAjoI_O6WB8-O_5_5T2iYK992_RaPuy36RmzutYuW_NX47SOFxiFS27X09nAiI4HnrwDTn_NUXvS7XbZky2Jtl0cmMuN7_1a23bxb1zUQt51GbhLGMvGXmVinSFviwvxUPo-gehoNNLKcK_vRrg8d4gzPWhBKSMkdMh0iNW200m9uhQxMgso7_FjShtiND5M3Zb0TLUgkLDDKcNEFc-um_twhP6jj0h-qM4Ao4XMnba3zv51FDCsPA0aCt0ojxT75YXyllNl6nBruXA5RXO_B93nLSv17KIR7jdb-KP-IcNWl-_p-t1PzpHcJq-Z6Sn-MKvILNIeVeguWv9UNJ-EJGLGXJsUIb6CoKBhvrX0_i1OxFjA0IuSv-0ilekaCRluf3l_e0JanSmvGErflGOPSmfYT9cohA4pe8khct09LiNdWNA5X2R4eK1ebsKlWux-KeGIRLVrFjHF-b64iz9z62Hbkr5nii8XxqvODl_tMzxNLpCNeRj6005G3yv7R9XvkgRIF6GtthgQINQJ3h8HDNVbs1usTfaqnWtFBKAffmzMJpUGnu-IOYw8lyvHt78deBLmDcq183kNqAFyyo6R5zyJ0A_ffCZ71FgP6qCtHQxRfe6sInHYgxabzz_XchH5KynJEzHHBlPTwo3J_aIacMQRvAZyqbtcsZCKDJPkXOxiO_yamSd6BHgttwF1xz%26sai%3DAMfl-YQmTGzqEbXVULMP_A5f3TKX6-UnvIgIFDEAEt-YpD7D3zICWz9sJjmvzAG7Nto3_nrsdPp2G3_UNGygPczoSSW2YoFnWOxSzKzcRQXIkAq3VLjhuBglIolLxxNkfxy_LFmG2axI-MwqH7GP8BqBwGiWRi3QysvGwojRf8eGteBd-SuO5YzRyiLpHYhfzeHXTe7KgTeZ0KI5Tflncsinb4fV6uR8Nx7e5gAQxwMZwRsANpPTkwxvJVATUi7Iwx6yFh3s96OFUSldf1uQ0mE7IX7zpGqf3O4J4KqFQA72nw%26sig%3DCg0ArKJSzF50Q0RR08i7EAE%26cry%3D1%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26rm_eid%3D5362262%26adurl%3Dhttps%253A%252F%252Fwww.home.saxo%252Fen-ch%252Fproducts%252Fstocks%253Fdclid%253D%2525edclid!%2526cmpid%253Ddisp_cm_1014735043_20642156636_524800797
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c96e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://s0.2mdn.net/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 26 Nov 2023 18:14:25 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82c41c69182a22b5-CDG
content-length: 0
request-context: appId=cid-v1:1d9bcaa3-5ddc-4e5d-973c-949d7ceab63e

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 43A8 0
20 B 164ms
163ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4596230834272&version=m202309260101&ct=76&x=1&cor=11119664449793098000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 18:14:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
481 B 39ms
38ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_auto_728x90_sticky_display_bottom&e=ufp&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 18:14:28 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 840219
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c41c7eb882f0cb-CDG

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: certify-js.alexametrics.com
URL: https://certify-js.alexametrics.com/atrk.js

