downfile.site Open in urlscan Pro
151.139.128.10  Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. http://megaurl.in/feV3fZ HTTP 301
   https://megaurl.in/feV3fZ HTTP 301
   https://downfile.site/?type=2&token=feV3fZ&salt=728afc04cab69f057429b643bb940745 HTTP 302
   https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Page URL
   

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 87

• https://www.google.com/pagead/drt/ui HTTP 302
• https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 88

• https://www.google.com/pagead/drt/ui HTTP 302
• https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 103

• https://rr1---sn-4g5e6nzl.googlevideo.com/videoplayback?expire=1642497134&ei=7hPmYfGcCIWc8gOVlrxg&ip=84.19.175.183&id=56083516c1176204&itag=18&source=youtube&requiressl=yes&mh=JA&mm=31&mn=sn-4g5e6nzl&ms=au&mv=m&mvi=1&pl=19&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=17.786&lmt=1637254083871293&mt=1642468131&txp=6210222&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAP_W0wj3K5aFaJLsGE8bSS5Y66um9LVrgRjwefeeK8j8AiEA3erxzY-NGAP3-DriCV7gmkOfC5Lwa6lDjbmnkNns4kw=&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhANEG296ppUgXuzjOfbu3UdPMMsxFx1wy9JPlckrjXt8RAiByD4iU4O7V9F8Wo_V265iKUZdkILFsXmMCfkiDt5xjzg==&cpn=d_EB-8bKjNWgDc7Y HTTP 302
• https://rr1---sn-4g5e6nzl.googlevideo.com/videoplayback?expire=1642497134&ei=7hPmYfGcCIWc8gOVlrxg&ip=84.19.175.183&id=56083516c1176204&itag=18&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=17.786&lmt=1637254083871293&txp=6210222&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAP_W0wj3K5aFaJLsGE8bSS5Y66um9LVrgRjwefeeK8j8AiEA3erxzY-NGAP3-DriCV7gmkOfC5Lwa6lDjbmnkNns4kw=&cpn=d_EB-8bKjNWgDc7Y&redirect_counter=1&rm=sn-4g5ed77e&req_id=dba856cfdc3636e2&cms_redirect=yes&ipbypass=yes&mh=JA&mip=2001:1b60:1010:2:1012:9644:de4a:9214&mm=31&mn=sn-4g5e6nzl&ms=au&mt=1642468125&mv=m&mvi=1&pl=36&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgO8NqoVcrwwxBVvsxX4Ggr_vtj7Gz3iVk-kGYKyapaHsCIDD2DtQhbO5JNgTlaUUQG2YCTclHLov5-cYwdO-musAF

Request Chain 150

• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIOMMFxIhFZYWDvRyyNIkHQ&google_cver=1

Request Chain 151

• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
• https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeYT7z-10mM5SnkZGKmBqAAA HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIOMMFxIhFZYWDvRyyNIkHQ&google_cver=1

Request Chain 152

• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
• https://ib.adnxs.com/setuid?entity=101&code=CAESEM387yR-OgsD_HO11JOGQjY&google_cver=1

Request Chain 153

• https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
• https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDM3MzI0NDk2NTk3Mzc5MTQxNw%3D%3D

Request Chain 162

• https://hal900016.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=8bd67c86ee&subid=&uid=23ed7ff387022c90&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNIan7hPmYYi3ONSorATVlJCgAbXN-YNXzN65q-UM8C4QASCT5ps3YJUCyAEJqQLO4HeQvCKzPqgDAaoE9gFP0DMOXSa1-5OJGIE4IjA01A6WnkeCkKWZsp_A4f4qoMQBlUHBK0Xn6QhVKkTVRUG3qP5elWy0W03tunSD6xC4I6vGUX4TipDSPtnsl-Gm1WT-fWVTf5DFqM-Hr2KurKIMa353bhU3bWWQK6KFcarQ8L5csJsFXIntssd3543TwGZ3QxNRi9XFF9LM9Lhh0wrG-mgSCRAqJu5sNsV39zamJnBySL3qSiohvhLfiXAp6MQfRQdWjTecsvoBZsLPP2eGNxiS03XgAraTi0qvDDtYh66kGOYpWmVuoGVZNZkBKGpRA-Sb_eD5svvmqGCzkCC4Db_4kszABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYH4AKAZgLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRorYXwBImsqkW1sUQHin94gQ%26sig%3DAOD64_1GmKNyYigc0njqN0GTiYxKblY48g%26client%3Dca-pub-1995021269147151%26dbm_c%3DAKAmf-Bj0qJsxLbes_K_899fzCltgsO4MHDYSLPtCkVhOhH_WdRdToXF3bKBxNWoITDVLpOev8s8F49PosfdBW0pDsDWrTW-6ATelT99TnHwM9reCfqLHQ6OHb7vXfHfT7H43hIZ4y8boKH7QzmgPhbU0kIndWZaZg%26cry%3D1%26dbm_d%3DAKAmf-Du5U2S1wxuwmYfZfku-njwlOl-l3f6kl-J1x6dp8b1QyzIeIk2VT1lEgPQIhWKZlak9wO8WOv2E1qdlupKyyMoQoSbnT6P34LWOjThpzHDu1L13uaIJb1-GaVijD-v4nSHHh-L2URobL3YkxjYLIQChTrJQFOMqeZwlNuCWH_aLXb3wmmIt_CHS_O1O8cvyWVHSf3VVqSGb9MyJu3o1CTFxdIe-Jr3M70_DGA0_bg74L9YOkmL7R5Ib1gIQNmwKcP4iD0tE1ikiztCvSX9ecgPPJdC-TqJW0t48o8RA3Eqxd1960lVJ96qA0Kd0JWT68XRfORgztFk-yJ6rrgwAKkPPpti9hAZboCHndhMMe3tjHiMlPCLRlPhEQO5craUDaFq5RZo4CMZmbvkEgYC5x9FRZT7bH1h-o56U4ViLqDPRoukmNQ9e26G_Kc0-rcZvEU5MFcPniTQ1aSc1BPzD7NU-klPUPC6WakF8cwhjGcKBDfm_3UrnP2zGDlDTbI1RGEEoPkH%26adurl%3D&documentReferer=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ancestorOrigins=https%3A%2F%2Fdownfile.site%2Chttps%3A%2F%2Fdownfile.site%2Chttps%3A%2F%2Fdownfile.site&random=9657018691955&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
• https://hal900016.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=8bd67c86ee&subid=&uid=23ed7ff387022c90&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNIan7hPmYYi3ONSorATVlJCgAbXN-YNXzN65q-UM8C4QASCT5ps3YJUCyAEJqQLO4HeQvCKzPqgDAaoE9gFP0DMOXSa1-5OJGIE4IjA01A6WnkeCkKWZsp_A4f4qoMQBlUHBK0Xn6QhVKkTVRUG3qP5elWy0W03tunSD6xC4I6vGUX4TipDSPtnsl-Gm1WT-fWVTf5DFqM-Hr2KurKIMa353bhU3bWWQK6KFcarQ8L5csJsFXIntssd3543TwGZ3QxNRi9XFF9LM9Lhh0wrG-mgSCRAqJu5sNsV39zamJnBySL3qSiohvhLfiXAp6MQfRQdWjTecsvoBZsLPP2eGNxiS03XgAraTi0qvDDtYh66kGOYpWmVuoGVZNZkBKGpRA-Sb_eD5svvmqGCzkCC4Db_4kszABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYH4AKAZgLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRorYXwBImsqkW1sUQHin94gQ%26sig%3DAOD64_1GmKNyYigc0njqN0GTiYxKblY48g%26client%3Dca-pub-1995021269147151%26dbm_c%3DAKAmf-Bj0qJsxLbes_K_899fzCltgsO4MHDYSLPtCkVhOhH_WdRdToXF3bKBxNWoITDVLpOev8s8F49PosfdBW0pDsDWrTW-6ATelT99TnHwM9reCfqLHQ6OHb7vXfHfT7H43hIZ4y8boKH7QzmgPhbU0kIndWZaZg%26cry%3D1%26dbm_d%3DAKAmf-Du5U2S1wxuwmYfZfku-njwlOl-l3f6kl-J1x6dp8b1QyzIeIk2VT1lEgPQIhWKZlak9wO8WOv2E1qdlupKyyMoQoSbnT6P34LWOjThpzHDu1L13uaIJb1-GaVijD-v4nSHHh-L2URobL3YkxjYLIQChTrJQFOMqeZwlNuCWH_aLXb3wmmIt_CHS_O1O8cvyWVHSf3VVqSGb9MyJu3o1CTFxdIe-Jr3M70_DGA0_bg74L9YOkmL7R5Ib1gIQNmwKcP4iD0tE1ikiztCvSX9ecgPPJdC-TqJW0t48o8RA3Eqxd1960lVJ96qA0Kd0JWT68XRfORgztFk-yJ6rrgwAKkPPpti9hAZboCHndhMMe3tjHiMlPCLRlPhEQO5craUDaFq5RZo4CMZmbvkEgYC5x9FRZT7bH1h-o56U4ViLqDPRoukmNQ9e26G_Kc0-rcZvEU5MFcPniTQ1aSc1BPzD7NU-klPUPC6WakF8cwhjGcKBDfm_3UrnP2zGDlDTbI1RGEEoPkH%26adurl%3D&documentReferer=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ancestorOrigins=https%3A%2F%2Fdownfile.site%2Chttps%3A%2F%2Fdownfile.site%2Chttps%3A%2F%2Fdownfile.site&random=9657018691955&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 174

• https://www.awin1.com/cshow.php?s=2846681&v=14098&q=409715&r=296283&pref1=45187100009834402179199011843027&pv=0 HTTP 302
• https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

Request Chain 176

• https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKdZkQhv1MXHRFw0vV8JQNEQQFmRwIfkYajddjGUS8qnBZFDNYubnXgHK53mPf1Eh0u5hHnAWSMMfXDPhcORnTlOS4Xbw&google_gid=CAESEPfqWUAlH6H1bEp-qy2msC4&google_cver=1 HTTP 302
• https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKdZkQhv1MXHRFw0vV8JQNEQQFmRwIfkYajddjGUS8qnBZFDNYubnXgHK53mPf1Eh0u5hHnAWSMMfXDPhcORnTlOS4Xbw&google_gid=CAESEPfqWUAlH6H1bEp-qy2msC4&google_cver=1&rd=Y HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAxMTgwMTEyMTYwMDAxMjg4MzA3NTkxOA%3D%3D&google_push=AYg5qPKdZkQhv1MXHRFw0vV8JQNEQQFmRwIfkYajddjGUS8qnBZFDNYubnXgHK53mPf1Eh0u5hHnAWSMMfXDPhcORnTlOS4Xbw

Request Chain 179

• https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOAQaPkzLp96lUQ3gHISzpY&google_cver=1&google_push=AYg5qPJvrlt761kquGbk041A5STjWIxwxGERfOcj6w9leYZ6Ua15AqWeM3uM5SW24-NaQISNVxx8ETfU9itvyLLQu4-mRIS1xQ HTTP 302
• https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOAQaPkzLp96lUQ3gHISzpY&google_cver=1&google_push=AYg5qPJvrlt761kquGbk041A5STjWIxwxGERfOcj6w9leYZ6Ua15AqWeM3uM5SW24-NaQISNVxx8ETfU9itvyLLQu4-mRIS1xQ&rdf=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Iz6fi7LES-KnJbpZMNBIhQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJvrlt761kquGbk041A5STjWIxwxGERfOcj6w9leYZ6Ua15AqWeM3uM5SW24-NaQISNVxx8ETfU9itvyLLQu4-mRIS1xQ

Request Chain 180

• https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENmJXFUOLNLefh7dJYRM2do&google_cver=1&google_push=AYg5qPKNBJUHko6PCcFWIJUPOxn6kr3K3c780-z5evGsCFbxa3w5RzEY9_hLOVaHiOnmbRXQdNR67KhhxseXHh3G6GNvt0fbuls HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lKRjhOOEktQi1HQjg4&google_push=AYg5qPKNBJUHko6PCcFWIJUPOxn6kr3K3c780-z5evGsCFbxa3w5RzEY9_hLOVaHiOnmbRXQdNR67KhhxseXHh3G6GNvt0fbuls

Request Chain 181

• https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1

Request Chain 214

• https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=67304878514.74898 HTTP 302
• https://8019191.fls.doubleclick.net/activityi;dc_pre=CKLd762PuvUCFWjUEQgdte4C0w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=67304878514.74898

Request Chain 219

• https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEClsBpBF6N4PqS0rStIf--Y&google_cver=1&google_push=AYg5qPJZm6pKHVP_DrsMtNrDqgTyza-sppdh0-yyGMVGmY_RjY8RV47tlOPqK7SXR91TvAuSAlY0uovejQZpcbYTx4CtzHWBqg HTTP 302
• https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJZm6pKHVP_DrsMtNrDqgTyza-sppdh0-yyGMVGmY_RjY8RV47tlOPqK7SXR91TvAuSAlY0uovejQZpcbYTx4CtzHWBqg&google_hm=9nMrUUvGnR2N3ch8LvUtKA

Request Chain 220

• https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLO46wO9udhpcr0kSetE2bFiGrcbmejix6-L61EwEGwFNKe8AsrDeUTzkdkGXjw1LZwO23uaL2OhoNa1dC0zemhsKO0JHs&google_gid=CAESEJo2V1RWnmn5iokdvyaGqyw&google_cver=1 HTTP 307
• https://id.rlcdn.com/1000.gif?memo=CK69HBoNCPCnmI8GEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMTzQ2d085dWRocGNyMGtTZXRFMmJGaUdyY2JtZWppeDYtTDYxRXdFR3dGTktlOEFzckRlVVR6a2RrR1hqdzFMWndPMjN1YUwyT2hvTmExZEMwemVtaHNLTzBKSHM HTTP 307
• https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwemZYckYyZjZwb0NpQm1VX0lJdUJVSFI1a2tySGFZanExdTlSQWczeUhpaw==&google_push

Request Chain 222

• https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOAQaPkzLp96lUQ3gHISzpY&google_cver=1&google_push=AYg5qPL0oZ1e9WoaV4ByKUR2KbYZJGq2GU-iusrGENgI6o1hO1QKCuuigirogUNTN7nVELRckkk-BqDV0McAmnYhkivomfW6-io HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Iz6fi7LES-KnJbpZMNBIhQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPL0oZ1e9WoaV4ByKUR2KbYZJGq2GU-iusrGENgI6o1hO1QKCuuigirogUNTN7nVELRckkk-BqDV0McAmnYhkivomfW6-io

Request Chain 223

• https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENmJXFUOLNLefh7dJYRM2do&google_cver=1&google_push=AYg5qPKSVEhNBcS7V1FJHHkM2Mhfl93EEeRh6ttKIIpMcmMAI4dXrU7xYNWvmDkyzkFXjl4f792E5LRJEIufQ-7Gq5iHCvOvagw HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lKRjhOREstMUEtNFNLNQ==&google_push=AYg5qPKSVEhNBcS7V1FJHHkM2Mhfl93EEeRh6ttKIIpMcmMAI4dXrU7xYNWvmDkyzkFXjl4f792E5LRJEIufQ-7Gq5iHCvOvagw