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst-V8Mlig1dx7iHWBZitFguJM35n4fYapChTxrDEjhA4iy0lgWq63l4LjOpSLzwSrZQZO35UTUXAFRxZpweAKwgQOMolfsMoXDdQXOocVzcNk2m1ypy_T1T8AAQpuWEJ0VtfZnBgPkAuTpuHH32qnWmKz-VuFayjNueR20cPSidoDif6PA14ZIktZUnO54QxmA4RWB6LIhOKVEhVWRoguJV-usCS48-pjckZSLNHNlM-nlFbyngy-m_l2Lwf1ojBlQOIqaHhAzoNelhHR5KvN-yrj_dBfA64dw0hMvD639LKc4K8FUPqTvo1NjOkw94yxk7mzP_y6xE_b69VsJqoWg8jz78m5RJwYUWQAN14Xf051_B1YTIfWXI08aWARECIEzLcCsfGnzzQp6gzmT78o1kvOps6OJwJP-QNIibUACwAs_4fg&sai=AMfl-YRE69mFfQy4TNO5BYHMmPN83oH_qhUfKbxvtJb21jwjcJhb_PR4XbsIyN8WHdkkTMewcwVseW8wxuemAwdQHY-B0nffxdg3XOtpmwLWNMXiEdUNdg0rRDw1ycSI5OfJ2jITijFd7JoBuDI-4K9K4Ts&sig=Cg0ArKJSzPNGvPxva92cEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Domain: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Verdicts & Comments Add Verdict or Comment