Request Chain 224

• https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74

246 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
7 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Redirect Chain http://megaurl.in/feV3fZ https://megaurl.in/feV3fZ https://downfile.site/?type=2&token=feV3fZ&salt=728afc04cab69f057429b643bb940745 https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/	28 KB 11 KB	1394ms 1394ms	Document text/html	151.139.128.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map3.hwcdn.net Software fbs / Resource Hash 61c8397b73442525767e0c51d43c63e036ede85b9dc3bb62582170cf5af33c85 Security Headers Name Value Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always X-Content-Type-Options "nosniff" always X-Xss-Protection "1; mode=block" always Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Tue, 18 Jan 2022 01:12:12 GMT cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 vary Accept-Encoding expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache x-pingback https://downfile.site/xmlrpc.php x-content-type-options "nosniff" always x-xss-protection "1; mode=block" always strict-transport-security "max-age=31536000; includeSubDomains; preload" always referrer-policy no-referrer-when-downgrade server fbs x-hw 1642468331.cds150.fr8.hn,1642468331.cds002.fr8.sc,1642468332.cdn2-wafbe03-fra1.stackpath.systems.-.wx,1642468332.cds002.fr8.p access-control-allow-origin * Redirect headers date Tue, 18 Jan 2022 01:12:11 GMT cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache location https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ x-content-type-options "nosniff" always x-xss-protection "1; mode=block" always strict-transport-security "max-age=31536000; includeSubDomains; preload" always referrer-policy no-referrer-when-downgrade server fbs x-hw 1642468329.cds150.fr8.hn,1642468329.cds131.fr8.sc,1642468331.cdn2-redis02-fra1.stackpath.systems.-.wx,1642468331.cds131.fr8.p access-control-allow-origin *
GET H2	200	bootstrap.min.css stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/	157 KB 24 KB	182ms 30ms	Stylesheet text/css	2606:4700::6812:acf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:12 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 565, 617, 617 age 949852 cdn-cachedat 2021-06-08 14:20:02 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 timing-allow-origin * access-control-allow-origin * last-modified Mon, 25 Jan 2021 22:04:10 GMT server cloudflare cdn-requestpullcode 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type text/css; charset=utf-8 cdn-cache HIT vary Accept-Encoding cache-control public, max-age=31919000 cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestid ea6515b14ff4971b2c5477efbe3e0e41 cf-ray 6cf3f427da404a92-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	jquery-3.5.1.min.js Show response code.jquery.com/	87 KB 30 KB	173ms 21ms	Script application/javascript	2001:4de0:ac18::1:a:1a HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.5.1.min.js Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:12 GMT content-encoding gzip last-modified Fri, 20 Aug 2021 17:47:53 GMT server nginx etag W/"611feac9-15d84" vary Accept-Encoding x-hw 1642468332.dop214.fr8.t,1642468332.cds216.fr8.hn,1642468332.cds142.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30879
GET H2	200	bootstrap.min.js Show response stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/	59 KB 16 KB	180ms 28ms	Script application/javascript	2606:4700::6812:acf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:12 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 601, 617 age 26009775 cdn-cachedat 2021-03-11 11:57:55 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 timing-allow-origin * access-control-allow-origin * last-modified Mon, 25 Jan 2021 22:04:10 GMT server cloudflare cdn-requestpullcode 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript; charset=utf-8 cdn-cache HIT vary Accept-Encoding cache-control public, max-age=31919000 cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestid b9429bde734751445055d30554680dc4 cf-ray 6cf3f427da414a92-FRA cdn-requestcountrycode DE cdn-requestpullsuccess True
GET H2	200	css fonts.googleapis.com/	3 KB 1 KB	179ms 27ms	Stylesheet text/css	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash c99361c0d8561c7d88a237009bac83ecc149fe6f1f91c52dde79b7841b584c40 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 18 Jan 2022 00:44:18 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 18 Jan 2022 01:12:12 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 18 Jan 2022 01:12:12 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	165 KB 62 KB	75ms 31ms	Script application/javascript	2a00:1450:4001:82a::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-03J0MMCWSE Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 8852a735df5740e045b05be43b172d033146956cea8d400863095e5b5906e1d1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:12 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 62539 x-xss-protection 0 expires Tue, 18 Jan 2022 01:12:12 GMT
GET H2	200	gpt.js Show response securepubads.g.doubleclick.net/tag/js/	78 KB 27 KB	81ms 33ms	Script text/javascript	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/tag/js/gpt.js Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software sffe / Resource Hash 37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:12 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 26979 x-xss-protection 0 server sffe etag "1105 / 192 of 1000 / last-modified: 1642206167" vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Tue, 18 Jan 2022 01:12:12 GMT
GET H2	200	logo-240x67.png megaurl.in/	24 KB 24 KB	21ms 20ms	Image image/png	151.139.128.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Show image Full URL https://megaurl.in/logo-240x67.png Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map3.hwcdn.net Software fbs / Resource Hash df5c2a22905bf2635262208bbf2f40fec13eadf69cca01580bcce51b8ff14a63 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:12 GMT referrer-policy no-referrer-when-downgrade last-modified Wed, 09 Sep 2020 20:05:26 GMT server fbs etag "5f593586-5f0b" strict-transport-security max-age=31536000 x-hw 1642468332.cds148.fr8.hn,1642468332.cds278.fr8.c content-type image/png access-control-allow-origin * cache-control max-age=2592000 accept-ranges bytes content-length 24331
GET H2	200	jquery.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/	86 KB 28 KB	65ms 26ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:12 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 2857794 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 27748 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:48 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec4-15851" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mUKgdIeXlYhd5nieGG39OALMT2p9AwnJ6SW1QsX6cQ4GzjiSA4Zfgov8kvagmcKYUH1i%2BGc5tfts%2BAi4tQ5hulzXFWFpe22eKNdWLG2gxqhq2WepP9oPWstGjyTXmJ8sSsjLYweQQeHKO6RHtqNKH%2Fqg"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6cf3f4285fe9431b-FRA expires Sun, 08 Jan 2023 01:12:12 GMT
GET H2	200	api.js Show response www.google.com/recaptcha/	884 B 998 B	74ms 29ms	Script text/javascript	2a00:1450:4001:82a::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js?render=6LfsoHgUAAAAAK6slwFhKNqvUmdsDTB8qM4T0vo5 Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 087d00114d426d14419bed3b0e22078d6d4ec83bb29a14ea73352579e3e9ed26 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:12 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin content-security-policy frame-ancestors 'self' alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 585 x-xss-protection 1; mode=block expires Tue, 18 Jan 2022 01:12:12 GMT
GET H2	403	eebc280df2dc6849b9b405d4d2fe907c.js enablecherrysail.com/ee/bc/28/	0 0	1063ms 125ms	Script application/javascript	192.243.59.13 ADVANCEDHOSTERS-AS
General Check archive.org Show headers Download Go to Full URL https://enablecherrysail.com/ee/bc/28/eebc280df2dc6849b9b405d4d2fe907c.js Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL), Reverse DNS Software nginx/1.17.6 / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers access-control-allow-origin * date Tue, 18 Jan 2022 01:12:13 GMT server nginx/1.17.6 content-type application/javascript content-length 0 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
GET H/1.1	200 OK	24489 Show response dualizefriskin.com/fPTL5EP0A0Py/	0 0	128ms 35ms	Script text/html	142.91.159.155 SERVERS-COM
General Check archive.org Show headers Download Go to Full URL https://dualizefriskin.com/fPTL5EP0A0Py/24489 Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_CBC Server 142.91.159.155 , Netherlands, ASN7979 (SERVERS-COM, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H2	200	wp-banners.js Show response downfile.site/	114 B 350 B	23ms 22ms	Script application/javascript	151.139.128.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://downfile.site/wp-banners.js Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map3.hwcdn.net Software fbs / Resource Hash f919e21a257ce4bf4d2b722f7bec14a3b77c6e55387396fda29916e819ab6bb4 Security Headers Name Value Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always X-Content-Type-Options "nosniff" always X-Xss-Protection "1; mode=block" always Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:12 GMT content-encoding gzip referrer-policy no-referrer-when-downgrade last-modified Fri, 22 Oct 2021 18:45:43 GMT server fbs etag "617306d7-72" strict-transport-security "max-age=31536000; includeSubDomains; preload" always x-hw 1642468332.cds150.fr8.hn,1642468332.cds262.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * x-xss-protection "1; mode=block" always cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800 accept-ranges bytes content-length 116 x-content-type-options "nosniff" always
GET H2	200	v2wyzCAcKjRmxtVMnataKimYPM35TsgPadfzCS_A-JiYYEp-9prcEkAd5cXLn6Xbp Show response expansioneggnog.com/	89 KB 27 KB	92ms 30ms	Script text/javascript	35.201.103.212 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://expansioneggnog.com/v2wyzCAcKjRmxtVMnataKimYPM35TsgPadfzCS_A-JiYYEp-9prcEkAd5cXLn6Xbp Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.103.212 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 212.103.201.35.bc.googleusercontent.com Software / Resource Hash 3d42ed51fcd2326f090d7175ee38cf889ed1e3522231d6d7a33654a41cb1e8b5 Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=15724800; preload content-encoding br x-datacenter gce-europe-west1 etag "958a0d608bdc4f80668a2bfeb967baa08322f7274601e5ad7bfe1e56246373ae" vary Accept-Encoding, Accept-Language x-hostname fen-hoothoot-europe-west1-spot-33r1 content-type text/javascript; charset=utf-8 cache-control private, must-revalidate, max-age=21600 date Tue, 18 Jan 2022 01:12:12 GMT timing-allow-origin *
GET H2	200	/ Show response downfile.site/sbbi/ Frame F615	25 KB 11 KB	27ms 27ms	Document text/html	151.139.128.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://downfile.site/sbbi/?sbbpg=sbbShell&gprid=Xk&sbbgs=h4102e34ab1369b7e536c56ecec6efa91775&ddl=2 Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map3.hwcdn.net Software fbs / Resource Hash 6268872c5f772b4ab6e5db66201b354f7cdd814ee8792e3abfe6773aac008d11 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers date Tue, 18 Jan 2022 01:12:12 GMT cache-control no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0 content-encoding gzip content-type text/html; charset=UTF-8 server fbs x-accel-expires 0 x-hw 1642468332.cds150.fr8.hn,1642468332.cds122.fr8.sc,1642468332.cdn2-wafbe01-fra1.stackpath.systems.-.i,1642468332.cds122.fr8.p access-control-allow-origin *
GET H2	200	/ downfile.site/sbbi/	43 B 260 B	25ms 25ms	Image image/gif	151.139.128.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Show image Full URL https://downfile.site/sbbi/?sbbpg=utMedia&vii=2ha4117002ce73440a2bc153f629ab876eb5e3d62c35d67eccaedc66ceef8ad9q1i7u7h5 Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map3.hwcdn.net Software fbs / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers access-control-allow-origin * x-accel-expires 0 date Tue, 18 Jan 2022 01:12:12 GMT cache-control no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0 server fbs x-hw 1642468332.cds150.fr8.hn,1642468332.cds122.fr8.sc,1642468332.cdn2-redis01-fra1.stackpath.systems.-.i,1642468332.cds122.fr8.p content-type image/gif
GET H2	200	memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 fonts.gstatic.com/s/opensans/v27/	16 KB 17 KB	61ms 17ms	Font font/woff2	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v27/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://downfile.site Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:44:20 GMT x-content-type-options nosniff age 300472 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 16692 x-xss-protection 0 last-modified Thu, 28 Oct 2021 00:32:10 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Sat, 14 Jan 2023 13:44:20 GMT
GET H2	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/	354 KB 140 KB	59ms 16ms	Script text/javascript	2a00:1450:4001:831::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js?render=6LfsoHgUAAAAAK6slwFhKNqvUmdsDTB8qM4T0vo5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 544b63f0d07b2a51e01e2ecc3986eb5d07838bb121c4f472f1178b7b94faf463 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Origin https://downfile.site Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 23:07:41 GMT content-encoding gzip x-content-type-options nosniff age 7472 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 143013 x-xss-protection 0 last-modified Mon, 10 Jan 2022 05:01:34 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Tue, 17 Jan 2023 23:07:41 GMT
GET H2	200	pubads_impl_2022011002.js Show response securepubads.g.doubleclick.net/gpt/	352 KB 118 KB	34ms 33ms	Script text/javascript	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software sffe / Resource Hash e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 00:51:58 GMT content-encoding gzip x-content-type-options nosniff age 1215 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 121009 x-xss-protection 0 last-modified Mon, 10 Jan 2022 21:10:00 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control public, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Wed, 18 Jan 2023 00:51:58 GMT
GET H3	200	ppub_config Show response securepubads.g.doubleclick.net/pagead/	92 B 108 B	59ms 24ms	XHR application/json	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=downfile.site Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software cafe / Resource Hash 132caf8dfb2483b77299a28d8d901e9d6a81396d3e1ed3ff0ec20ed62a5deeca Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Tue, 18 Jan 2022 01:12:13 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private, max-age=3600, stale-while-revalidate=3600 cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 83 x-xss-protection 0 expires Tue, 18 Jan 2022 01:12:13 GMT
POST H2	204	collect www.google-analytics.com/g/	0 345 B	66ms 23ms	Ping text/plain	2a00:1450:4001:82b::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/g/collect?v=2&tid=G-03J0MMCWSE&gtm=2oe1c0&_p=334571079&sr=1600x1200&ul=en-us&cid=1246905763.1642468333&_s=1&dl=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&dt=The%20Next%20Cyber%20Victim%20Could%20Be%20You&sid=1642468333&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-03J0MMCWSE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:13 GMT server Golfe2 content-type text/plain access-control-allow-origin https://downfile.site cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	integrator.js Show response adservice.google.de/adsid/	107 B 792 B	144ms 26ms	Script application/javascript	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=downfile.site Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Tue, 18 Jan 2022 01:12:13 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	107 B 549 B	142ms 25ms	Script application/javascript	2a00:1450:4001:830::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=downfile.site Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Tue, 18 Jan 2022 01:12:13 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/	343 KB 58 KB	833ms 832ms	XHR text/plain	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4142803584566598&correlator=3662785802469792&output=ldjh&impl=fifs&eid=31063706&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220118&iu_parts=22546396171%2CDownfile-300x250%2CDownfile-300x250-1%2CDownfile-336x280-1%2CDownfile-300x600-1%2CDownfile-970x250-1%2Cdownfile_sticky_ads_mobile%2CWeb_Interstitials_Code&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F7&prev_iu_szs=300x250%2C300x250%2C336x280%2C300x600%2C970x250%2C320x50%2C1x1%2C300x250%7C320x480%7C336x280&ists=2&fas=0%2C0%2C0%2C0%2C0%2C0%2C8%2C0&cookie_enabled=1&bc=31&abxe=1&lmt=1642468333&dt=1642468333407&dlt=1642468332598&idt=775&frm=20&biw=1600&bih=1200&oid=2&adxs=300%2C300%2C-9%2C300%2C300%2C-9%2C-9%2C-12245933&adys=1428%2C1100%2C-9%2C430%2C110%2C-9%2C-9%2C-12245933&adks=3963320156%2C1373975743%2C1556580811%2C2755071693%2C953638841%2C230778038%2C1996038355%2C365416648&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&vis=1&scr_x=0&scr_y=0&psz=1000x644%7C1000x644%7C0x-1%7C1000x2990%7C1000x2990%7C0x-1%7C0x-1%7C1600x3126&msz=1000x250%7C1000x250%7C0x-1%7C1000x600%7C1000x250%7C0x-1%7C0x-1%7C300x0&ga_vid=1246905763.1642468333&ga_sid=1642468333&ga_hid=334571079&ga_fc=true&fws=0%2C0%2C2%2C0%2C0%2C2%2C2%2C128&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&btvi=1%7C0%7C-1%7C0%7C0%7C-1%7C-1%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1 Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software cafe / Resource Hash 46a6f918ed85f7bef268e8bc95909cc4450be4863b6e7a11204ce2948f864abc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2,-2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 59210 x-xss-protection 0 google-lineitem-id -1,-1,-1,-1,-1,-1,5816993958,5816993958 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -1,-1,-1,-1,-1,-1,138368436812,138368488371 content-type text/plain; charset=UTF-8 access-control-allow-origin https://downfile.site access-control-expose-headers x-google-amp-ad-validated-version cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html Show response c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5CC8	6 KB 4 KB	115ms 24ms	Document text/html	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} timing-allow-origin * content-length 3108 date Tue, 18 Jan 2022 01:12:13 GMT expires Wed, 18 Jan 2023 01:12:13 GMT cache-control public, immutable, max-age=31536000 last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	pubads_impl_page_level_ads_2022011002.js Show response securepubads.g.doubleclick.net/gpt/	34 KB 13 KB	33ms 33ms	Script text/javascript	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022011002.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software sffe / Resource Hash 5132d372cb173a8a03581054f07b694cf11fbdce25ca75e0b9676abeecd101f0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 18:50:07 GMT content-encoding gzip x-content-type-options nosniff age 368526 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 12969 x-xss-protection 0 last-modified Mon, 10 Jan 2022 21:10:00 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control public, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Fri, 13 Jan 2023 18:50:07 GMT
POST H2	200	/ Show response downfile.site/sbbi/ Frame F615	516 B 485 B	29ms 29ms	Document text/html	151.139.128.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://downfile.site/sbbi/?sbbpg=sbbShell&gprid=Xk&sbbgs=h4102e34ab1369b7e536c56ecec6efa91775&ddl=2 Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map3.hwcdn.net Software fbs / Resource Hash d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b Request headers Upgrade-Insecure-Requests 1 Origin https://downfile.site Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/sbbi/?sbbpg=sbbShell&gprid=Xk&sbbgs=h4102e34ab1369b7e536c56ecec6efa91775&ddl=2 Response headers date Tue, 18 Jan 2022 01:12:13 GMT cache-control no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0 content-encoding gzip content-type text/html; charset=UTF-8 server fbs x-accel-expires 0 x-hw 1642468333.cds150.fr8.hn,1642468333.cds253.fr8.sc,1642468333.cdn2-wafbe03-fra1.stackpath.systems.-.i,1642468333.cds253.fr8.p access-control-allow-origin *
GET H2	200	/ Show response downfile.site/sbbi/ Frame F615	7 KB 3 KB	23ms 23ms	Document text/html	151.139.128.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://downfile.site/sbbi/?sbbpg=sbbShell&gprid=Xk Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map3.hwcdn.net Software fbs / Resource Hash 6296d2756b3afd752e1c422449f9aced3569e805d93c809752381ee4a794d6ac Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/sbbi/?sbbpg=sbbShell&gprid=Xk&sbbgs=h4102e34ab1369b7e536c56ecec6efa91775&ddl=2 Response headers date Tue, 18 Jan 2022 01:12:13 GMT cache-control no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0 content-encoding gzip content-type text/html; charset=UTF-8 server fbs x-accel-expires 0 x-hw 1642468333.cds150.fr8.hn,1642468333.cds122.fr8.sc,1642468333.cdn2-redis01-fra1.stackpath.systems.-.i,1642468333.cds122.fr8.p access-control-allow-origin *
GET H2	200	skeleton.gif static.adsafeprotected.com/	43 B 483 B	69ms 21ms	Image image/gif	2600:9000:224a:1e00:8:48e:53c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://static.adsafeprotected.com/skeleton.gif Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:224a:1e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 06 Aug 2021 16:14:35 GMT via 1.1 1b18b0df6149933160ee945c6867dc2c.cloudfront.net (CloudFront) age 14201859 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED content-length 43 last-modified Mon, 17 Aug 2020 23:55:15 GMT server AmazonS3 etag "45cf913e5d9d3c9b2058033056d3dd23" x-amz-version-id iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja cache-control max-age=315360000 x-amz-cf-pop DUS51-P1 accept-ranges bytes content-type image/gif x-amz-cf-id XfKN3FZ6xMSG_c4GKZjrhAJzuarZZ8aLFlYVb3hfc0CkvbWEHogmQw==
GET H3	200	anchor Show response www.google.com/recaptcha/api2/ Frame C0D9	39 KB 20 KB	63ms 36ms	Document text/html	2a00:1450:4001:82a::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfsoHgUAAAAAK6slwFhKNqvUmdsDTB8qM4T0vo5&co=aHR0cHM6Ly9kb3duZmlsZS5zaXRlOjQ0Mw..&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=invisible&cb=3xgy1cp5wmyz Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__de.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash b006b96c731c315a5126fa5829c71fdc5cf99177f600cfa9b391b0101f360728 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-nUXBPt7JMA/CSz2LFI3wiw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers cross-origin-resource-policy cross-origin cross-origin-embedder-policy require-corp report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/html; charset=utf-8 cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Tue, 18 Jan 2022 01:12:13 GMT content-security-policy script-src 'report-sample' 'nonce-nUXBPt7JMA/CSz2LFI3wiw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 20282 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	styles__ltr.css www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame C0D9	51 KB 24 KB	42ms 17ms	Stylesheet text/css	2a00:1450:4001:831::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfsoHgUAAAAAK6slwFhKNqvUmdsDTB8qM4T0vo5&co=aHR0cHM6Ly9kb3duZmlsZS5zaXRlOjQ0Mw..&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=invisible&cb=3xgy1cp5wmyz Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 16:59:00 GMT content-encoding gzip x-content-type-options nosniff age 29594 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 24237 x-xss-protection 0 last-modified Mon, 10 Jan 2022 05:01:34 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/css cache-control public, max-age=31536000 accept-ranges bytes expires Tue, 17 Jan 2023 16:59:00 GMT
GET H3	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame C0D9	354 KB 140 KB	51ms 26ms	Script text/javascript	2a00:1450:4001:831::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfsoHgUAAAAAK6slwFhKNqvUmdsDTB8qM4T0vo5&co=aHR0cHM6Ly9kb3duZmlsZS5zaXRlOjQ0Mw..&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=invisible&cb=3xgy1cp5wmyz Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 544b63f0d07b2a51e01e2ecc3986eb5d07838bb121c4f472f1178b7b94faf463 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 23:07:41 GMT content-encoding gzip x-content-type-options nosniff age 7473 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 143013 x-xss-protection 0 last-modified Mon, 10 Jan 2022 05:01:34 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Tue, 17 Jan 2023 23:07:41 GMT
GET H3	200	logo_48.png www.gstatic.com/recaptcha/api2/ Frame C0D9	2 KB 2 KB	23ms 22ms	Image image/png	2a00:1450:4001:831::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/recaptcha/api2/logo_48.png Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 12 Jan 2022 03:05:30 GMT x-content-type-options nosniff age 511604 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2228 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cross-origin-opener-policy-report-only same-origin-allow-popups; report-to="recaptcha" expires Wed, 19 Jan 2022 03:05:30 GMT
GET H3	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v18/ Frame C0D9	15 KB 15 KB	62ms 29ms	Font font/woff2	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfsoHgUAAAAAK6slwFhKNqvUmdsDTB8qM4T0vo5&co=aHR0cHM6Ly9kb3duZmlsZS5zaXRlOjQ0Mw..&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=invisible&cb=3xgy1cp5wmyz Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.google.com/ Origin https://www.google.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 11 Jan 2022 17:06:41 GMT x-content-type-options nosniff age 547533 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15344 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:32:55 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 11 Jan 2023 17:06:41 GMT
GET H3	200	KFOlCnqEu92Fr1MmEU9fBBc4.woff2 fonts.gstatic.com/s/roboto/v18/ Frame C0D9	15 KB 15 KB	71ms 38ms	Font font/woff2	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfsoHgUAAAAAK6slwFhKNqvUmdsDTB8qM4T0vo5&co=aHR0cHM6Ly9kb3duZmlsZS5zaXRlOjQ0Mw..&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=invisible&cb=3xgy1cp5wmyz Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.google.com/ Origin https://www.google.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 11 Jan 2022 14:17:54 GMT x-content-type-options nosniff age 557660 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15552 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:33:02 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 11 Jan 2023 14:17:54 GMT
GET H3	200	webworker.js www.google.com/recaptcha/api2/ Frame C0D9	102 B 133 B	36ms 36ms	Other text/javascript	2a00:1450:4001:82a::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfsoHgUAAAAAK6slwFhKNqvUmdsDTB8qM4T0vo5&co=aHR0cHM6Ly9kb3duZmlsZS5zaXRlOjQ0Mw..&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=invisible&cb=3xgy1cp5wmyz Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash e671437dbdfea29e6d58d838049e22ef37097277eb96cb7d87eb08c90bfe035a Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfsoHgUAAAAAK6slwFhKNqvUmdsDTB8qM4T0vo5&co=aHR0cHM6Ly9kb3duZmlsZS5zaXRlOjQ0Mw..&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=invisible&cb=3xgy1cp5wmyz User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff server GSE cross-origin-embedder-policy require-corp x-frame-options SAMEORIGIN report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 content-security-policy frame-ancestors 'self' alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 111 x-xss-protection 1; mode=block expires Tue, 18 Jan 2022 01:12:14 GMT
GET H2	200	sodar Show response pagead2.googlesyndication.com/getconfig/	11 KB 9 KB	83ms 31ms	XHR application/json	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ca35d92f5356b5e396cd996a7ba07c66076a46a5897911f1e012888db1c3fcc3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8730 x-xss-protection 0
POST H3	200	reload Show response www.google.com/recaptcha/api2/ Frame C0D9	29 KB 16 KB	56ms 56ms	XHR application/json	2a00:1450:4001:82a::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/reload?k=6LfsoHgUAAAAAK6slwFhKNqvUmdsDTB8qM4T0vo5 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__de.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash d5b7efb5ea490df4e90ac1ef33304884d2fc4a920e57b1b93178bdea89ec73c4 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfsoHgUAAAAAK6slwFhKNqvUmdsDTB8qM4T0vo5&co=aHR0cHM6Ly9kb3duZmlsZS5zaXRlOjQ0Mw..&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=invisible&cb=3xgy1cp5wmyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-protobuffer Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type application/json; charset=utf-8 cache-control private, max-age=0 content-security-policy frame-ancestors 'self' alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 16372 x-xss-protection 1; mode=block expires Tue, 18 Jan 2022 01:12:14 GMT
GET H3	200	container.html Show response c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A174	6 KB 3 KB	42ms 17ms	Document text/html	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} timing-allow-origin * content-length 3108 x-content-type-options nosniff server sffe x-xss-protection 0 date Tue, 18 Jan 2022 01:12:13 GMT expires Wed, 18 Jan 2023 01:12:13 GMT cache-control public, immutable, max-age=31536000 last-modified Tue, 02 Mar 2021 20:17:03 GMT content-type text/html age 1 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 7 KB	122ms 69ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6386 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" etag "1637097310169751" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 18 Jan 2022 01:12:14 GMT
GET H2	200	amp4ads-v0.mjs Show response cdn.ampproject.org/rtv/012111152338000/ Frame 502F	190 KB 55 KB	77ms 29ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012111152338000/amp4ads-v0.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 14b52d5e44212b22f6de0be5caeeb5bba561a29fd91bf6076bf1ad6d45ecae6f Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff age 137681 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 55581 x-xss-protection 0 server sffe date Sun, 16 Jan 2022 10:57:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=31536000 etag "8559bae154d80579" accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Mon, 16 Jan 2023 10:57:33 GMT
GET H2	200	amp-ad-exit-0.1.mjs Show response cdn.ampproject.org/rtv/012111152338000/v0/ Frame 502F	13 KB 5 KB	129ms 81ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012111152338000/v0/amp-ad-exit-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4e46e56dce46d21c527e164d6749fb5ff0101f400aede06a8711196da9e5c619 Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff age 137681 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4994 x-xss-protection 0 server sffe date Sun, 16 Jan 2022 10:57:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=31536000 etag "b314c3eb801664ba" accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Mon, 16 Jan 2023 10:57:33 GMT
GET H2	200	amp-analytics-0.1.mjs Show response cdn.ampproject.org/rtv/012111152338000/v0/ Frame 502F	89 KB 28 KB	133ms 86ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012111152338000/v0/amp-analytics-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 279249ed963fcd87e6321b024c0194248dd1b44af5353e134071cdfff953967b Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff age 137681 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28443 x-xss-protection 0 server sffe date Sun, 16 Jan 2022 10:57:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=31536000 etag "976e6f5df80f4e35" accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Mon, 16 Jan 2023 10:57:33 GMT
GET H2	200	amp-fit-text-0.1.mjs Show response cdn.ampproject.org/rtv/012111152338000/v0/ Frame 502F	5 KB 2 KB	132ms 85ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012111152338000/v0/amp-fit-text-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 63697d88ab7b6e34e76e5990b867c706cb4346c27ec1c5a034c4d91dfb136778 Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff age 137681 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1727 x-xss-protection 0 server sffe date Sun, 16 Jan 2022 10:57:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=31536000 etag "423ab13fb6ff63c9" accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Mon, 16 Jan 2023 10:57:33 GMT
GET H2	200	amp-form-0.1.mjs Show response cdn.ampproject.org/rtv/012111152338000/v0/ Frame 502F	40 KB 13 KB	135ms 88ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012111152338000/v0/amp-form-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ffd015b1bb0125d07c39cbfcdee6a8e2b604b55ea1936cf550fe1f9fbdbf2ae4 Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff age 137681 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 12843 x-xss-protection 0 server sffe date Sun, 16 Jan 2022 10:57:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=31536000 etag "08cf721d9e54e414" accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Mon, 16 Jan 2023 10:57:33 GMT
GET DATA	200 OK	truncated / Frame 502F	217 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b01065dcabb2bfffa8e264b204f88148b586e27e60d380757fcbc58ce8f00c59 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET H3	200	container.html Show response c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8EC6	6 KB 3 KB	17ms 16ms	Document text/html	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} timing-allow-origin * content-length 3108 x-content-type-options nosniff server sffe x-xss-protection 0 date Tue, 18 Jan 2022 01:12:13 GMT expires Wed, 18 Jan 2023 01:12:13 GMT cache-control public, immutable, max-age=31536000 last-modified Tue, 02 Mar 2021 20:17:03 GMT content-type text/html age 1 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	amp4ads-v0.mjs Show response cdn.ampproject.org/rtv/012111152338000/ Frame B022	190 KB 54 KB	84ms 50ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012111152338000/amp4ads-v0.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 14b52d5e44212b22f6de0be5caeeb5bba561a29fd91bf6076bf1ad6d45ecae6f Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff age 137681 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 55581 x-xss-protection 0 server sffe date Sun, 16 Jan 2022 10:57:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=31536000 etag "8559bae154d80579" accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Mon, 16 Jan 2023 10:57:33 GMT
GET H2	200	amp-ad-exit-0.1.mjs Show response cdn.ampproject.org/rtv/012111152338000/v0/ Frame B022	13 KB 5 KB	74ms 73ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012111152338000/v0/amp-ad-exit-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4e46e56dce46d21c527e164d6749fb5ff0101f400aede06a8711196da9e5c619 Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff age 137681 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4994 x-xss-protection 0 server sffe date Sun, 16 Jan 2022 10:57:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=31536000 etag "b314c3eb801664ba" accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Mon, 16 Jan 2023 10:57:33 GMT
GET H2	200	amp-analytics-0.1.mjs Show response cdn.ampproject.org/rtv/012111152338000/v0/ Frame B022	89 KB 28 KB	77ms 76ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012111152338000/v0/amp-analytics-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 279249ed963fcd87e6321b024c0194248dd1b44af5353e134071cdfff953967b Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff age 137681 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28443 x-xss-protection 0 server sffe date Sun, 16 Jan 2022 10:57:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=31536000 etag "976e6f5df80f4e35" accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Mon, 16 Jan 2023 10:57:33 GMT