191 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

38 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.file-upload.org/	1969-12-31 23:59:59	Name: lang Value: german
www.file-upload.org/	1969-12-31 23:59:59	Name: visited Value: visited, visited_expires=Sun Nov 26 2023 19:15:22 GMT+0100 (Central European Standard Time), path=/
.file-upload.in/	1970-01-21 02:06:22	Name: _ga_3T7TKCZCC9 Value: GS1.1.1701022462.1.0.1701022462.0.0.0
.file-upload.in/	1970-01-21 02:06:22	Name: _ga Value: GA1.2.1540111154.1701022463
.file-upload.in/	1970-01-20 16:31:48	Name: _gid Value: GA1.2.18094710.1701022463
.file-upload.in/	1970-01-20 16:30:22	Name: _gat_gtag_UA_119779859_1 Value: 1
live.demand.supply/	1970-01-21 02:06:22	Name: demandSupplyTi Value: d55fc5c6-21c0-468e-9463-667850cbe79e
.demand.supply/	1970-01-20 16:30:24	Name: __cf_bm Value: XeTYXL1LInY3d7LLzQ1eaOkq7tRlkitqq_bq0F0lmKo-1701022462-0-Abh38T8dTJBLJ1cLVTJ/Xjb8DC1tvcJqYuHlfBVnEOnRKEp161Mopugy2dSw4Ka6OoTqZ/fKpr40ojnjhnpPfPo=
.file-upload.in/	1970-01-20 16:30:22	Name: lotame_domain_check Value: file-upload.in
.criteo.com/	1970-01-21 01:51:58	Name: uid Value: cce6b724-1193-4a29-bccb-326ae674154f
.openx.net/	1970-01-21 01:15:58	Name: i Value: 78f85847-b6f1-4529-883f-901c0aa9f281\|1701022463
.file-upload.in/	1970-01-21 01:51:58	Name: cto_bundle Value: eWnzB19oayUyRlZmSiUyQjkxUEpFJTJCeCUyQiUyRjBpZCUyQm5UTGREWWZlM0IlMkZQNFJERWZaUHBEVEV6MWtrNG90eXZLcWs0VmJDdTdwWFc5NHNYbmIlMkI5REdUVk8wblFjcXJlZE5DZCUyQmpReTJCTEhxbjZhVkl2czBvUzZ2U1hrZ1pBVEkxV1BuNjFKc2pXeExlanl5STBFdDh1bGdrV0UlMkJHUCUyQjRRJTNEJTNE
.yahoo.com/	1970-01-21 01:16:20	Name: A3 Value: d=AQABBP-KY2UCEKJWybgN-fjVqGIqNJLuT-AFEgEBAQHcZGVtZbti0CMA_eMAAA&S=AQAAAkgPjBEMDs55M0ixl8gNekY
.crwdcntrl.net/	1970-01-20 22:59:10	Name: _cc_dc Value: 1
.crwdcntrl.net/	1970-01-20 22:59:10	Name: _cc_id Value: 1f6f8cd069d915cbbdd0a3eaa959f241
.file-upload.in/	1970-01-20 22:59:10	Name: _cc_id Value: 1f6f8cd069d915cbbdd0a3eaa959f241
.file-upload.in/	1970-01-20 16:40:27	Name: panoramaId_expiry Value: 1701627263411
.file-upload.in/	1970-01-20 16:40:27	Name: panoramaId Value: 7182b8caa86df79fc0363344e8354945a702d5453777b234932c38e6c42f72c5
.file-upload.in/	1970-01-20 16:40:27	Name: panoramaIdType Value: panoIndiv
.openx.net/	1970-01-20 16:51:58	Name: pd Value: v2\|1701022463\|n0vNvQiygu
.adform.net/	1970-01-20 17:13:34	Name: C Value: 1
.doubleclick.net/	1970-01-21 02:06:22	Name: IDE Value: AHWqTUl4FckQukZRCvSaPsEexMWZki55NCuQW87EPfqI5CTQ7T_6Ge1x2kFr1AUH
.adform.net/	1970-01-20 17:56:46	Name: uid Value: 2350489431911942724
.file-upload.in/	1970-01-21 01:51:58	Name: __gads Value: ID=b1368b8df88c773b:T=1701022463:RT=1701022463:S=ALNI_MaS8fysnIRNzdzgiYDTucWlmhjtHA
.file-upload.in/	1970-01-21 01:51:58	Name: __gpi Value: UID=00000cdcb7189c40:T=1701022463:RT=1701022463:S=ALNI_MZCXpFlY_6KhcL1l2j6VJnhlZaJZQ
.amazon-adsystem.com/	1970-01-20 21:44:17	Name: ad-id Value: AzUXBEzlLUwpkLysKsXLrlc
.amazon-adsystem.com/	1970-01-21 02:06:22	Name: ad-privacy Value: 0
.casalemedia.com/	1970-01-20 18:39:58	Name: CMPS Value: 1137
.casalemedia.com/	1970-01-21 01:15:58	Name: CMID Value: ZWOK-80lH6xRrrEu1AxxfAAA
.casalemedia.com/	1970-01-20 18:39:58	Name: CMPRO Value: 1205
.quantserve.com/	1970-01-20 18:39:58	Name: d Value: EHABCQHCKoEA
.quantserve.com/	1970-01-21 02:00:36	Name: mc Value: 65638b00-7a58c-421e9-59692
.pubmatic.com/	1970-01-20 16:31:48	Name: KTPCACOOKIE Value: YES
.yieldmo.com/	1970-01-21 01:15:58	Name: yieldmo_id Value: 3Fwx1JJBB2JUOuzRakmK%7C1700956800000%7C0
.pubmatic.com/	1970-01-21 01:15:58	Name: KADUSERCOOKIE Value: 0625635B-92EF-421D-B5B5-B331C3CB705D
.go.sonobi.com/	1970-01-20 17:13:34	Name: __uis Value: c1932030-bc8e-48aa-b733-87a7752e2121
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8G Value: s86138\|ZWOLA
.mediago.io/	1970-01-21 01:15:58	Name: __mguid_ Value: f34e969976ae7c471vkt5m00lpfsutxk