GET H2	200	amp-fit-text-0.1.mjs Show response cdn.ampproject.org/rtv/012111152338000/v0/ Frame B022	5 KB 2 KB	83ms 83ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012111152338000/v0/amp-fit-text-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 63697d88ab7b6e34e76e5990b867c706cb4346c27ec1c5a034c4d91dfb136778 Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff age 137681 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1727 x-xss-protection 0 server sffe date Sun, 16 Jan 2022 10:57:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=31536000 etag "423ab13fb6ff63c9" accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Mon, 16 Jan 2023 10:57:33 GMT
GET H2	200	amp-form-0.1.mjs Show response cdn.ampproject.org/rtv/012111152338000/v0/ Frame B022	40 KB 13 KB	84ms 83ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012111152338000/v0/amp-form-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ffd015b1bb0125d07c39cbfcdee6a8e2b604b55ea1936cf550fe1f9fbdbf2ae4 Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff age 137681 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 12843 x-xss-protection 0 server sffe date Sun, 16 Jan 2022 10:57:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=31536000 etag "08cf721d9e54e414" accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Mon, 16 Jan 2023 10:57:33 GMT
GET DATA	200 OK	truncated / Frame B022	214 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ef5527eb77221a4dd86a429c408ead829bff8bf63a59f5c1568434e61043ddaa Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET H3	200	css2 fonts.googleapis.com/ Frame B841	4 KB 634 B	64ms 29ms	Stylesheet text/css	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 18 Jan 2022 00:48:31 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 18 Jan 2022 01:12:14 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 18 Jan 2022 01:12:14 GMT
GET H2	200	interstitial_ad_frame_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20220112/r20110914/elements/html/ Frame B841	18 KB 8 KB	29ms 29ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/elements/html/interstitial_ad_frame_fy2019.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash d49e447ea7189c83a39404fab2b4c9323ecf38b36c0b78996376f2c5d9125b0c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 23:34:39 GMT content-encoding gzip x-content-type-options nosniff age 5855 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8089 x-xss-protection 0 server cafe etag 17106604058346595485 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 31 Jan 2022 23:34:39 GMT
GET H3	200	view securepubads.g.doubleclick.net/pcs/ Frame 9E52	0 0	63ms 62ms	Fetch image/gif	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuLxisH6SPHiyacfGh_70MpNsXJebUFdqGQ2bBKf6slfPUm-XpT4EPINt4dgsln9dCNlye78sp95UTk7cwxabhOKAJ9foY3wnciAxhtjMo2EQYf0WgjkP6b9SEa9HjuA4FNs8mewBJzWAOK7AtI3_En3x4lbEZhSHXquF23g8RoLl0Ede4dFGqTp3VWk6CdPLpzTSksQWFbQg0s-YkI1RO0HsXYWZxU7na6ha8MWCJCBD4G-9iwy9o0jHDYCY-dnBWl-ugpdsXxueFCfTSs8PJNkDPzl9GeVLr1sSNn8MsCnBmq7GjJsrZu-k1cXkljspp6QZE&sai=AMfl-YTA2EtCjWS1vpCg0VUSzymwmGVdh0NM33-LY3gU6YwhuSzyJQpEsIDNuAvuZLJVtw4uWqn7oh14MbTfCemzk0mrLN4PIRE8UcyckVFSTnXHK8ulAsbhEqaX_pmydJU&sig=Cg0ArKJSzFclxBGqWJ1zEAE&uach_m=[UACH]&urlfix=1&adurl= Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Tue, 18 Jan 2022 01:12:14 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe expires Tue, 18 Jan 2022 01:12:14 GMT
GET H3	200	adsbygoogle.js Show response pagead2.googlesyndication.com/pagead/js/ Frame 9E52	146 KB 51 KB	76ms 42ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1995021269147151 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 67626dec91235ef07d1eade465ea8c3cab9a1bc3f134a1f29046fe5ae3fd3759 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Origin https://downfile.site Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 51974 x-xss-protection 0 server cafe etag 6032902938192663318 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=3600 timing-allow-origin * expires Tue, 18 Jan 2022 01:12:14 GMT
GET H2	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 9E52	121 KB 38 KB	140ms 49ms	Script text/javascript	2a00:1450:4001:811::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37895 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1641990413359145" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 18 Jan 2022 01:12:14 GMT
GET H2	200	3699156102500658176 tpc.googlesyndication.com/simgad/ Frame 502F	41 KB 42 KB	31ms 30ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/simgad/3699156102500658176?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm1pfZs677pOpXBSGbOtuOHDSWJDw Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 85f120246db09aee8a0280151f7fa0d0ff61d50e1da639fa2493e13ef0fb87ba Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 21:18:20 GMT x-content-type-options nosniff age 14034 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42440 x-xss-protection 0 last-modified Mon, 17 Jan 2022 13:35:45 GMT server sffe report-to {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="content-ads-owners" expires Tue, 17 Jan 2023 21:18:20 GMT
GET H2	200	en.png tpc.googlesyndication.com/pagead/images/adchoices/ Frame 502F	2 KB 3 KB	57ms 56ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/pagead/images/adchoices/en.png Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 09:41:38 GMT x-content-type-options nosniff server cafe age 55836 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" etag 14819457070020093239 vary Accept-Encoding content-type image/png cache-control public, max-age=86400 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2502 x-xss-protection 0 expires Tue, 18 Jan 2022 09:41:38 GMT
GET H2	200	icon.png tpc.googlesyndication.com/pagead/images/adchoices/ Frame 502F	295 B 424 B	30ms 29ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 09:53:05 GMT x-content-type-options nosniff server cafe age 55149 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" etag 426692510519060060 vary Accept-Encoding content-type image/png cache-control public, max-age=86400 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 295 x-xss-protection 0 expires Tue, 18 Jan 2022 09:53:05 GMT
GET H3	204	l www.google.com/ads/measurement/ Frame 502F	0 0	34ms 33ms	Image text/html	2a00:1450:4001:82a::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/measurement/l?ebcid=ALh7CaT1yCzdbSuYaPcu93OuWDXKPsnmhgER4gJqtzVTqq11rlntYhuAkcHpTIEIZA_RUIUD3q4QcLbygCkCANEw34lvvhjHiA Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H3	200	adview securepubads.g.doubleclick.net/pagead/ Frame 502F	0 0	64ms 63ms	Image text/html	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://securepubads.g.doubleclick.net/pagead/adview?ai=CJtG_7RPmYY3wHI-Q3gPU0baABtzY1e5nt5G_8qgP746Xs5ErEAEgk-abN2CVypGCoAegAemA-9QDyAECqQIo2bAy1JKEPuACAKgDAcgDCKoEtwJP0NRvQwviTmVOqo0tMq_CvPYDYvFfgN7i1A34Pvg9SgGXUHXW1TsXyBsgPlse0wIHnCrIUexEb-E92BcVOwEQVMJK4SVO5Xh_mDfp9GuSLgxHhbo3ISKA1aBCWMXJYzTijbB30h1cPrjVSXJ7wbVxolTIm_6mjs1mvCToH5Ez4ybnNOvK5X3nnBJU5AV9V3Urj0KhDA8EDCcFXR6zrMIMYMTQ9owdo37MnfLgqNDlYiyQb-fvGWDGviX9yW_h3KviFW8WIQivllfd6Ml6dMeAsHVUldQ6iQtcl245AAG2cs0N94J7sUVM2PQfucsuXeFcGBLqK8-nubzbNrm4JZt8nem6fKFMW0KwFdicipSN8d7zxqS3ZK9RuEd9cP_OxMA8No14aBXVZUdsvlCxc_V9OYd_8jRrXMAEpOaYl_cD4AQBkgUECAQYAZIFBAgFGASgBgKAB__-hCuoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBC9hAPSCAkIiOGAEBABGB2ACgHICwHYEwLQFQGYFgGAFwGyFx4KHAgAEhRwdWItMTk5NTAyMTI2OTE0NzE1MRiJlH8&sigh=ZjHLvUyFY80&uach_m=[UACH]&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness) Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H2	200	1410823336305801935 tpc.googlesyndication.com/simgad/ Frame B022	15 KB 15 KB	58ms 57ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/simgad/1410823336305801935?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qns0PklhnWfG5IMoyxMDHL-xc7qKg Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 261af39cc47ad68a7be0f5a67a37bf8a5390fa86d9d2cb3d69679639f4d971d2 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 04:16:21 GMT x-content-type-options nosniff age 334553 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15651 x-xss-protection 0 last-modified Wed, 06 Oct 2021 15:11:39 GMT server sffe report-to {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="content-ads-owners" expires Sat, 14 Jan 2023 04:16:21 GMT
GET H2	200	en.png tpc.googlesyndication.com/pagead/images/adchoices/ Frame B022	2 KB 3 KB	56ms 55ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/pagead/images/adchoices/en.png Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 09:41:38 GMT x-content-type-options nosniff server cafe age 55836 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" etag 14819457070020093239 vary Accept-Encoding content-type image/png cache-control public, max-age=86400 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2502 x-xss-protection 0 expires Tue, 18 Jan 2022 09:41:38 GMT
GET H2	200	icon.png tpc.googlesyndication.com/pagead/images/adchoices/ Frame B022	295 B 353 B	57ms 56ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 09:53:05 GMT x-content-type-options nosniff server cafe age 55149 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" etag 426692510519060060 vary Accept-Encoding content-type image/png cache-control public, max-age=86400 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 295 x-xss-protection 0 expires Tue, 18 Jan 2022 09:53:05 GMT
GET H3	204	l www.google.com/ads/measurement/ Frame B022	0 0	33ms 33ms	Image text/html	2a00:1450:4001:82a::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/measurement/l?ebcid=ALh7CaRxeHT5Y9TRDmcbkQjt-Yegg-GSDMib7yvHP_2s_pjScKI03sqdih0AfUASaGWz5wCUxIsonT53bW8xWLlcvBN7I4zwrw Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H3	200	adview securepubads.g.doubleclick.net/pagead/ Frame B022	0 0	64ms 63ms	Image text/html	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://securepubads.g.doubleclick.net/pagead/adview?ai=CX7YZ7RPmYZDwHI-Q3gPU0baABp7l7Mtmv-itg9AO6eD22NopEAEgk-abN2CVypGCoAegAZWbtI4DyAEC4AIAqAMByAMIqgSzAk_QHCR1Yu3Xl70T5kPObFG-x8engIOJBveIz2UnLkGRgNL5ZaTFlEMSZRJ4qGyFwbARcpEQfxK7PmsTttVh0MQ6juo8VXDC5wfnIpURlc9_OYbifg422P6CXKFJJVtS_mFKynyHld8XQ4AmgVrxYJDVQpetFHyn0gdbRMIohPqYmb13IBP0K4Qbrp64ylMLo5k5Xb7rCBW7wHu1nskkaPSY_0ZDzVE-kjr98QfbaHpqqShJfL46Az5XbGPfPq8ryLHNDBd5c9PoHyKUXbb4eJR6tayzFwF3VZ74aZohBuh9RV5RERL2ybtI8iPvazMT7xvnLy3BZ3fSfBC7hrR0eVy1zeN8Kec8v1GKnIOz_OCocmS47qY9ddPPy9vpFkfbqHTEiJYEToBpAW7PmL6ofTXzmKbABIPcy4zyA-AEAZIFBAgEGAGSBQQIBRgEoAYCgAfT5MtxqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ-bsE0ggJCIjhgBAQARgdgAoByAsB2BMN0BUBmBYBgBcBshceChwIABIUcHViLTE5OTUwMjEyNjkxNDcxNTEYiZR_&sigh=0mPBqrzz83s&uach_m=[UACH]&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness) Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
POST H2	200	v2hdg-LU5a5Zmw14H2atK2Mtm6C0VvJoHN40_fL8Ei4TA2xr3LG5i7X6z5UNHxJdMzIuAg1uyBsAue-gmTA Show response expansioneggnog.com/	209 B 623 B	84ms 27ms	Fetch application/json	35.201.103.212 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://expansioneggnog.com/v2hdg-LU5a5Zmw14H2atK2Mtm6C0VvJoHN40_fL8Ei4TA2xr3LG5i7X6z5UNHxJdMzIuAg1uyBsAue-gmTA Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.103.212 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 212.103.201.35.bc.googleusercontent.com Software / Resource Hash 27f0b9a8aad13036907e71c328ce6e3f07c25f9562880403eeecc6263d451b85 Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers strict-transport-security max-age=15724800; preload x-datacenter gce-europe-west1 date Tue, 18 Jan 2022 01:12:14 GMT vary Accept-Encoding, Origin access-control-allow-methods POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://downfile.site cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true x-hostname fen-hoothoot-europe-west1-spot-33r1 timing-allow-origin * access-control-allow-headers DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie content-length 209 expires Tue, 18 Jan 2022 01:12:13 GMT
GET H3	200	adview securepubads.g.doubleclick.net/pagead/ Frame A174	0 0	73ms 71ms	Fetch text/html	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/adview?ai=CrKzB7RPmYYzwHI-Q3gPU0baABs-HjptcwIbZgsYCwI23ARABIABglcqRgqAHggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQngAgCoAwHIAwKqBKoCT9DrXlu2Z_zrNLtkU3Yd4tyur5sHYzpi1T_wvm0xrIA7DqgaFuBHVtYKd9MQf_2GhqgzXpdF12NefqQPPYY-jpW8k6jEAu4QFfzhn2H6IcmhjbcEfp8vd3fGsxPf-IaMtqvXoggjq_hyn9EyaE9E7Mn06hNG6yG5bW8YUG68YHbp5zaiwEHBANsw1dEZm8no5TU3e7v3fG937EHbzrTYJ4nWNCqpZFT7uyMONQM4qLKbQ5RLMPeheHole65_JjXjAkfkWVD7O6LSK6RWkx7YofUK4ObMPES5BBveH7yqDWsXqN3jptRmCDPj_jxNGuuHLt4ZgEjEMXB8CjedScl75gVIlNrTIzwFk2hwKhj_Bt0kqSY_JpnVNJ0pnPPj7tnsuKrKFerNXxuY7OAEAYAGjrOGxcf-qfKqAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTE5OTUwMjEyNjkxNDcxNTEYiZR_&sigh=kvCRuO8JtOk&uach_m=[UACH]&cid=CAQSPgCNIrLMIC7Ccfl6B8ZxtSEECDDt8ofaWgD91P_LEpKsFCX4QjCwyd_8s3jgkDpIf1Vl92aK8EdvFXs4sbD9GAE&tpd=AGWhJmuSIeA3L5Oga2grt-AzUFuRyyfS0GKqdnq5Ho0SCrhq2vmvgWyNVnBFyb46xRkAuuI2-Ld8Qe33r-68fyMi12aJ1_heJCavmsvYCBSwrTZnd4Wbl7WcvBYWVh8QuN5xCEcgqWZYCQwWjeDZxRnhvPXw09BZaQw3Ur_XZ5BSXCgeETO7SZSt2SMFbV51mmvzgPB8uSjHI0afYxdb72KKjp3vUyG8jKVXjuCeAIURkp0wleLUK99uCldBVk40Q_4WRM6pDTMHtwT_reNVxd7hqlAcZICOkP9bpbTS_pYYuiwsfm2iPrjDxgDuIgcgxlSw4nQSyyzeHhlvVV-ezfQanF3xPnSkVsp-0ioKomO8APBpoKVio2IiC0GYKPT7CDxoAUwZBWk3m_GC4i31WIcV3JvIKCLlWfJzslcqU31L2OmJanYKEougxxcYw3iYO9eHrTdaz40SJohSP72ipDyCrZrGbBMI0cTho7ud3DBPIIxVtF7ajQ9xQVwN3y6l5wL1Vlkda8CEiq-jwiHlxWM-Ab20HKLzJJQIYMDCmIwnRhuJ1eo5TAjj1hUVc5NkysD2ZRA_XwcJUW3a1XPfAsBRR0ucWatbbbgFkYf8K2YKFeu5x5y4sFua9VkIwhrU3Hnf0ddVwDdujYCJs3z6Tr2nSq-qTWcXe4NWWt2KAgJD5RjZGqa_SBL1k6OaqNFMbSJp3R6iRyp-6TW3H9n-JzF-9LYhxszzoA5bydjwlDbbuyZGzhQKdUUsKUtyLae794abq14VoTls3zdu961862KV_NomGm25pWNj9LRgI9UkjMj7QUpJlXQRz7n1tslzwSLUhD6VlQeYn8ttDaRT3Xlrg1SisxCb5J6wiVIN-W1RPr6t-tdpxvlampJPg_he8bd3_lLu71HykrwUf03FD4YxIemGMty9RwLsuGrzEYPbKHwXXLhdlsmcPduvwPHoS8HPk6Kau4KDzh9UzT4Lum2rG14QwREk4n6iLpV41alpPlGPEw2JchWpi7PInkGshV-C5J6OlW60H8NzSJ1h-BGotSIdZuJpkdQQWR_khxl1py4vIFhc4nkZcgXAJP8ZP1g0mImYpKhYVe9sd0ZF3RWnBA Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H/1.1	200 OK	js Show response tags.mathtag.com/notify/ Frame A174	3 KB 2 KB	127ms 49ms	Script application/x-javascript	185.29.134.245 MEDIAMATH-INC
General Check archive.org Show headers Download Go to Full URL https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT1dKbU1tVTRNakF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyNDQ0NzkzOTk1NDc2ODExMTUvOTY5MDAzMS85OTU1OTkzLzQvWmRkM1h2Nkpnc0QyYXhNbGpOWUx5TnBtR2RKcm1yeHZ4LW4tLWtLelJzdy8xLzQvMC8wLzE3MzQ5NDUvMTQxMDU3NjEyOC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzYyNDQ0NzkzOTk1NDc2ODExMTUvenJoLzAvOTU2OS8yMC85OTkvMjU4Lzg0LjE5LjE3NS4wLzAuMDAwLzE2NDI0NjgzMzMvMTY0MjQ4MDkzMy80L3B1Yi0xOTk1MDIxMjY5MTQ3MTUxLw/aLVaScJEgW54V58J39eLuPzz4N8&nodeid=2629&group=zrh&auctionid=6244479399547681115&shardkey=6244479399547681115&sid=9955993&cid=9690031&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.97&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTbL-7RPmYYzwHI-Q3gPU0baABs-HjptcwIbZgsYCwI23ARABIABglcqRgqAHggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQngAgCoAwHIAwKqBK0CT9DrXlu2Z_zrNLtkU3Yd4tyur5sHYzpi1T_wvm0xrIA7DqgaFuBHVtYKd9MQf_2GhqgzXpdF12NefqQPPYY-jpW8k6jEAu4QFfzhn2H6IcmhjbcEfp8vd3fGsxPf-IaMtqvXoggjq_hyn9EyaE9E7Mn06hNG6yG5bW8YUG68YHbp5zaiwEHBANsw1dEZm8no5TU3e7v3fG937EHbzrTYJ4nWNCqpZFT7uyMONQM4qLKbQ5RLMPeheHole65_JjXjAkfkWVD7O6LSK6RWkx7YofUK4ObMPES5BBveH7yqDWsXqN3jptRmCDPj_jxNGuuHLt4ZgEjEMXB8CjedScl75gVIlNqRIR2XP9TULZVbTnb86YnPO43fiJcHhBJeLplDQgvUOfJjxqefYXHibeAEAYAGjrOGxcf-qfKqAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0XS7bCG8pODIJMii00WMyA3bCBiQ%26client%3Dca-pub-1995021269147151%26adurl%3D Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US), Reverse DNS Software MMBD/3.211.0 / Resource Hash c280b9a814c63f0f036441597bed6752ce5044c42abb3cf0f62c1f8dfe121648 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:14 GMT Content-Encoding gzip x-mm-bid-request-time 1642468333 Last-Modified Tue, 18 Jan 2022 01:12:13 GMT Server MMBD/3.211.0 x-mm-latency 16 (0) P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" x-mm-dbg Count Cache-Control no-cache x-mm-host cdg-router-x104, zrh-bidder-x143 Connection close Content-Type application/x-javascript; charset=UTF-8 Expires Tue, 18 Jan 2022 01:12:13 GMT
GET H3	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame A174	2 KB 1 KB	77ms 37ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 00:39:40 GMT content-encoding gzip x-content-type-options nosniff age 1954 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1205 x-xss-protection 0 server cafe etag 18074202747124231361 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 01 Feb 2022 00:39:40 GMT
GET H2	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame A174	121 KB 37 KB	94ms 71ms	Script text/javascript	2a00:1450:4001:811::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37895 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1641990413359145" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 18 Jan 2022 01:12:14 GMT
GET H3	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame A174	15 KB 6 KB	76ms 37ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 00:37:18 GMT content-encoding gzip x-content-type-options nosniff age 2096 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6473 x-xss-protection 0 server cafe etag 5124071950003790117 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 01 Feb 2022 00:37:18 GMT
GET H3	200	ext.js Show response tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame A174	22 KB 7 KB	73ms 35ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 14:31:38 GMT content-encoding gzip x-content-type-options nosniff age 38436 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7022 x-xss-protection 0 last-modified Tue, 02 Mar 2021 20:17:03 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control public, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Tue, 17 Jan 2023 14:31:38 GMT