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://certify-js.alexametrics.com/atrk.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript	error	URL: https://www.file-upload.in/ Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d' from origin 'https://www.file-upload.in' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.file-upload.in/ Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a' from origin 'https://www.file-upload.in' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.file-upload.in/ Message: Access to font at 'https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e' from origin 'https://www.file-upload.in' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://ups.analytics.yahoo.com/ups/58813/fed?gpp_sid=-1&v=1&url=https%3A%2F%2Fwww.file-upload.in%2F Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9310b43521d82203850f23309cd06016.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
ads.yieldmo.com
ajax.googleapis.com
bcp.crwdcntrl.net
c.bannerflow.net
c1.adform.net
cc.adingo.jp
cdn-ima.33across.com
cdn.ampproject.org
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
certify-js.alexametrics.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
connectid.analytics.yahoo.com
dfghidiqaynia.cloudfront.net
dsp.adkernel.com
dsum-sec.casalemedia.com
eu-u.openx.net
fonts.googleapis.com
fonts.gstatic.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
id5-sync.com
image6.pubmatic.com
images.dmca.com
invstatic101.creativecdn.com
live.demand.supply
match.adsrvr.org
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
region1.google-analytics.com
s0.2mdn.net
securepubads.g.doubleclick.net
ssl.google-analytics.com
static.criteo.net
sync.go.sonobi.com
tags.crwdcntrl.net
tpc.googlesyndication.com
trace.mediago.io
ups.analytics.yahoo.com
us-u.openx.net
www.file-upload.com
www.file-upload.in
www.file-upload.org
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
certify-js.alexametrics.com
securepubads.g.doubleclick.net
www.file-upload.org
www.googletagservices.com
104.18.36.155
141.95.33.120
142.250.186.130
172.217.16.194
172.64.152.89
174.137.133.49
18.239.18.12
185.64.190.78
188.114.97.3
2001:4860:4802:34::36
2001:4860:4802:38::178
2400:52e0:1e00::1081:1
2600:9000:218f:4400:10:dd8:5e40:93a1
2600:9000:2447:7c00:a:e047:753:a221
2600:9000:2449:e800:16:eff:6080:93a1
2606:4700:10::6816:3556
2606:4700:3036::ac43:b1f7
2606:4700::6810:5514
2606:4700::6810:8516
2606:4700::6811:c96e
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:802::2002
2a00:1450:4001:806::2002
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2001
2a00:1450:4001:810::2008
2a00:1450:4001:81c::2002
2a00:1450:4001:827::2002
2a00:1450:4001:828::2003
2a00:1450:4001:829::2004
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::200a
2a00:1450:4001:830::2001
2a00:1450:4001:831::2003
2a00:1450:4001:831::2006
2a02:2638:3::3
2a02:2638:3::c
2a03:2880:f083:100:face:b00c:0:3
2a06:98c1:3120::3
3.71.149.231
34.102.146.192
34.120.135.53
34.96.70.87
34.98.64.218
35.208.249.213
35.71.131.137
37.157.4.29
52.198.239.233
54.194.65.19
63.32.136.117
67.220.228.200
69.166.1.34
0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
0ccc0942757b3a89e163b2015721485b214afd0ab567332575f723799974f639
0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
148786284342af63df57c33534fa5940616d81a9d181b789016dfdc2c26f1da5
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9
20c8dc265f9bfef0585c87411ff867449f1b642333a55431bc51fb99c9459ab5
22a1257891d7523261ed7426751d43a5dfeb83e2211aed3b71f085b5a45149ed
22fcbe57f60f8e5bbc31d085191c1893de8ac0666302ef41b742e13e7f28d726