GET H3	200	0a7038a78463924e38e856a41c4efd92.js Show response www.gstatic.com/mysidia/ Frame 8EC6	8 KB 3 KB	34ms 25ms	Script text/javascript	2a00:1450:4001:831::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/0a7038a78463924e38e856a41c4efd92.js?tag=client_fast_engine_2019 Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash b07b4e0d02a41172ffb5b11e33f997583021a5fe04d18ffb2c5262ad4555dd74 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 16:24:35 GMT content-encoding gzip x-content-type-options nosniff age 290859 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 3339 x-xss-protection 0 last-modified Tue, 11 Jan 2022 08:34:10 GMT server sffe cross-origin-opener-policy same-origin; report-to="mysidia" vary Accept-Encoding report-to {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]} content-type text/javascript cache-control public, max-age=7776000 accept-ranges bytes expires Thu, 14 Apr 2022 16:24:35 GMT
GET H3	200	3a74317e9b2bb5d49fed9cf198abdbac.js Show response www.gstatic.com/mysidia/ Frame 8EC6	131 KB 48 KB	27ms 24ms	Script text/javascript	2a00:1450:4001:831::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/3a74317e9b2bb5d49fed9cf198abdbac.js?tag=video_mra/web_raspberry Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 36e8600bbb366a235978db86bb9ea8ebcf80225b1cc80c4103b8698c283d45ca Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 11 Jan 2022 10:22:05 GMT content-encoding gzip x-content-type-options nosniff age 571809 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 49395 x-xss-protection 0 last-modified Tue, 11 Jan 2022 08:34:10 GMT server sffe cross-origin-opener-policy same-origin; report-to="mysidia" vary Accept-Encoding report-to {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]} content-type text/javascript cache-control public, max-age=7776000 accept-ranges bytes expires Mon, 11 Apr 2022 10:22:05 GMT
GET H3	200	css fonts.googleapis.com/ Frame 8EC6	3 KB 579 B	36ms 34ms	Stylesheet text/css	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 18 Jan 2022 00:43:13 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 18 Jan 2022 01:12:14 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 18 Jan 2022 01:12:14 GMT
GET H3	200	load_preloaded_resource_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 8EC6	1 KB 875 B	18ms 17ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/load_preloaded_resource_fy2019.js Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 00:19:47 GMT content-encoding gzip x-content-type-options nosniff age 3147 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 848 x-xss-protection 0 server cafe etag 2277666839114365613 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 01 Feb 2022 00:19:47 GMT
GET H3	200	abg_lite_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame 8EC6	19 KB 8 KB	50ms 21ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite_fy2019.js Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:10:06 GMT content-encoding gzip x-content-type-options nosniff age 128 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7881 x-xss-protection 0 server cafe etag 7605774008668088057 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 01 Feb 2022 01:10:06 GMT
GET H3	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 8EC6	2 KB 1 KB	20ms 19ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 00:39:40 GMT content-encoding gzip x-content-type-options nosniff age 1954 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1205 x-xss-protection 0 server cafe etag 18074202747124231361 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 01 Feb 2022 00:39:40 GMT
GET H2	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 8EC6	121 KB 37 KB	103ms 90ms	Script text/javascript	2a00:1450:4001:811::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37895 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1641990413359145" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 18 Jan 2022 01:12:14 GMT
GET H3	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 8EC6	15 KB 6 KB	62ms 34ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 00:37:18 GMT content-encoding gzip x-content-type-options nosniff age 2096 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6473 x-xss-protection 0 server cafe etag 5124071950003790117 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 01 Feb 2022 00:37:18 GMT
GET H3	200	b08052bb948632636d2eb594b39baf17.js Show response www.gstatic.com/mysidia/ Frame 8EC6	27 KB 11 KB	18ms 17ms	Script text/javascript	2a00:1450:4001:831::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/b08052bb948632636d2eb594b39baf17.js?tag=mysidia_one_click_handler_one_afma_2019 Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7cb23a8c81d8e04f278b4ebbcc8c169c2f602398e4fb0f336dbf71e4752470c8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 16:24:35 GMT content-encoding gzip x-content-type-options nosniff age 290859 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 11476 x-xss-protection 0 last-modified Tue, 11 Jan 2022 08:34:10 GMT server sffe cross-origin-opener-policy same-origin; report-to="mysidia" vary Accept-Encoding report-to {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]} content-type text/javascript cache-control public, max-age=7776000 accept-ranges bytes expires Thu, 14 Apr 2022 16:24:35 GMT
GET H3	200	adsbygoogle.js Show response pagead2.googlesyndication.com/pagead/js/ Frame 1A37	146 KB 51 KB	37ms 36ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1995021269147151 Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 92c409818507aad928a8ad4acb38ba984c38023a777da2f76aca92ca39be6cc9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Origin https://downfile.site Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 51976 x-xss-protection 0 server cafe etag 14659193650321807233 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=3600 timing-allow-origin * expires Tue, 18 Jan 2022 01:12:14 GMT
GET H2	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 1A37	121 KB 37 KB	93ms 85ms	Script text/javascript	2a00:1450:4001:811::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37895 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1641990413359145" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 18 Jan 2022 01:12:14 GMT
GET H3	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7474	13 KB 5 KB	36ms 23ms	Document text/html	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip cross-origin-resource-policy cross-origin cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-length 5046 x-content-type-options nosniff server sffe x-xss-protection 0 date Mon, 17 Jan 2022 22:32:14 GMT expires Tue, 17 Jan 2023 22:32:14 GMT cache-control public, max-age=31536000 last-modified Mon, 21 Jun 2021 20:47:05 GMT content-type text/html age 9600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	aframe Show response www.google.com/recaptcha/api2/ Frame F307	783 B 534 B	41ms 36ms	Document text/html	2a00:1450:4001:82a::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 237f72d2a149837b44b6718af8efbf79d3cbad7e15eb95e62551707ae81f161a Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-2kFUryLcuK9USpcfmt6W0Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers cross-origin-resource-policy cross-origin cross-origin-embedder-policy require-corp report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} expires Tue, 18 Jan 2022 01:12:14 GMT date Tue, 18 Jan 2022 01:12:14 GMT cache-control private, max-age=300 content-type text/html; charset=utf-8 content-security-policy script-src 'report-sample' 'nonce-2kFUryLcuK9USpcfmt6W0Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 512 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	si googleads.g.doubleclick.net/pagead/drt/ Frame 502F Redirect Chain https://www.google.com/pagead/drt/ui https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA	0 0	49ms 42ms	Image text/html	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Redirect headers date Tue, 18 Jan 2022 01:12:14 GMT x-content-type-options nosniff server cafe content-type text/html; charset=UTF-8 location https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA cache-control private alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0
GET H3	200	si googleads.g.doubleclick.net/pagead/drt/ Frame B022 Redirect Chain https://www.google.com/pagead/drt/ui https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA	0 0	64ms 39ms	Image text/html	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H3 Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Redirect headers date Tue, 18 Jan 2022 01:12:14 GMT x-content-type-options nosniff server cafe content-type text/html; charset=UTF-8 location https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA cache-control private alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0
GET H3	200	show_ads_impl_with_ama_fy2019.js Show response pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201100101/ Frame 9E52	279 KB 100 KB	73ms 45ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site&bust=31064017 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1995021269147151 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 6b4714e6a43807d19009cb8ebadbe35e7f00774b93ca288d977ca0957fc5a528 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 102650 x-xss-protection 0 server cafe etag 8437853065316740132 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600, stale-while-revalidate=3600 timing-allow-origin * expires Tue, 18 Jan 2022 01:12:14 GMT
GET H2	200	zrt_lookup.html Show response googleads.g.doubleclick.net/pagead/html/r20220112/r20190131/ Frame 83A0	11 KB 5 KB	72ms 17ms	Document text/html	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20220112/r20190131/zrt_lookup.html Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1995021269147151 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 425b48211e0ebe795b6ead9ec2f1bcd9e04e9930a7dd30e08cdb2fef0bcb834c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding x-content-type-options nosniff content-encoding gzip server cafe content-length 4885 x-xss-protection 0 date Mon, 17 Jan 2022 01:57:44 GMT expires Mon, 31 Jan 2022 01:57:44 GMT cache-control public, max-age=1209600 age 83670 etag 13671712056976469594 content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST H2	200	v2pnpVqltqh8ISry_WuHgQ_mbO5eMguCQDfXWuFEwyW6IG-A6QxxcAFDmCXeSp89-YrBTlt6ZOKV2W1nulA Show response expansioneggnog.com/	3 B 36 B	128ms 127ms	Fetch application/json	35.201.103.212 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://expansioneggnog.com/v2pnpVqltqh8ISry_WuHgQ_mbO5eMguCQDfXWuFEwyW6IG-A6QxxcAFDmCXeSp89-YrBTlt6ZOKV2W1nulA Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.103.212 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 212.103.201.35.bc.googleusercontent.com Software / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers strict-transport-security max-age=15724800; preload x-datacenter gce-europe-west1 date Tue, 18 Jan 2022 01:12:14 GMT vary Accept-Encoding, Origin access-control-allow-methods POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://downfile.site access-control-allow-credentials true x-hostname fen-hoothoot-europe-west1-spot-33r1 timing-allow-origin * access-control-allow-headers DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie content-length 3
GET H3	200	show_ads_impl_with_ama_fy2019.js Show response pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201060101/ Frame 1A37	278 KB 100 KB	45ms 43ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1995021269147151 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash dc63319416d7b81a7c4da618d75ec674707eaa6b79c89d171fa31b9a2594635a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 102629 x-xss-protection 0 server cafe etag 8165968128240070270 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600, stale-while-revalidate=3600 timing-allow-origin * expires Tue, 18 Jan 2022 01:12:14 GMT
GET H/1.1	200 OK	r0rzfbhsf7cr Show response hal9000.redintelligence.net/zone/ Frame A174	10 KB 4 KB	81ms 25ms	Script text/html	78.46.90.238 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal9000.redintelligence.net/zone/r0rzfbhsf7cr?subid=&gdpr=1&gdpr_consent=li&rnd=6244479399547681115&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYeYT7QAIr4QKd9aXqgWDIg%26mt_aid%3D6244479399547681115%26mt_id%3D9690031%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_cid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCTbL-7RPmYYzwHI-Q3gPU0baABs-HjptcwIbZgsYCwI23ARABIABglcqRgqAHggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQngAgCoAwHIAwKqBK0CT9DrXlu2Z_zrNLtkU3Yd4tyur5sHYzpi1T_wvm0xrIA7DqgaFuBHVtYKd9MQf_2GhqgzXpdF12NefqQPPYY-jpW8k6jEAu4QFfzhn2H6IcmhjbcEfp8vd3fGsxPf-IaMtqvXoggjq_hyn9EyaE9E7Mn06hNG6yG5bW8YUG68YHbp5zaiwEHBANsw1dEZm8no5TU3e7v3fG937EHbzrTYJ4nWNCqpZFT7uyMONQM4qLKbQ5RLMPeheHole65_JjXjAkfkWVD7O6LSK6RWkx7YofUK4ObMPES5BBveH7yqDWsXqN3jptRmCDPj_jxNGuuHLt4ZgEjEMXB8CjedScl75gVIlNqRIR2XP9TULZVbTnb86YnPO43fiJcHhBJeLplDQgvUOfJjxqefYXHibeAEAYAGjrOGxcf-qfKqAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0XS7bCG8pODIJMii00WMyA3bCBiQ%2526client%253Dca-pub-1995021269147151%2526adurl%253D%26redirect%3D Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.238.90.46.78.clients.your-server.de Software Apache / Resource Hash 07c0f2ea8bf1cc98afe19110e45f5c9070de194e589235763368a6299d905d94 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:14 GMT Content-Encoding gzip Server Apache Connection close Content-Length 3437 Vary Accept-Encoding Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	ck-confirm tags.mathtag.com/ Frame A174	49 B 330 B	97ms 47ms	Image image/gif	185.29.134.245 MEDIAMATH-INC
General Check archive.org Show headers Download Go to Show image Full URL https://tags.mathtag.com/ck-confirm?bid_id=6244479399547681115&node_id=2629&exch_id=4 Requested by Host: tags.mathtag.com URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT1dKbU1tVTRNakF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyNDQ0NzkzOTk1NDc2ODExMTUvOTY5MDAzMS85OTU1OTkzLzQvWmRkM1h2Nkpnc0QyYXhNbGpOWUx5TnBtR2RKcm1yeHZ4LW4tLWtLelJzdy8xLzQvMC8wLzE3MzQ5NDUvMTQxMDU3NjEyOC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzYyNDQ0NzkzOTk1NDc2ODExMTUvenJoLzAvOTU2OS8yMC85OTkvMjU4Lzg0LjE5LjE3NS4wLzAuMDAwLzE2NDI0NjgzMzMvMTY0MjQ4MDkzMy80L3B1Yi0xOTk1MDIxMjY5MTQ3MTUxLw/aLVaScJEgW54V58J39eLuPzz4N8&nodeid=2629&group=zrh&auctionid=6244479399547681115&shardkey=6244479399547681115&sid=9955993&cid=9690031&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.97&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTbL-7RPmYYzwHI-Q3gPU0baABs-HjptcwIbZgsYCwI23ARABIABglcqRgqAHggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQngAgCoAwHIAwKqBK0CT9DrXlu2Z_zrNLtkU3Yd4tyur5sHYzpi1T_wvm0xrIA7DqgaFuBHVtYKd9MQf_2GhqgzXpdF12NefqQPPYY-jpW8k6jEAu4QFfzhn2H6IcmhjbcEfp8vd3fGsxPf-IaMtqvXoggjq_hyn9EyaE9E7Mn06hNG6yG5bW8YUG68YHbp5zaiwEHBANsw1dEZm8no5TU3e7v3fG937EHbzrTYJ4nWNCqpZFT7uyMONQM4qLKbQ5RLMPeheHole65_JjXjAkfkWVD7O6LSK6RWkx7YofUK4ObMPES5BBveH7yqDWsXqN3jptRmCDPj_jxNGuuHLt4ZgEjEMXB8CjedScl75gVIlNqRIR2XP9TULZVbTnb86YnPO43fiJcHhBJeLplDQgvUOfJjxqefYXHibeAEAYAGjrOGxcf-qfKqAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0XS7bCG8pODIJMii00WMyA3bCBiQ%26client%3Dca-pub-1995021269147151%26adurl%3D Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US), Reverse DNS Software MMBD/3.211.0 / Resource Hash 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:14 GMT Server MMBD/3.211.0 Content-Type image/gif Cache-Control no-cache x-mm-host cdg-router-x52, zrh-bidder-x143 Connection keep-alive Keep-Alive timeout=360 Content-Length 49 Expires Tue, 18 Jan 2022 01:12:13 GMT
GET H/1.1	200 OK	img pixel.mathtag.com/event/ Frame A174	43 B 405 B	95ms 30ms	Image image/gif	2.18.233.201 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=6244479399547681115&v3=1040879&v4=9955993&v5=9690031&mt_nsync=1&no_attr=1 Requested by Host: tags.mathtag.com URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT1dKbU1tVTRNakF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyNDQ0NzkzOTk1NDc2ODExMTUvOTY5MDAzMS85OTU1OTkzLzQvWmRkM1h2Nkpnc0QyYXhNbGpOWUx5TnBtR2RKcm1yeHZ4LW4tLWtLelJzdy8xLzQvMC8wLzE3MzQ5NDUvMTQxMDU3NjEyOC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzYyNDQ0NzkzOTk1NDc2ODExMTUvenJoLzAvOTU2OS8yMC85OTkvMjU4Lzg0LjE5LjE3NS4wLzAuMDAwLzE2NDI0NjgzMzMvMTY0MjQ4MDkzMy80L3B1Yi0xOTk1MDIxMjY5MTQ3MTUxLw/aLVaScJEgW54V58J39eLuPzz4N8&nodeid=2629&group=zrh&auctionid=6244479399547681115&shardkey=6244479399547681115&sid=9955993&cid=9690031&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.97&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTbL-7RPmYYzwHI-Q3gPU0baABs-HjptcwIbZgsYCwI23ARABIABglcqRgqAHggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQngAgCoAwHIAwKqBK0CT9DrXlu2Z_zrNLtkU3Yd4tyur5sHYzpi1T_wvm0xrIA7DqgaFuBHVtYKd9MQf_2GhqgzXpdF12NefqQPPYY-jpW8k6jEAu4QFfzhn2H6IcmhjbcEfp8vd3fGsxPf-IaMtqvXoggjq_hyn9EyaE9E7Mn06hNG6yG5bW8YUG68YHbp5zaiwEHBANsw1dEZm8no5TU3e7v3fG937EHbzrTYJ4nWNCqpZFT7uyMONQM4qLKbQ5RLMPeheHole65_JjXjAkfkWVD7O6LSK6RWkx7YofUK4ObMPES5BBveH7yqDWsXqN3jptRmCDPj_jxNGuuHLt4ZgEjEMXB8CjedScl75gVIlNqRIR2XP9TULZVbTnb86YnPO43fiJcHhBJeLplDQgvUOfJjxqefYXHibeAEAYAGjrOGxcf-qfKqAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0XS7bCG8pODIJMii00WMyA3bCBiQ%26client%3Dca-pub-1995021269147151%26adurl%3D Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-201.deploy.static.akamaitechnologies.com Software MT3 4133 baa842e master zrh-pixel-x24 config:1.0.0 / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:14 GMT Server MT3 4133 baa842e master zrh-pixel-x24 config:1.0.0 P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Access-Control-Allow-Origin * Cache-Control no-cache Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 18 Jan 2022 01:12:13 GMT
GET H/1.1	200 OK	img tags.mathtag.com/event/ Frame A174	49 B 330 B	128ms 63ms	Image image/gif	185.29.134.245 MEDIAMATH-INC
General Check archive.org Show headers Download Go to Show image Full URL https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=6244479399547681115&st=9955993&time=1642468334&nodeid=2629 Requested by Host: tags.mathtag.com URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT1dKbU1tVTRNakF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyNDQ0NzkzOTk1NDc2ODExMTUvOTY5MDAzMS85OTU1OTkzLzQvWmRkM1h2Nkpnc0QyYXhNbGpOWUx5TnBtR2RKcm1yeHZ4LW4tLWtLelJzdy8xLzQvMC8wLzE3MzQ5NDUvMTQxMDU3NjEyOC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzYyNDQ0NzkzOTk1NDc2ODExMTUvenJoLzAvOTU2OS8yMC85OTkvMjU4Lzg0LjE5LjE3NS4wLzAuMDAwLzE2NDI0NjgzMzMvMTY0MjQ4MDkzMy80L3B1Yi0xOTk1MDIxMjY5MTQ3MTUxLw/aLVaScJEgW54V58J39eLuPzz4N8&nodeid=2629&group=zrh&auctionid=6244479399547681115&shardkey=6244479399547681115&sid=9955993&cid=9690031&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.97&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTbL-7RPmYYzwHI-Q3gPU0baABs-HjptcwIbZgsYCwI23ARABIABglcqRgqAHggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQngAgCoAwHIAwKqBK0CT9DrXlu2Z_zrNLtkU3Yd4tyur5sHYzpi1T_wvm0xrIA7DqgaFuBHVtYKd9MQf_2GhqgzXpdF12NefqQPPYY-jpW8k6jEAu4QFfzhn2H6IcmhjbcEfp8vd3fGsxPf-IaMtqvXoggjq_hyn9EyaE9E7Mn06hNG6yG5bW8YUG68YHbp5zaiwEHBANsw1dEZm8no5TU3e7v3fG937EHbzrTYJ4nWNCqpZFT7uyMONQM4qLKbQ5RLMPeheHole65_JjXjAkfkWVD7O6LSK6RWkx7YofUK4ObMPES5BBveH7yqDWsXqN3jptRmCDPj_jxNGuuHLt4ZgEjEMXB8CjedScl75gVIlNqRIR2XP9TULZVbTnb86YnPO43fiJcHhBJeLplDQgvUOfJjxqefYXHibeAEAYAGjrOGxcf-qfKqAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0XS7bCG8pODIJMii00WMyA3bCBiQ%26client%3Dca-pub-1995021269147151%26adurl%3D Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US), Reverse DNS Software MMBD/3.211.0 / Resource Hash 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:14 GMT Server MMBD/3.211.0 Content-Type image/gif Cache-Control no-cache x-mm-host cdg-router-x86, zrh-bidder-x143 Connection keep-alive Keep-Alive timeout=360 Content-Length 49 Expires Tue, 18 Jan 2022 01:12:13 GMT
POST H2	204	csi csi.gstatic.com/ Frame 8EC6	0 45 B	1076ms 284ms	Ping image/gif	2404:6800:4008:c01::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kyjf8m0b&c=4736328345014&slotId=2368164172507&qqid=CM-ayayPuvUCFQ-Idwod1KgNYA&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=rda&ulv=1 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/mysidia/3a74317e9b2bb5d49fed9cf198abdbac.js?tag=video_mra/web_raspberry Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4008:c01::5e Taipei, Taiwan, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT last-modified Wed, 21 Jan 2004 19:51:30 GMT server Golfe2 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	rda_video_bg_pattern.png googleads.g.doubleclick.net/pagead/images/ Frame 8EC6	2 KB 2 KB	19ms 18ms	Image image/png	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://googleads.g.doubleclick.net/pagead/images/rda_video_bg_pattern.png Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash c7f42fd7e961148cbacb3643b669d55768ded74e587cd30d429a4e8112c05a5c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 18:13:44 GMT x-content-type-options nosniff server cafe age 25110 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" etag 9923804599063086578 vary Accept-Encoding content-type image/png cache-control public, max-age=86400 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2033 x-xss-protection 0 expires Tue, 18 Jan 2022 18:13:44 GMT
GET H3	200	downsize_200k_v1 tpc.googlesyndication.com/simgad/11492603261516078480/ Frame 8EC6	1 KB 1 KB	17ms 17ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/simgad/11492603261516078480/downsize_200k_v1?w=100&h=100 Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1ea3ab87af5ef9aa70072be67abf6aa63badfbd0a48441698bde6c26829e187c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 09:49:36 GMT x-content-type-options nosniff age 55358 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1302 x-xss-protection 0 last-modified Thu, 18 Nov 2021 17:07:49 GMT server sffe report-to {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="content-ads-owners" expires Tue, 17 Jan 2023 09:49:36 GMT
GET DATA	200 OK	truncated / Frame 8EC6	216 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 81cacd6b187878c8eb795e61e66c648ee76c410dafc63852de35290c1e56f9f1 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/svg+xml
GET H3	200	downsize_200k_v1 tpc.googlesyndication.com/simgad/16123135259200415453/ Frame 8EC6	78 KB 78 KB	20ms 19ms	Image image/jpeg	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/simgad/16123135259200415453/downsize_200k_v1 Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4933aeea3ed1911f11a0af32bcaa1a1b945b6af7561920336abbb6ddfc304dcc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 12 Jan 2022 19:32:48 GMT x-content-type-options nosniff age 452366 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 80010 x-xss-protection 0 last-modified Tue, 11 Jan 2022 19:06:27 GMT server sffe report-to {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]} content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="content-ads-owners" expires Thu, 12 Jan 2023 19:32:48 GMT
GET H3	200	adview securepubads.g.doubleclick.net/pagead/ Frame 8EC6	0 0	67ms 66ms	Fetch text/html	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/adview?ai=Cqssk7RPmYY_wHI-Q3gPU0baABtCRiO1n8vOKysIP5uSp7Y8uEAEgk-abN2CVypGCoAegAYyN8Z0oyAEJ4AIAqAMByAMIqgS0Ak_Q8RzI47gviCAl9dRreAf1Yzs272sGSTjRu32UuE6WOTem6rT9ll2TO-YdhTcn69NWyy31r29U4XCkV36-62iWtI0dDSvPyQl3bne2QrGj7rwFkdn_Yb2ZlGP6Vy3l4sR9muVDdqoaaBU75pRbwz6wD4Pe1nYKzi5PrX_-H8hxWOOW7fTGOKSly6QBCIULLo9lZC6qnt_YZuOngAjItOXZn6puV9HPbqMXdi3GOjCWsMFr3i0IuU-JdCBQm3HsvBXbkM1ASQtAwFCw1Y8ULdzNkn6LCuzP4KHP7-xzC_VoRf95uEQCA6G29A7aI0XJnH5epbUriCHdyxdcGuLKiKSd-HCKtRRO_mAxWuppY0s46pDd9pUf1Ip3SG91R7Db_a1tQER8WxNe_iaKLdaV0EG1MTMpwASajtqI8gPgBAGSBQQIBBgBkgUECAUYBKAGLoAHjMXB_QKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBDX5hbSCAkIiOGAEBABGB2ACgHICwG4E5wb2BMMiBQB0BUBmBYBgBcBshceChwIABIUcHViLTE5OTUwMjEyNjkxNDcxNTEYiZR_&sigh=jt83jQ8vpuc&uach_m=[UACH]&template_id=3484 Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H/1.1	206 Partial Content	videoplayback rr1---sn-4g5e6nzl.googlevideo.com/ Frame 8EC6 Redirect Chain https://rr1---sn-4g5e6nzl.googlevideo.com/videoplayback?expire=1642497134&ei=7hPmYfGcCIWc8gOVlrxg&ip=84.19.175.183&id=56083516c1176204&itag=18&source=youtube&requiressl=yes&mh=JA&mm=31&mn=sn-4g5e6n... https://rr1---sn-4g5e6nzl.googlevideo.com/videoplayback?expire=1642497134&ei=7hPmYfGcCIWc8gOVlrxg&ip=84.19.175.183&id=56083516c1176204&itag=18&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=...	693 KB 693 KB	52ms 17ms	Media video/mp4	2a00:1450:4001:3c::6 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://rr1---sn-4g5e6nzl.googlevideo.com/videoplayback?expire=1642497134&ei=7hPmYfGcCIWc8gOVlrxg&ip=84.19.175.183&id=56083516c1176204&itag=18&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=17.786&lmt=1637254083871293&txp=6210222&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAP_W0wj3K5aFaJLsGE8bSS5Y66um9LVrgRjwefeeK8j8AiEA3erxzY-NGAP3-DriCV7gmkOfC5Lwa6lDjbmnkNns4kw=&cpn=d_EB-8bKjNWgDc7Y&redirect_counter=1&rm=sn-4g5ed77e&req_id=dba856cfdc3636e2&cms_redirect=yes&ipbypass=yes&mh=JA&mip=2001:1b60:1010:2:1012:9644:de4a:9214&mm=31&mn=sn-4g5e6nzl&ms=au&mt=1642468125&mv=m&mvi=1&pl=36&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgO8NqoVcrwwxBVvsxX4Ggr_vtj7Gz3iVk-kGYKyapaHsCIDD2DtQhbO5JNgTlaUUQG2YCTclHLov5-cYwdO-musAF Requested by Host: c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com URL: https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol HTTP/1.1 Server 2a00:1450:4001:3c::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash 77e057c8ac7e2fae0218b177b2c0b408926218dcdf3d406a0bb62807cf31ced5 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:14 GMT X-Content-Type-Options nosniff Last-Modified Thu, 18 Nov 2021 16:48:03 GMT Server gvs 1.0 Vary Origin Content-Type video/mp4 Content-Range bytes 0-709453/709454 Cache-Control private, max-age=28500 Cross-Origin-Resource-Policy cross-origin Connection close Accept-Ranges bytes Alt-Svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Content-Length 709454 Expires Tue, 18 Jan 2022 01:12:14 GMT Redirect headers Date Tue, 18 Jan 2022 01:12:14 GMT X-Content-Type-Options nosniff Last-Modified Wed, 02 May 2007 10:26:10 GMT Server gvs 1.0 Vary Origin Content-Type text/html Location https://rr1---sn-4g5e6nzl.googlevideo.com/videoplayback?expire=1642497134&ei=7hPmYfGcCIWc8gOVlrxg&ip=84.19.175.183&id=56083516c1176204&itag=18&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=17.786&lmt=1637254083871293&txp=6210222&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAP_W0wj3K5aFaJLsGE8bSS5Y66um9LVrgRjwefeeK8j8AiEA3erxzY-NGAP3-DriCV7gmkOfC5Lwa6lDjbmnkNns4kw=&cpn=d_EB-8bKjNWgDc7Y&redirect_counter=1&rm=sn-4g5ed77e&req_id=dba856cfdc3636e2&cms_redirect=yes&ipbypass=yes&mh=JA&mip=2001:1b60:1010:2:1012:9644:de4a:9214&mm=31&mn=sn-4g5e6nzl&ms=au&mt=1642468125&mv=m&mvi=1&pl=36&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgO8NqoVcrwwxBVvsxX4Ggr_vtj7Gz3iVk-kGYKyapaHsCIDD2DtQhbO5JNgTlaUUQG2YCTclHLov5-cYwdO-musAF Cache-Control private, max-age=900 Cross-Origin-Resource-Policy cross-origin Connection close Content-Length 0 Expires Tue, 18 Jan 2022 01:12:14 GMT
GET DATA	200 OK	truncated / Frame 8EC6	211 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash aa07eee61418e47e4409a51bc75d2a85e469f570c35133fd68e090eb9c25cacb Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET H2	200	cookie.js Show response partner.googleadservices.com/gampad/ Frame 9E52	12 B 247 B	26ms 25ms	Script text/javascript	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://partner.googleadservices.com/gampad/cookie.js?domain=downfile.site&callback=_gfp_s_&client=ca-pub-1995021269147151&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site&bust=31064017 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software cafe / Resource Hash daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type text/javascript; charset=UTF-8 cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 32 x-xss-protection 0
GET H3	200	integrator.js Show response adservice.google.de/adsid/ Frame 9E52	107 B 122 B	55ms 26ms	Script application/javascript	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=downfile.site Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site&bust=31064017 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	integrator.js Show response adservice.google.com/adsid/ Frame 9E52	107 B 122 B	53ms 25ms	Script application/javascript	2a00:1450:4001:830::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=downfile.site Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site&bust=31064017 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 9E52	0 20 B	57ms 57ms	Image image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&tn=DIV&cls=grecaptcha-badge&ign=false&pw=1600&ph=1200&x=1575&y=1175 Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:14 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame CC8F	0 16 B	76ms 75ms	Document text/html	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&adk=1812271804&adf=3279755404&plat=1%3A16777216%2C3%3A32%2C4%3A32%2C8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334491&bpp=2&bdt=170&idt=322&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&nras=1&correlator=568832844229&frm=23&ife=4&pv=2&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&ifi=1&uci=1.29p3qmnch85l&fsb=1&dtd=338 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site&bust=31064017 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff date Tue, 18 Jan 2022 01:12:14 GMT server cafe content-length 0 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	cookie.js Show response partner.googleadservices.com/gampad/ Frame 1A37	12 B 53 B	26ms 25ms	Script text/javascript	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://partner.googleadservices.com/gampad/cookie.js?domain=downfile.site&callback=_gfp_s_&client=ca-pub-1995021269147151&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software cafe / Resource Hash daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type text/javascript; charset=UTF-8 cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 32 x-xss-protection 0
GET H3	200	4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2 fonts.gstatic.com/s/googlesans/v36/ Frame 8EC6	21 KB 21 KB	17ms 16ms	Font font/woff2	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 18:21:26 GMT x-content-type-options nosniff age 24648 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 21424 x-xss-protection 0 last-modified Wed, 01 Sep 2021 18:08:24 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Tue, 17 Jan 2023 18:21:26 GMT
GET H3	200	4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2 fonts.gstatic.com/s/googlesans/v36/ Frame 8EC6	21 KB 21 KB	23ms 22ms	Font font/woff2	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:17:51 GMT x-content-type-options nosniff age 302063 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 21660 x-xss-protection 0 last-modified Wed, 01 Sep 2021 18:07:18 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Sat, 14 Jan 2023 13:17:51 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 1A37	0 20 B	53ms 52ms	Image image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&tn=DIV&cls=grecaptcha-badge&ign=false&pw=1600&ph=1200&x=1575&y=1175 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:14 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	integrator.js Show response adservice.google.de/adsid/ Frame 1A37	107 B 122 B	34ms 34ms	Script application/javascript	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=downfile.site Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	integrator.js Show response adservice.google.com/adsid/ Frame 1A37	107 B 122 B	33ms 33ms	Script application/javascript	2a00:1450:4001:830::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=downfile.site Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Tue, 18 Jan 2022 01:12:14 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame A08D	0 16 B	71ms 70ms	Document text/html	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&adk=1812271804&adf=3407277754&plat=1%3A16777216%2C3%3A32%2C4%3A32%2C8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334605&bpp=3&bdt=291&idt=238&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&ifi=1&uci=1.h1xaf2jiqyql&fsb=1&dtd=257 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff date Tue, 18 Jan 2022 01:12:14 GMT server cafe content-length 0 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame D57E	32 KB 13 KB	357ms 357ms	Document text/html	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site&bust=31064017 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 577387e026b6b6d6371ee6eae7912e96f71e9425aa26ba836a69079b2e135a7f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding br date Tue, 18 Jan 2022 01:12:15 GMT server cafe content-length 12841 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame F307	0 0	33ms 32ms	Image text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=4142803584566598&rc=05ABBMTcPYCXAmeSmDk-COElB-fJVlb86lM9X3w4oYqKbSx1R4vlo0nxwLJcT8Z4YGl34JU2DvnV30XoGNtmXUFuStXiFQR_CXDFYFs1wKXhwCFimix_AoLoeqsZA1__6GNue6bwxeCdVHXWCON3XNeURJGr7Zv78tZffpF2GzDxw5W-FXiP1o7XNwoI_3wxPMZH-TwsvUI8vy7QlvYAjx-v78yt51_84f0n_tNEVk-MRFL2hOsb9evQ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H3	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame 238C	20 KB 10 KB	379ms 378ms	Document text/html	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 18e84ab819e75db7bb3039b9234fcfcaa572b3f4694bcb9c7f57fb74738479ba Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding br date Tue, 18 Jan 2022 01:12:15 GMT server cafe content-length 10681 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H/1.1	200 OK	request.php Show response hal900017.redintelligence.net/ Frame A174	613 B 771 B	126ms 68ms	Script application/x-javascript	159.69.70.9 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900017.redintelligence.net/request.php?zone=r0rzfbhsf7cr&nw=20&renderingType=javascript&namespace=b5ab5ce810&subid=&uid=922172717fc8dfeb&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYeYT7QAIr4QKd9aXqgWDIg%26mt_aid%3D6244479399547681115%26mt_id%3D9690031%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_cid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCTbL-7RPmYYzwHI-Q3gPU0baABs-HjptcwIbZgsYCwI23ARABIABglcqRgqAHggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQngAgCoAwHIAwKqBK0CT9DrXlu2Z_zrNLtkU3Yd4tyur5sHYzpi1T_wvm0xrIA7DqgaFuBHVtYKd9MQf_2GhqgzXpdF12NefqQPPYY-jpW8k6jEAu4QFfzhn2H6IcmhjbcEfp8vd3fGsxPf-IaMtqvXoggjq_hyn9EyaE9E7Mn06hNG6yG5bW8YUG68YHbp5zaiwEHBANsw1dEZm8no5TU3e7v3fG937EHbzrTYJ4nWNCqpZFT7uyMONQM4qLKbQ5RLMPeheHole65_JjXjAkfkWVD7O6LSK6RWkx7YofUK4ObMPES5BBveH7yqDWsXqN3jptRmCDPj_jxNGuuHLt4ZgEjEMXB8CjedScl75gVIlNqRIR2XP9TULZVbTnb86YnPO43fiJcHhBJeLplDQgvUOfJjxqefYXHibeAEAYAGjrOGxcf-qfKqAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0XS7bCG8pODIJMii00WMyA3bCBiQ%2526client%253Dca-pub-1995021269147151%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fc085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=170069155642&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 Requested by Host: hal9000.redintelligence.net URL: https://hal9000.redintelligence.net/zone/r0rzfbhsf7cr?subid=&gdpr=1&gdpr_consent=li&rnd=6244479399547681115&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYeYT7QAIr4QKd9aXqgWDIg%26mt_aid%3D6244479399547681115%26mt_id%3D9690031%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_cid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCTbL-7RPmYYzwHI-Q3gPU0baABs-HjptcwIbZgsYCwI23ARABIABglcqRgqAHggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQngAgCoAwHIAwKqBK0CT9DrXlu2Z_zrNLtkU3Yd4tyur5sHYzpi1T_wvm0xrIA7DqgaFuBHVtYKd9MQf_2GhqgzXpdF12NefqQPPYY-jpW8k6jEAu4QFfzhn2H6IcmhjbcEfp8vd3fGsxPf-IaMtqvXoggjq_hyn9EyaE9E7Mn06hNG6yG5bW8YUG68YHbp5zaiwEHBANsw1dEZm8no5TU3e7v3fG937EHbzrTYJ4nWNCqpZFT7uyMONQM4qLKbQ5RLMPeheHole65_JjXjAkfkWVD7O6LSK6RWkx7YofUK4ObMPES5BBveH7yqDWsXqN3jptRmCDPj_jxNGuuHLt4ZgEjEMXB8CjedScl75gVIlNqRIR2XP9TULZVbTnb86YnPO43fiJcHhBJeLplDQgvUOfJjxqefYXHibeAEAYAGjrOGxcf-qfKqAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0XS7bCG8pODIJMii00WMyA3bCBiQ%2526client%253Dca-pub-1995021269147151%2526adurl%253D%26redirect%3D Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.9.70.69.159.clients.your-server.de Software Apache / Resource Hash 2de8bffa3d1835ecb88c557c6a4dd88826e67a3df4cd152c82e8521c79c017e3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:14 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Cache-Control no-store, no-cache, must-revalidate, max-age=0 X-NEORY-SubId 54995600010044903891610011843017 Connection close Content-Type application/x-javascript; charset=utf-8 Content-Length 328 Expires Tue, 18 Jan 2022 01:12:14 +0100