2408e86e87c5df52e8160530980e94acf40b083adb5f330abd9ad21b5b5f65e8
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af
27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810
2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
307279644d7cf64dc9ee86371da7a27bb581695aeef145df65476f1f0364b990
30debe7e8820b593c8f6c0cddf6de4430a3a7dd6ccb2da62da0a82a655e0d674
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
32fd0dfe77f8d8c1fa5dc80a0b05db4c7d2607d593604b8f88563336cf3c0784
35743f51134f368f39cfd7864fa2a7a3bcc93e7503829abd28b2e655f48a33b5
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37083d03afc5a93b389e748c18d491cb309d0d62cb417e54157b1f97057bd645
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e
3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9
3f9b9477d5695167bb3d6021691eb6a82de305e13a76e34ec2dbb7983986880a
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43af2aa1d560a3822f993fd5ea7a710cbfdb883af872c423a375ad95f5ebe1c5
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4da56999476a0550c62f0a269cda43474aaa0f7ba5c461cee58ac2af893bab90
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b
58550bfbd57abaa8f64bf8a14889e10a3726eaea36bf0c08a9f613fc29916c17
5993446c48c18adf7077df5ad327811f386261239693c889db7a0f2368c38347
59c709c3b953b4bbb1b4bebaa3092c08577304b9506ea8e56c0ac6a65289224d
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5f72695d5e0fde2f25944b48ada6d91cf2befd5285741b7767f8040b934206ab
602a48d8418dc75bc51795b3f33e2e49ee38d40c4a658723b0878f1c64a68265
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
69ae973a822fba162d3599a0c97a3267fb0d30111a116d832266705923b1db6c
69f2a0cdab9b7927578dc91f022683167c9e81e0852c0b26e0cb9177b7b44241
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
70118c761cd94bb75522b651eeaf62d2fe4e908d98b329c6037dcd72d4ce9afe
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
7482c9337e3af0147e674570b2372212212b79551a7bd9a665038280f0f35cc9
769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c
7a28283a9b717b42cd3970f0707475394e6c5b2a678f354bc25027d0cad00b17
7ccc354572f46ed4b26ffec17c24264cce720c1ebab7693af8e88032e46b6544
7efc89ac4db458d3a22b50571053c844d6f2ada30f441f3df27aaf990233f79a
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80517662352655810cd94d92070d02d75b231c2159cb5b92e6c9b6ceb1bea2d5
80c1a71b0825d5c2a91d238da77ede821f8df46b20974aa774f5bc03aefe6a45
8227c98e487f64f10143f209d9c28456ed437e4c1938df44d167ab5708ed200f
8408cb444438bb2b15ec0563ee4df596c661d038f4f0af22b0703aa4c2faaccb
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8835f150ccbfbbea9e5cf7bab74d0d2dab47411928e07ef496fe71cfd4677425
8a83479b3d7d46e2791bf97a3f2aeff203c1fdf67e54a737e5870049e9b90aa9
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dd5b0135ae3bbc47fbc4799f68b378426952a4b172527a3fa10386b4bc5735e
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
91671972ce9c24e77c33b2a915212d0d4deb537f9da095d0b671cda3803e6bbf
944fff7ec3d7c1b962e0dc98f56805ecb5dd99701f7c7860296e296091a74a3d
9612e9c2043adc2c4ca822988e78c18442e811aa4b0df7f37f4455ed086a44bd
985702cc838817c226167bf2081596a6b5fabbb42c3ddee39eacea7f2d27d690
99ebf6f970c9f2c4b831666c5677a6de4a4896db819fcfafcced097322836563
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a006e7b256245d4e89790993bddb163e4410f57c32fdaeef3a2ae3ea0b1efe01
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7ca43a0fa1db3eb376497ac34e321f9646bd136c33a2bbe906112e4e0f4d1d7
a7f956d6fb47d2b64be68785a2da0aa605dfd81d65ce4dff90216dd101d5ff38
a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13
ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205
ad013b769069b5b614772e168ecb8ba85919cc4a0b002677974ca09fa61d06dc