POST H2	204	csi csi.gstatic.com/ Frame 8EC6	0 318 B	835ms 284ms	Ping image/gif	2404:6800:4008:c01::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kyjf8m0j&c=4736328345014&slotId=2368164172507&qqid=CM-ayayPuvUCFQ-Idwod1KgNYA&umsem=0&ape=1&ple=1&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fwww.gstatic.com%252Fmysidia%252F0a7038a78463924e38e856a41c4efd92.js%253Ftag%253Dclient_fast_engine_2019&encoded_body_size=0&transfer_size=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/mysidia/3a74317e9b2bb5d49fed9cf198abdbac.js?tag=video_mra/web_raspberry Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4008:c01::5e Taipei, Taiwan, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT last-modified Wed, 21 Jan 2004 19:51:30 GMT server Golfe2 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	csi csi.gstatic.com/ Frame 8EC6	0 54 B	835ms 285ms	Ping image/gif	2404:6800:4008:c01::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=3~kyjf8m78&c=4736328345014&slotId=2368164172507&qqid=CM-ayayPuvUCFQ-Idwod1KgNYA&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fwww.gstatic.com%252Fmysidia%252F3a74317e9b2bb5d49fed9cf198abdbac.js%253Ftag%253Dvideo_mra%252Fweb_raspberry&encoded_body_size=0&transfer_size=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/mysidia/3a74317e9b2bb5d49fed9cf198abdbac.js?tag=video_mra/web_raspberry Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4008:c01::5e Taipei, Taiwan, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT last-modified Wed, 21 Jan 2004 19:51:30 GMT server Golfe2 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	csi csi.gstatic.com/ Frame 8EC6	0 45 B	835ms 284ms	Ping image/gif	2404:6800:4008:c01::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=4~kyjf8m79&c=4736328345014&slotId=2368164172507&qqid=CM-ayayPuvUCFQ-Idwod1KgNYA&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fwww.gstatic.com%252Fmysidia%252Fb08052bb948632636d2eb594b39baf17.js%253Ftag%253Dmysidia_one_click_handler_one_afma_2019&encoded_body_size=0&transfer_size=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/mysidia/3a74317e9b2bb5d49fed9cf198abdbac.js?tag=video_mra/web_raspberry Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4008:c01::5e Taipei, Taiwan, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT last-modified Wed, 21 Jan 2004 19:51:30 GMT server Golfe2 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ze6spFYAGmeX0SVs4uO-WfgikXQwH0dcHguaiLf8sa4.js Show response pagead2.googlesyndication.com/bg/ Frame 7474	35 KB 13 KB	22ms 22ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/ze6spFYAGmeX0SVs4uO-WfgikXQwH0dcHguaiLf8sa4.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cdeeaca456001a6797d1256ce2e3be59f8229174301f475c1e0b9a88b7fcb1ae Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 16:35:04 GMT content-encoding br x-content-type-options nosniff age 31030 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13313 x-xss-protection 0 last-modified Thu, 06 Jan 2022 13:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Tue, 17 Jan 2023 16:35:04 GMT
GET H3	200	/ googleads.g.doubleclick.net/pagead/interaction/ Frame 8EC6	42 B 64 B	40ms 40ms	Image image/gif	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://googleads.g.doubleclick.net/pagead/interaction/?ai=CWRMM7RPmYY_wHI-Q3gPU0baABtCRiO1n8vOKysIP5uSp7Y8uEAEgk-abN2CVypGCoAegAYyN8Z0oyAEJ4AIAqAMByAMIqgS3Ak_Q8RzI47gviCAl9dRreAf1Yzs272sGSTjRu32UuE6WOTem6rT9ll2TO-YdhTcn69NWyy31r29U4XCkV36-62iWtI0dDSvPyQl3bne2QrGj7rwFkdn_Yb2ZlGP6Vy3l4sR9muVDdqoaaBU75pRbwz6wD4Pe1nYKzi5PrX_-H8hxWOOW7fTGOKSly6QBCIULLo9lZC6qnt_YZuOngAjItOXZn6puV9HPbqMXdi3GOjCWsMFr3i0IuU-JdCBQm3HsvBXbkM1ASQtAwFCw1Y8ULdzNkn6LCuzP4KHP7-xzC_VoRf95uEQCA6G29A7aI0XJnH5epbUriCHdyxdcGuLKiKSd-HCKtRRO_mAxWuppYwk6ywIsPBVXIQpK4d1U7yrf4qfOSmpk3aL0344aisO5yLJaqXvcgdf2wASajtqI8gPgBAGgBi6AB4zFwf0CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgdsQl4D-FYxzgCMoAKAZgLAcgLAYAMAbgMAbgTnBvYEwyIFAHQFQGYFgH4FgGAFwE&sigh=ioT3emCLbTM&cid=CAQSPgCNIrLMIC7Ccfl6B8ZxtSEECDDt8ofaWgD91P_LEpKsFCX4QjCwyd_8s3jgkDpIf1Vl92aK8EdvFXs4sbD9&label=adresume Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	request_content.php Show response hal900017.redintelligence.net/ Frame C9D8	4 KB 2 KB	77ms 26ms	Document text/html	159.69.70.9 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900017.redintelligence.net/request_content.php?s=54995600010044903891610011843017&a=16011e5d Requested by Host: hal900017.redintelligence.net URL: https://hal900017.redintelligence.net/request.php?zone=r0rzfbhsf7cr&nw=20&renderingType=javascript&namespace=b5ab5ce810&subid=&uid=922172717fc8dfeb&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYeYT7QAIr4QKd9aXqgWDIg%26mt_aid%3D6244479399547681115%26mt_id%3D9690031%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_cid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCTbL-7RPmYYzwHI-Q3gPU0baABs-HjptcwIbZgsYCwI23ARABIABglcqRgqAHggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQngAgCoAwHIAwKqBK0CT9DrXlu2Z_zrNLtkU3Yd4tyur5sHYzpi1T_wvm0xrIA7DqgaFuBHVtYKd9MQf_2GhqgzXpdF12NefqQPPYY-jpW8k6jEAu4QFfzhn2H6IcmhjbcEfp8vd3fGsxPf-IaMtqvXoggjq_hyn9EyaE9E7Mn06hNG6yG5bW8YUG68YHbp5zaiwEHBANsw1dEZm8no5TU3e7v3fG937EHbzrTYJ4nWNCqpZFT7uyMONQM4qLKbQ5RLMPeheHole65_JjXjAkfkWVD7O6LSK6RWkx7YofUK4ObMPES5BBveH7yqDWsXqN3jptRmCDPj_jxNGuuHLt4ZgEjEMXB8CjedScl75gVIlNqRIR2XP9TULZVbTnb86YnPO43fiJcHhBJeLplDQgvUOfJjxqefYXHibeAEAYAGjrOGxcf-qfKqAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0XS7bCG8pODIJMii00WMyA3bCBiQ%2526client%253Dca-pub-1995021269147151%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fc085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=170069155642&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.9.70.69.159.clients.your-server.de Software Apache / Resource Hash 81c7280cca71947772f7ef8b5c5ee87075f806b1fe4652d07d060090c4812116 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Server Apache Cache-Control no-store, no-cache, must-revalidate, max-age=0 Expires Tue, 18 Jan 2022 01:12:15 +0100 Pragma no-cache P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Vary Accept-Encoding Content-Encoding gzip Content-Length 1539 Connection close Content-Type text/html; charset=utf-8
GET DATA	200 OK	truncated / Frame A174	213 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 056918891cf4861529312a389af93f478e2ba948124ea6018ae7749ca2a6fc59 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET H3	204	generate_204 tpc.googlesyndication.com/ Frame 7474	0 9 B	17ms 16ms	Image text/plain	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/generate_204?E8dxDA Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/	0 20 B	59ms 58ms	Image image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=4142803584566598&bg=!UlGlURXNAAaocxMpqHM7ACkAdvg8WvmnRin6jLKg3LWGgY2WISwj88C3lM-vXeynmEyatkqrjYXqIwIAAAB-UgAAAAFoAQeZAracPVYIwR7uXe1RK0Tv15RqjxOojYHgApSdc5JWXwU66JiJtYc70p_BDNZR7DkaDvfy0eAlEpSptIDP7dTmK6DK0mDzb9wIkBjyBV4vV3q9Zamwr36YhHNlRjh67RSI7MX3UJL_XNno8K4aJgEFD6wkxomZS4EMTW3xn4fwtt4dWXDqoeZuqSmc794vqQmkaGmvqWer5fNRMvwKQaQXpIY1kURogF9suVm1tyi9-sfngRxCZxCR4zq4-d16vYRruuYmPkzQ_mM9HawvwItyvquuGF5NED593kyJTtb4PGHjv9zHwR4GedhEO_NJRdrsc9bYovap_dD1uUvHzFOOs4JdknJz_fw_HN-cQjvbtHXC_W2Q15zNSa_k2JVfBuMfqKuT8Hyh0MKC4HiyaFB0y8o7KhRngYxUOdJsqup021fWFCv7sY4yDfPDDwlxmgdmaiD4UBeSsXBD63-Mg2PHGEMROuhA3SaX0smJsd1o1yOyePG-e8p_-4kp-kvllwEwGClj9kbJEBB5Tx8OAhqTq27RYRtnMrCXIa3-5WBtQFp7Wv0u8JDOL-KIreN_uxCLZt41S9r_TwvL188SIseeqA9y5fYaTXn55fe8qe5Q0D2QIyhjJywZ-myrv8lgcPdU1gs_DewLI9vGmGrsCaySBpfDzOeEDJHsT51OlP5DXexaUH9UrXrAttbPUE6XM-LAs8zjwOG2ql5F567y_ZhY6ZwmlqS8qxAlZt3OERvG_R7Li_2_0DSwnPGxW3iwDjK7lG_5QctXAjwza-pemHpBKmLmdPbMAdaDgetdwuOiFFpNSbzyd28TIgaW8BzRL2Pg1toZGZN3wEVXWy7WrroFyHpaUuDiglk9tJYZDDf6WEwcr9wo4SYGoqOUjhHM3PkBqpxFenT_aD2qbsr90NUudHwpGIJ1chU6 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response track.adform.net/adfscript/ Frame C9D8	766 B 877 B	105ms 28ms	Script text/javascript	37.157.4.25 ADFORM
General Check archive.org Show headers Download Go to Full URL https://track.adform.net/adfscript/?bn=51990269;gdpr=1;gdpr_consent=li;click=https%3A%2F%2Fhal900017.redintelligence.net%2Fc%2Fpm6w5ddwepjvkv5%3Ftprde%3D Requested by Host: hal900017.redintelligence.net URL: https://hal900017.redintelligence.net/request_content.php?s=54995600010044903891610011843017&a=16011e5d Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.4.25 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash ac19359e7efcd9aa8571000efacd1140fdd1e0f6583b710203651490f049c1d5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT content-encoding gzip server nginx vary Accept-Encoding p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control no-cache, no-store, must-revalidate, no-transform strict-transport-security max-age=31536000; includeSubDomains content-type text/javascript; charset=utf-8 content-length 562 expires -1
GET H/1.1	200 OK	viewability Show response hal900017.redintelligence.net/ Frame C9D8	0 150 B	68ms 26ms	Script text/html	159.69.70.9 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900017.redintelligence.net/viewability?s=54995600010044903891610011843017&a=f786eae3&vb=m Requested by Host: hal900017.redintelligence.net URL: https://hal900017.redintelligence.net/request_content.php?s=54995600010044903891610011843017&a=16011e5d Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.9.70.69.159.clients.your-server.de Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/request_content.php?s=54995600010044903891610011843017&a=16011e5d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Server Apache Connection close Content-Length 0 Content-Type text/html; charset=UTF-8
GET H3	200	/ googleads.g.doubleclick.net/pagead/interaction/ Frame 8EC6	42 B 64 B	29ms 29ms	Image image/gif	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://googleads.g.doubleclick.net/pagead/interaction/?ai=CWRMM7RPmYY_wHI-Q3gPU0baABtCRiO1n8vOKysIP5uSp7Y8uEAEgk-abN2CVypGCoAegAYyN8Z0oyAEJ4AIAqAMByAMIqgS3Ak_Q8RzI47gviCAl9dRreAf1Yzs272sGSTjRu32UuE6WOTem6rT9ll2TO-YdhTcn69NWyy31r29U4XCkV36-62iWtI0dDSvPyQl3bne2QrGj7rwFkdn_Yb2ZlGP6Vy3l4sR9muVDdqoaaBU75pRbwz6wD4Pe1nYKzi5PrX_-H8hxWOOW7fTGOKSly6QBCIULLo9lZC6qnt_YZuOngAjItOXZn6puV9HPbqMXdi3GOjCWsMFr3i0IuU-JdCBQm3HsvBXbkM1ASQtAwFCw1Y8ULdzNkn6LCuzP4KHP7-xzC_VoRf95uEQCA6G29A7aI0XJnH5epbUriCHdyxdcGuLKiKSd-HCKtRRO_mAxWuppYwk6ywIsPBVXIQpK4d1U7yrf4qfOSmpk3aL0344aisO5yLJaqXvcgdf2wASajtqI8gPgBAGgBi6AB4zFwf0CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgdsQl4D-FYxzgCMoAKAZgLAcgLAYAMAbgMAbgTnBvYEwyIFAHQFQGYFgH4FgGAFwE&sigh=ioT3emCLbTM&cid=CAQSPgCNIrLMIC7Ccfl6B8ZxtSEECDDt8ofaWgD91P_LEpKsFCX4QjCwyd_8s3jgkDpIf1Vl92aK8EdvFXs4sbD9&label=part2viewed Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bootstrap.js Show response s1.adform.net/stoat/626/s1.adform.net/ Frame C9D8	33 KB 16 KB	141ms 38ms	Script text/javascript	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Full URL https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js Requested by Host: track.adform.net URL: https://track.adform.net/adfscript/?bn=51990269;gdpr=1;gdpr_consent=li;click=https%3A%2F%2Fhal900017.redintelligence.net%2Fc%2Fpm6w5ddwepjvkv5%3Ftprde%3D Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash 18191afabdd55f31f8da7876213eb471318fcbff80cd186aba13bbe8d7461585 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT content-encoding gzip last-modified Wed, 05 Jan 2022 15:01:11 GMT server nginx x-cache-status HIT vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=100000 expires Wed, 19 Jan 2022 04:26:52 GMT
GET H3	200	adview googleads.g.doubleclick.net/pagead/ Frame 8205	0 0	41ms 40ms	Fetch text/html	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/adview?ai=CFqJ57hPmYbGROI2KjuwPhuqY4AHPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQmoAwGqBP8BT9DmObOBZk4u1CkRTr8Sn3jqPdG8a7la24b1P844JDStsjtiqRHH3F4o5WwCzUBCFVQLPTa9YkFdpIyIutTxFY93qKUX7AI2PBHYauZ9C5_5gayMxPAsf4EUGjIrZdTz09utx5HpU2hEOL0JJgXgV5DU1hl28pbaVaZQoHVu-ND7MJ058hvC7No11UwWauK6w7DMKk0aj_ld7UmRupvhPBPh0W83tarKejydehVKocDvdYDSog87HNEcR_vlmOq7WE3FnR373cJ5ze0tirvo0Z_lD7hYGlcRt9T2bkZGG6xq-Zn_SGdj_28fg3ZqN7LaJUGFDuq-7lSZpELcTQnzgAbqx4ewjce2-acBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMTk5NTAyMTI2OTE0NzE1MRgA&sigh=yxQRIh2Qu3g&uach_m=[UACH]&cid=CAQSOwCNIrLM-W-Ru_KDQYFGLpVRn1CnzU4k0XRCEhdQUQLYWDaDSsQan3dUFyq3NCUZd_Y5p6uhSMUti6d9GAE&tpd=AGWhJmsyrf0iw7r_dg7bIrjAtIePHYXT1C45k8y1OSck-RjPQYlM27QJiRisrKCg90tifaBLk63nFkxecFH_X_G9AaVQTErHVya6W-ucFQxY5NkL9CcISRxUY56ILXfYpTtkHXJYhbBsCgfo-_C7G1ShOyNhMoE8AKBDi_i7bQR3g2zYytkx7TwxEBwd_YCDLSql4lFDJlD2Pb9UnPmrRHckZDs4TZrvgJfwqYn4cPlhP_EMVEagYK68AVYmOe3UNLIsbBTkHDayZTNpdAB7UzMWgYWjcfinsqBjLdPQH2mOIHhEDSi3HUR9FjjFPq0hVwM_quOB8N9SQmCOoYnBCi92SwUfkpxB-oNKLwNW1LetKqRGcctQHX_5rzl64RpkOsPpCDyhp5N_329DTAFEKmiiWW0IrqbAP0GH6Mu4RrHyVs-unGnUKWYAiypGEc7Qvs9keh_gC-hWAupkYA6kqOyPDHWozmo1Dc4V6_7aODLqvZzQHOVzN7HS5czXb4nedWP0IxJswGigk4iHOfGul2VZ9u0hiN5l80l9yNxnngguZBSOrggjcjnkj0XWxgJnohXVkE8IXporzd1qWNRjFXFDZoYQh015BIbXwpQ_SpVBPV4LciQerS_W22S3886sOGwb25tFixz4BHW5j-gvgMGzd4Wz5RtOVwRLhygP4WMP2BGrNRa19FMKfADl8NtXccV3sAzhwiqlwSUlRjZdVm6K8-v_vtpnbPHHqAadi6_tUPG6tU1AmIRB6AC61Y07plGd_xnqfVvNoUYbBvAas8GFKEeM5LrOkZIxz5c9zRmmJL5t1FMeY7CuP52F1k5X30WSbhlD7ZguDHKIT4x5_QVhKEXp6ZrYCNL6i7596-3WlV2S_lWQ_xlwALIqatwuBxgQm315DDw_75kj0eXkFIrwhdb1Pl8z10_QzkDB3EZar6hjLHLfmbz_wNJbjCOdR39kW7uDkeRFg_aFtDH0otQY2Hr7jmOa-vN6YOQ-kBfkqBMaWlZLXfBW0gbKeqaztqzomFR-oK5NKFWQ5I0CtLbyrKp4s7dCsYa8qHkhhEQDsGIqJJ48F3NVYV5PtiyXgwcGF0bfLyG0fUx2pg Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe date Tue, 18 Jan 2022 01:12:15 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0
GET H/1.1	200 OK	js Show response tags.mathtag.com/notify/ Frame 8205	2 KB 2 KB	38ms 38ms	Script application/x-javascript	185.29.134.245 MEDIAMATH-INC
General Check archive.org Show headers Download Go to Full URL https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVRneU9UQmtOVEF0TXprME5pMDBOR0V3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzczOTc0MDA5MDg0MzA4NzYyNjIvODY3NTYwOS8xMDAyMzI4OC80L0pmN044NWxEVW1CckhSQ1JMMHloQVZ1RUxfekxtSDdhNTVxYllkdDNYZDgvMS80LzAvMC8xNzQ1MTAyLzAvMjQyODc2Lzg2MzE4Mi8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzczOTc0MDA5MDg0MzA4NzYyNjIvYW1zLzAvMzkwMy8yMC85OTkvMzIyLzIwMDE6MWI2MDoxMDEwOjovMC4wMDAvMTY0MjQ2ODMzNC8xNjQyNDgwOTM0LzQvcHViLTE5OTUwMjEyNjkxNDcxNTEv/Wms-wo7rcDtDFbeoeVtDJiKhhVE&nodeid=356&group=cdg&auctionid=7397400908430876262&shardkey=7397400908430876262&sid=10023288&cid=8675609&bp=a_bidfbj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.81&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCicQT7hPmYbGROI2KjuwPhuqY4AHPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQmoAwGqBIICT9DmObOBZk4u1CkRTr8Sn3jqPdG8a7la24b1P844JDStsjtiqRHH3F4o5WwCzUBCFVQLPTa9YkFdpIyIutTxFY93qKUX7AI2PBHYauZ9C5_5gayMxPAsf4EUGjIrZdTz09utx5HpU2hEOL0JJgXgV5DU1hl28pbaVaZQoHVu-ND7MJ058hvC7No11UwWauK6w7DMKk0aj_ld7UmRupvhPBPh0W83tarKejydehVKocDvdYDSog87HNEcR_vlmOq7WE3FnR373cJ5ze0tirvo0Z_lD7hYGlcRt5b0T9TqpwhtdD23478jUJ8Cl3zWPZzCxPxFTkVET0q1vOxF8Q5-FisAgAbqx4ewjce2-acBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3tWenEQJoJVN0Wpkdt8IcW7--uow%26client%3Dca-pub-1995021269147151%26adurl%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US), Reverse DNS Software MMBD/3.211.0 / Resource Hash 046abbe760e80a420f61d49e0d7d9ae359e2a06f30be8e9e3b72b217a77a4cdd Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Content-Encoding gzip x-mm-bid-request-time 1642468334 Last-Modified Tue, 18 Jan 2022 01:12:14 GMT Server MMBD/3.211.0 x-mm-latency 1 (1) Content-Type application/x-javascript; charset=UTF-8 x-mm-dbg Count Cache-Control no-cache x-mm-host cdg-router-x97, cdg-bidder-x53 Connection close Expires Tue, 18 Jan 2022 01:12:14 GMT
GET H3	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 8205	2 KB 1 KB	17ms 17ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 00:39:40 GMT content-encoding gzip x-content-type-options nosniff age 1955 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1205 x-xss-protection 0 server cafe etag 18074202747124231361 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 01 Feb 2022 00:39:40 GMT
GET H3	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 8205	15 KB 6 KB	17ms 17ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 00:37:18 GMT content-encoding gzip x-content-type-options nosniff age 2097 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6473 x-xss-protection 0 server cafe etag 5124071950003790117 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 01 Feb 2022 00:37:18 GMT
GET H3	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 8205	121 KB 37 KB	85ms 56ms	Script text/javascript	2a00:1450:4001:811::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37895 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1641990413359145" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 18 Jan 2022 01:12:15 GMT
GET H3	200	gen_204 pagead2.googlesyndication.com/pagead/ Frame 238C	42 B 63 B	59ms 59ms	Image image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CiKFp4ilyLv8uFz3P1mPGm-Avs3MnLrjSXnBnawziCJqhYA8KnCv0D4F9PbTigsMyr8hZMTfYp9yEefMirN97kK_3V9_yRG1Zac6IinKw-AE9q0WE Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 238C	2 KB 1 KB	21ms 21ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 00:39:40 GMT content-encoding gzip x-content-type-options nosniff age 1955 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1205 x-xss-protection 0 server cafe etag 18074202747124231361 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 01 Feb 2022 00:39:40 GMT