b00ab38b6c577e674590ab461d7a5c09a910a1d1680a62c334e9201d51f16c10
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f40f70b6a433d26b33fea99c33bd2b2dfc8ef6df708a063f91f1286e85f898
b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
b7e749c05c43d338e5cc69831a6d6c7e4fc4a7622d00f0e691ce372b82b03e01
b8909509c43ce8b934d04ae014693ff4725d3eb9189107736921dcdc0c5528f4
b9a42cb27417d2b87b8d5983655566731a38089d5e30735e9e931008ea59c634
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
ba68b1ac5a88f445afc8ed51db9c593b1b7d0531587b3a6af76e0f23b2cae065
bc1627bb5a3f6f3c3cf51ab01bc67a74a851bd203c51fa9210fe41ab096f56ad
bd1fbf0a32820cd5eaa136a0144b0b37e19c11b07642a21d73208e2855c798d6
bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309
be5e3dd4e11b17fec7bee50d1ba6c9c1804efeea9c1ff1bfd1a892c2d5fa9dfc
c0e71bd14f13c304e51c6bb7daef95a44d902a19a0a2ae06f33273b6c72b9439
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2c65fc17976241c7932b0ff1785dd729fcc5ece78273759a9a17302611c71c7
c3eb6cbe8707539a032552f3da5428f6e2d6fa419e445a10a1a93ca6deb40443
c4354046a5d53fda6976fa242f0a2cd17855d3fe225355797a628674a6b5138f
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c6077711ce3174050ccebe6559eb5f0e251942c2cad21900d1c3ef316065565b
c61e98b1180801c8daa549fb2b41697665091a4248cd75c1d971de27ae9dc42f
c7c64f5f91fab24648cb9728fb05e7dd8092749b557ad00bfde446f44115566b
c7f6468c8ac1542980b2d5f637fa933d7d00d2c6ff6690e34505d2aed0c0e23a
caeccc8f437755b14a601341f9a95c8e8675884042b2df670b81b04afad75de3
cb3354a147145129541ccc6fc2652fb83784a9be01f924f02d21ade8ddab389e
ccc73644afcea0862b8aec123ddee9e17c8a2cd8e82f8526e63700a5d4e4e3cf
cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
d7e024c6ca820b01d8e6fabf1f416154b5f7c337e4892cecd8e2078fd9cb397f
dcbc7a3c545f6f4587e0d31d09534d684f93a704f3fd5c5494172e144fb9e915
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856
df32404e6d01fe58aadda8d1d3d459314b6a2534f3fa979f980b6536f83c9905
e0b70a0f342b8f3eb5ba7787ecc51ff651e3b70114d07c96bb77270956a7a470
e329117bbdc12ee0649ed6654138a9ba8e600eaddf9138752631a50d236d135a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5118140a15e5dbb471f19c06816bcfa44170878bd8fe0ade80c24b7a988d8ba
e537bb0b81601eabcdc6dd4e2eb938917a7c6887765651882ec0ed5081c26c67
e82df9c163555b86425f1fa06923f32ccb6dcc1c98f17339f9d3d2decca86e0a
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
ea1ece673616b82840316d3236fc1a02a37f6eb1fcf653812c7117a3c11b315a
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ebcdd90f705f01c91da674e074106ae4459ca7c02767e6a1959b119279f30ced
ebef5f6a2c155457cc6be25fe8f2e8e4e38811aecf159fc41576f9475538819f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4c90b0ad1755b4eb30c42da08e2960f6203fdc4dbab86c4903e839855e3936e
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6cfe89b284e6a2100a86b8d6b0e52b76b85cc62622a40d63e929f328d883a6a
f8f02441e76ea02e785b7e75347c86dd9121ce45b92fbd8d6a6a9798ccf437d1
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

www.file-upload.in Open in urlscan Pro 2606:4700:3036::ac43:b1f7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

287 Requests

92 %HTTPS

58 %IPv6

41 Domains

57 Subdomains

48 IPs

9 Countries

7128 kBTransfer

12681 kBSize

38 Cookies

31 Outgoing links

Page URL History

Redirected requests

287 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.file-upload.in Open in urlscan Pro
2606:4700:3036::ac43:b1f7 Public Scan

Screenshot
Live screenshot

Full Image

287
Requests

92 %
HTTPS

58 %
IPv6

41
Domains

57
Subdomains

48
IPs

9
Countries

7128 kB
Transfer

12681 kB
Size

38
Cookies

287 HTTP transactions
6 data transactions