GET H3	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 238C	15 KB 6 KB	21ms 20ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 00:37:18 GMT content-encoding gzip x-content-type-options nosniff age 2097 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6473 x-xss-protection 0 server cafe etag 5124071950003790117 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 01 Feb 2022 00:37:18 GMT
GET H3	204	l www.google.com/ads/measurement/ Frame 238C	0 0	27ms 26ms	Image text/html	2a00:1450:4001:82a::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/measurement/l?ebcid=ALh7CaRnhZQNF116sxIWt1dc8HW5BQHdkD1MTrW9BsjP-qkS9-m--AatAsbrM28XBZkbnlKPi5VAquxiwCSnkY1UGGiy7ix9LA Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H3	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 238C	121 KB 37 KB	52ms 41ms	Script text/javascript	2a00:1450:4001:811::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37895 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1641990413359145" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 18 Jan 2022 01:12:15 GMT
GET H3	200	pixel Show response googleads.g.doubleclick.net/xbbe/ Frame C35B	624 B 297 B	32ms 31ms	Document text/html	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU1eVkRMmpn2fvkdO8OdApxMF1SLBgsJdnGeh4lkDHQHrPxjNL2TBndcrnzJZ_ujUVVtcHomTMhTIcPIgOr4vzPJFpUAR9tRCRD2sfOLNbjO9zOlHKVO6hnB4ppj2f9gJnZN-N-DefCTgPMcIxXGoVF3fjpwPRMQJfIPQJmY7sf9r6d6aY Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip date Tue, 18 Jan 2022 01:12:15 GMT server cafe cache-control private content-length 276 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	ad Show response googleads.g.doubleclick.net/dbm/ Frame 238C	24 KB 14 KB	58ms 57ms	Script text/javascript	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dp_H6yaHUQ3z-ctOV6FgrkZvlSDavgz4sfnJzRdCB07myY0-TWPNKhDW6YEZ-nLI3Br-QdO9107E5b7iN1VA3JvIq_5NYPVIrcCKwOmC9h8VbT2XelaQ98jP0H03gjdVwItgB_8GQJxOyMeyupWmNVr931TQ&cry=1&dbm_d=AKAmf-CMYTvRswUkzXvTdgN-wkvgR6YZW9y2VgohoWTYHRm-htfmqzfTlBb2WaCFFKZGN26qTWG7idAsBcSZ_x7B-O9XCbWry3rpaPzPZXmIsYck20Kj07pqHZgVaTAURiLWan6c9jdMtHCzgDHa-3w7qBwfC8wB9KtUP-9rvONeMsYP0fjT1Ft0BhxCwqo04hG19rfaXqWOLVo_AJ7LYSgQOj6_56KuBwu-WFkdK1lXuiUOZBi4RqPgoId3xrN8FKQVp8EBB17J_UmbJF7NtvYpuv-cKb9q43Rj3qtlTm5b1O6T5IkpHOwLLk-vToh3beOKn9YoQQC_2KEjnYpa6D9mkI5HgpgMr1zy0pmeLrBe36FJ_ULRXxG9VLwpaZjy3Sb7ogTWg-IJR32k855SllzO_iSpd5_5Vs_dba9IaLJXfSGVPg_lD7FEMcbef0vba9e-PFHbHdOBdgiQWUjTNHI5lIG5YugJ9tmFcNzcHJoi9kwNRqeHeiNo2rmU3EIpouvMXffMsx4TfQdgWXs63tRlHqqwtbWm2Jt-Kwj3cY_loETFG_PusYDNFpLzoFwyZBKvvhThGUWJ7hw6Z_3B3w8gOFzT8r93BJdzJOZPNN85RiMi8qZLi_91Bq0dVXbuntDki_x2X-zgi_W-4lbXKqXP10sOCVc2f9050acesjV0PgMUBnpXHDj40EBW4BC8qBtTJ_FXwrMndB4Z_zW1nvFXcxCb-oCHyhNWxB5Ns0tJ2pJ_3x4lI8oCZlDUPJmKlbdUJZ6kMsGbCtr0GkRyHwjibt6E88Ls-saoHdGADPMMC2e3D4wdwSPhqEXcpopbeCJVoleqKS1bpYq3B0qJVHxq9SFi7LWvvkaiVEYEVU5X68ZGIWaPIEwAY4GOCgcVoFWEyC6oYG50eqeBrMxVIarnYfacxbWRw0YxoVuiFxha6gW3Q4ulg8fDwNguIV05lXJQPxWIB9OynxibNnvPBWxKHm1B_zlTeJGAAP8vTa9gC6ZRycS_q2D7Pgp_yXoMpeCf27LcatTNLmd1G48u9z5ftPpRs220snblDhc18bggVUcaqdG6A5UEG4fkdfIf3zlNHNJ-XIEBLsaZO_BCiYhU6sgWhbsLE9MMr68ajfV47V_IiX_7-7H-6qCy1l2RwsBtpzfYUYxnILWTzMEJRP-0E_h1fFeiPHkMeRngkabuWrnf2PMQArVGsaT2WiVich30YhFNoECPCvRPCmbB6cJiH1Myimkz4UTCbF0a7iAgXz73FfgkR2IEFQBjP2GUElij4vfjeU7rXGvyOd7fvVrUToVOkVS4XfNlxdUT6BoOe6cHnSQMHAU9tr9YHI4yolxS7bXdUKOJmVWa9V77LMw_SpUJcpzgnmSafii5O2h5qRxtjFqwfAkfFJBPrWioMJshiWRasrfX90SbTHwgPw3EDeoS0_3n3xRQdDHmR5_Gby_CSYVxXUIadNSFqdzboo15znL2zsgGVZ_z6kA9bquw7uD53QaUW5quWjTzwytun3He5-NZEQ5Knwyqx6nUX57RLpnCMmpyPovKGlYxXH-hzVHGF04eM-Nm4yKgI7XpdHlMixGLwnEEfK3NxW8J7rhPM-EdLs36ZFgdr1z1Ajw2o2YULOC38wlLq2sK8hWDeOU8Npu1JUqZ1IMgLWhaA_A6VzvrgCbkniNzX06j3Y72hnGSZEZHqGGjfOMMXWOMqFlckWUO4vSlw_ti_NIwhod4tKJvdYuVQGWcy_h3FssD0rOrn1G1XRCLynHzxpkba3XRvl1QFeJOxNgG6E3wtU_dqocdp7QDmpxr-GpapqO0dDh8p6Yy4oAAr9WuE-XrrOV4fOaNGO3YQXwKZecaMpAWQprzbvMknj8yV84bz_ONEk1Mxp2LRn3M1rBbgkIKIBvbPaX-z9OUky-YzA2YAmRXA0ZWOpcBjncCOoKOC_bbNzvvHQ2056jBuFhUpeC8uzWgYI5ZYt_gcj8e6Hbtv0MBvoQWyYAxLo3vNe0-GdDll1Bmey_JgbYqqyy9fa2bry70342GHEh9wSI_ofv7OiFsxWovBSlYLano96Z9fBpKsO3QOyBcW69a36bzdrAvkNgwrl7ZUc-o8jDvHrzBVoTZlazL6VRbAztDxmX8PMcaeG9A6i3h2v28-x4EIw6RxcNWjjtECWKF6q24C6V-WJWyWHQ3_MhnFQ_7S_SD4ZWczZ7L9bTZcDGcBRBqXTT4UqxVJ2O_Gk6WHn0b9OL-DCn_k4Bj2iJb2M-A_b5bsS5c2SocK6ijpvbMu2ZX8OKCmGu7k828Qij8q_YTjdc_SmLgXCCVWeSuFRMHSNiQ4yKARfBXWVWtMepIPuD34cl4tomZpr5DWouoQJIfGpF9TexYUSmJw2bBctiipGmt98Mxgyxgfmsjj2LiS2RL_IVGMWc2JbPB7eO1QgJMz_rvVMakzDo8C0Y0US85ZJf1aPo54DIgC6LUEnBJhicpzRRhUK6MgPp5MuXicdMinB9qyYRgBE9JnUPhTxOBirHiRwXxbDRc2ApmlvlnNYJX3dgTfBKlnfFqFR3wmGNrul2tICr8xwHrJzzcGuHSIJzEctILK5EftKsY9NwC79gPivuwCXOwB5f7lY3NRd4DgCtGSsuWYBeGSlm5X9t8C7L7BmCLM7HQ68dZrUE8PIRUa9FPJ8HQILyZJIAdvkbnBiNuYX-ihEG5lBQxou4PpSvvAYG4G4p3pKJXFDAdhCA70CdYoeQn5KPlC9bbiI7UQplAgO_2QWwy7psi8UFZLgBXVmfmu2D1O_3R8N2AcQL05zxyZ6F-i5rjV6h1O38zj8FuQWuWPaf1J3skB6BYCedFEL4tEXF6SjclklFyL2ogj2si80gw1doekgFao_HhefvTzyiKhyfO2QdxBOGYC3tKvmt4aUhwy8B3eCOEEAnxVh2smUhwH-LV0v8FnF0_uqds1axhsNco7YqpJq5dYgF4PxGqPZuYvQ-DmEtQPS8FlKu_Trdo8C6bFq6hWq8GlQwrqIQ1B71t6SiVidRdjky3HFoRyJAoltpvOvxAGevRA1EVUcMVDTqsCBcvNJmXubOupaUdR_EuuXu6VhSgKDbckhfPIS0PJm3ds79g8S2FvXi32crABTP_rkhdWttvDuZnSCYCU7hfsacfW5h7rtPDiAhBsaMi5502-lxbXh6MELrNDmkVDZRuEdXnnwL34BF4oIdFWud-9dTfIN8DBKbY9LBw1D5J2WPx0f6L_6eUQv17ABK4hKjxrQfTxnDO3E0QrFN0JT53-_p7&cid=CAASEuRorYXwBImsqkW1sUQHin94gQ&rfl=3%2Chttps%253A%252F%252Fdownfile.site%242%2C%2Chttps%253A%252F%252Fdownfile.site%252F2021%252F08%252F15%252Fthe-next-cyber-victim-could-be-you%252F%240 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9ea3a89215fb15be8de7bed531c6b3274bd1294bbbb9ab8fc553d9d4cd17f532 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT content-encoding br x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14123 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	r9d3a58lo9uw Show response hal9000.redintelligence.net/zone/ Frame 8205	10 KB 3 KB	85ms 29ms	Script text/html	78.46.90.238 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal9000.redintelligence.net/zone/r9d3a58lo9uw?subid=&gdpr=1&gdpr_consent=li&rnd=7397400908430876262&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYeYT7gAOsDcKd_iT4wr0Tw%26mt_aid%3D7397400908430876262%26mt_id%3D8675609%26mt_adid%3D242876%26mt_sid%3D10023288%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_cid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCicQT7hPmYbGROI2KjuwPhuqY4AHPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQmoAwGqBIICT9DmObOBZk4u1CkRTr8Sn3jqPdG8a7la24b1P844JDStsjtiqRHH3F4o5WwCzUBCFVQLPTa9YkFdpIyIutTxFY93qKUX7AI2PBHYauZ9C5_5gayMxPAsf4EUGjIrZdTz09utx5HpU2hEOL0JJgXgV5DU1hl28pbaVaZQoHVu-ND7MJ058hvC7No11UwWauK6w7DMKk0aj_ld7UmRupvhPBPh0W83tarKejydehVKocDvdYDSog87HNEcR_vlmOq7WE3FnR373cJ5ze0tirvo0Z_lD7hYGlcRt5b0T9TqpwhtdD23478jUJ8Cl3zWPZzCxPxFTkVET0q1vOxF8Q5-FisAgAbqx4ewjce2-acBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3tWenEQJoJVN0Wpkdt8IcW7--uow%2526client%253Dca-pub-1995021269147151%2526adurl%253D%26redirect%3D Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.238.90.46.78.clients.your-server.de Software Apache / Resource Hash de81236e7de901374bef047d642eb56043acb362fd8eba7475ded1db13af820e Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Content-Encoding gzip Server Apache Connection close Content-Length 3360 Vary Accept-Encoding Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	img pixel.mathtag.com/event/ Frame 8205	43 B 405 B	33ms 33ms	Image image/gif	2.18.233.201 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=7397400908430876262&v3=863182&v4=10023288&v5=8675609&mt_nsync=1&no_attr=1 Requested by Host: tags.mathtag.com URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVRneU9UQmtOVEF0TXprME5pMDBOR0V3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzczOTc0MDA5MDg0MzA4NzYyNjIvODY3NTYwOS8xMDAyMzI4OC80L0pmN044NWxEVW1CckhSQ1JMMHloQVZ1RUxfekxtSDdhNTVxYllkdDNYZDgvMS80LzAvMC8xNzQ1MTAyLzAvMjQyODc2Lzg2MzE4Mi8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzczOTc0MDA5MDg0MzA4NzYyNjIvYW1zLzAvMzkwMy8yMC85OTkvMzIyLzIwMDE6MWI2MDoxMDEwOjovMC4wMDAvMTY0MjQ2ODMzNC8xNjQyNDgwOTM0LzQvcHViLTE5OTUwMjEyNjkxNDcxNTEv/Wms-wo7rcDtDFbeoeVtDJiKhhVE&nodeid=356&group=cdg&auctionid=7397400908430876262&shardkey=7397400908430876262&sid=10023288&cid=8675609&bp=a_bidfbj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.81&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCicQT7hPmYbGROI2KjuwPhuqY4AHPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQmoAwGqBIICT9DmObOBZk4u1CkRTr8Sn3jqPdG8a7la24b1P844JDStsjtiqRHH3F4o5WwCzUBCFVQLPTa9YkFdpIyIutTxFY93qKUX7AI2PBHYauZ9C5_5gayMxPAsf4EUGjIrZdTz09utx5HpU2hEOL0JJgXgV5DU1hl28pbaVaZQoHVu-ND7MJ058hvC7No11UwWauK6w7DMKk0aj_ld7UmRupvhPBPh0W83tarKejydehVKocDvdYDSog87HNEcR_vlmOq7WE3FnR373cJ5ze0tirvo0Z_lD7hYGlcRt5b0T9TqpwhtdD23478jUJ8Cl3zWPZzCxPxFTkVET0q1vOxF8Q5-FisAgAbqx4ewjce2-acBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3tWenEQJoJVN0Wpkdt8IcW7--uow%26client%3Dca-pub-1995021269147151%26adurl%3D Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-201.deploy.static.akamaitechnologies.com Software MT3 4133 baa842e master zrh-pixel-x26 config:1.0.0 / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Server MT3 4133 baa842e master zrh-pixel-x26 config:1.0.0 P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Access-Control-Allow-Origin * Cache-Control no-cache Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 18 Jan 2022 01:12:14 GMT
GET H/1.1	200 OK	img tags.mathtag.com/event/ Frame 8205	49 B 330 B	30ms 29ms	Image image/gif	185.29.134.245 MEDIAMATH-INC
General Check archive.org Show headers Download Go to Show image Full URL https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=7397400908430876262&st=10023288&time=1642468335&nodeid=356 Requested by Host: tags.mathtag.com URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVRneU9UQmtOVEF0TXprME5pMDBOR0V3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzczOTc0MDA5MDg0MzA4NzYyNjIvODY3NTYwOS8xMDAyMzI4OC80L0pmN044NWxEVW1CckhSQ1JMMHloQVZ1RUxfekxtSDdhNTVxYllkdDNYZDgvMS80LzAvMC8xNzQ1MTAyLzAvMjQyODc2Lzg2MzE4Mi8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzczOTc0MDA5MDg0MzA4NzYyNjIvYW1zLzAvMzkwMy8yMC85OTkvMzIyLzIwMDE6MWI2MDoxMDEwOjovMC4wMDAvMTY0MjQ2ODMzNC8xNjQyNDgwOTM0LzQvcHViLTE5OTUwMjEyNjkxNDcxNTEv/Wms-wo7rcDtDFbeoeVtDJiKhhVE&nodeid=356&group=cdg&auctionid=7397400908430876262&shardkey=7397400908430876262&sid=10023288&cid=8675609&bp=a_bidfbj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.81&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCicQT7hPmYbGROI2KjuwPhuqY4AHPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQmoAwGqBIICT9DmObOBZk4u1CkRTr8Sn3jqPdG8a7la24b1P844JDStsjtiqRHH3F4o5WwCzUBCFVQLPTa9YkFdpIyIutTxFY93qKUX7AI2PBHYauZ9C5_5gayMxPAsf4EUGjIrZdTz09utx5HpU2hEOL0JJgXgV5DU1hl28pbaVaZQoHVu-ND7MJ058hvC7No11UwWauK6w7DMKk0aj_ld7UmRupvhPBPh0W83tarKejydehVKocDvdYDSog87HNEcR_vlmOq7WE3FnR373cJ5ze0tirvo0Z_lD7hYGlcRt5b0T9TqpwhtdD23478jUJ8Cl3zWPZzCxPxFTkVET0q1vOxF8Q5-FisAgAbqx4ewjce2-acBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3tWenEQJoJVN0Wpkdt8IcW7--uow%26client%3Dca-pub-1995021269147151%26adurl%3D Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US), Reverse DNS Software MMBD/3.211.0 / Resource Hash 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Server MMBD/3.211.0 Content-Type image/gif Cache-Control no-cache x-mm-host cdg-router-x103, cdg-bidder-x53 Connection keep-alive Keep-Alive timeout=360 Content-Length 49 Expires Tue, 18 Jan 2022 01:12:14 GMT
GET H/1.1	200 OK	js Show response sync.mathtag.com/sync/ Frame 8205	1 KB 1 KB	89ms 26ms	Script text/javascript	185.29.134.244 MEDIAMATH-INC
General Check archive.org Show headers Download Go to Full URL https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=1&type=1&synclist=4&gdpr=1&gdpr_consent=li Requested by Host: tags.mathtag.com URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVRneU9UQmtOVEF0TXprME5pMDBOR0V3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzczOTc0MDA5MDg0MzA4NzYyNjIvODY3NTYwOS8xMDAyMzI4OC80L0pmN044NWxEVW1CckhSQ1JMMHloQVZ1RUxfekxtSDdhNTVxYllkdDNYZDgvMS80LzAvMC8xNzQ1MTAyLzAvMjQyODc2Lzg2MzE4Mi8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzczOTc0MDA5MDg0MzA4NzYyNjIvYW1zLzAvMzkwMy8yMC85OTkvMzIyLzIwMDE6MWI2MDoxMDEwOjovMC4wMDAvMTY0MjQ2ODMzNC8xNjQyNDgwOTM0LzQvcHViLTE5OTUwMjEyNjkxNDcxNTEv/Wms-wo7rcDtDFbeoeVtDJiKhhVE&nodeid=356&group=cdg&auctionid=7397400908430876262&shardkey=7397400908430876262&sid=10023288&cid=8675609&bp=a_bidfbj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.81&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCicQT7hPmYbGROI2KjuwPhuqY4AHPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQmoAwGqBIICT9DmObOBZk4u1CkRTr8Sn3jqPdG8a7la24b1P844JDStsjtiqRHH3F4o5WwCzUBCFVQLPTa9YkFdpIyIutTxFY93qKUX7AI2PBHYauZ9C5_5gayMxPAsf4EUGjIrZdTz09utx5HpU2hEOL0JJgXgV5DU1hl28pbaVaZQoHVu-ND7MJ058hvC7No11UwWauK6w7DMKk0aj_ld7UmRupvhPBPh0W83tarKejydehVKocDvdYDSog87HNEcR_vlmOq7WE3FnR373cJ5ze0tirvo0Z_lD7hYGlcRt5b0T9TqpwhtdD23478jUJ8Cl3zWPZzCxPxFTkVET0q1vOxF8Q5-FisAgAbqx4ewjce2-acBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3tWenEQJoJVN0Wpkdt8IcW7--uow%26client%3Dca-pub-1995021269147151%26adurl%3D Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.29.134.244 , United Kingdom, ASN30419 (MEDIAMATH-INC, US), Reverse DNS Software MT3 4133 baa842e master cdg-pixel-x31 config:1.0.0 / Resource Hash f09df63b37b8fe9ee66dd72c1eda0aad798930df8867d8528f0e5412c0ca9989 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Content-Encoding gzip Server MT3 4133 baa842e master cdg-pixel-x31 config:1.0.0 P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Access-Control-Allow-Origin * Cache-Control no-cache Connection close Content-Type text/javascript Expires Tue, 18 Jan 2022 01:12:14 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame C35B Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIOMMFxIhFZYWDvRyyNIkHQ&google_cver=1	43 B 1014 B	33ms 23ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIOMMFxIhFZYWDvRyyNIkHQ&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU1eVkRMmpn2fvkdO8OdApxMF1SLBgsJdnGeh4lkDHQHrPxjNL2TBndcrnzJZ_ujUVVtcHomTMhTIcPIgOr4vzPJFpUAR9tRCRD2sfOLNbjO9zOlHKVO6hnB4ppj2f9gJnZN-N-DefCTgPMcIxXGoVF3fjpwPRMQJfIPQJmY7sf9r6d6aY Protocol HTTP/1.1 Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:15 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 18 Jan 2022 01:12:15 GMT Redirect headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIOMMFxIhFZYWDvRyyNIkHQ&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame C35B Redirect Chain https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeYT7z-10mM5SnkZGKmBqAAA https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIOMMFxIhFZYWDvRyyNIkHQ&google_cver=1	43 B 894 B	34ms 34ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIOMMFxIhFZYWDvRyyNIkHQ&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU1eVkRMmpn2fvkdO8OdApxMF1SLBgsJdnGeh4lkDHQHrPxjNL2TBndcrnzJZ_ujUVVtcHomTMhTIcPIgOr4vzPJFpUAR9tRCRD2sfOLNbjO9zOlHKVO6hnB4ppj2f9gJnZN-N-DefCTgPMcIxXGoVF3fjpwPRMQJfIPQJmY7sf9r6d6aY Protocol HTTP/1.1 Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:15 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 18 Jan 2022 01:12:15 GMT Redirect headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIOMMFxIhFZYWDvRyyNIkHQ&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	setuid ib.adnxs.com/ Frame C35B Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm https://ib.adnxs.com/setuid?entity=101&code=CAESEM387yR-OgsD_HO11JOGQjY&google_cver=1	43 B 1004 B	41ms 32ms	Image image/gif	185.33.221.88 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/setuid?entity=101&code=CAESEM387yR-OgsD_HO11JOGQjY&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU1eVkRMmpn2fvkdO8OdApxMF1SLBgsJdnGeh4lkDHQHrPxjNL2TBndcrnzJZ_ujUVVtcHomTMhTIcPIgOr4vzPJFpUAR9tRCRD2sfOLNbjO9zOlHKVO6hnB4ppj2f9gJnZN-N-DefCTgPMcIxXGoVF3fjpwPRMQJfIPQJmY7sf9r6d6aY Protocol HTTP/1.1 Server 185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US), Reverse DNS 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.17.9 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:15 GMT X-Proxy-Origin 84.19.175.183; 84.19.175.183; 726.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com AN-X-Request-Uuid 9bc27acd-ccf5-49aa-8027-e7a997392b95 Server nginx/1.17.9 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Cache-Control no-store, no-cache, private Connection keep-alive Content-Type image/gif Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://ib.adnxs.com/setuid?entity=101&code=CAESEM387yR-OgsD_HO11JOGQjY&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 290 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame C35B Redirect Chain https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDM3MzI0NDk2NTk3Mzc5MTQxNw%3D%3D	170 B 188 B	41ms 28ms	Image image/png	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDM3MzI0NDk2NTk3Mzc5MTQxNw%3D%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU1eVkRMmpn2fvkdO8OdApxMF1SLBgsJdnGeh4lkDHQHrPxjNL2TBndcrnzJZ_ujUVVtcHomTMhTIcPIgOr4vzPJFpUAR9tRCRD2sfOLNbjO9zOlHKVO6hnB4ppj2f9gJnZN-N-DefCTgPMcIxXGoVF3fjpwPRMQJfIPQJmY7sf9r6d6aY Protocol H3 Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:15 GMT X-Proxy-Origin 84.19.175.183; 84.19.175.183; 726.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com AN-X-Request-Uuid 89035e55-31bd-48be-8e89-cffe41000df5 Server nginx/1.17.9 Access-Control-Allow-Origin * P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Location https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDM3MzI0NDk2NTk3Mzc5MTQxNw%3D%3D Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/html; charset=utf-8 Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H3	200	abg_lite.js Show response pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame 238C	24 KB 9 KB	27ms 26ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dp_H6yaHUQ3z-ctOV6FgrkZvlSDavgz4sfnJzRdCB07myY0-TWPNKhDW6YEZ-nLI3Br-QdO9107E5b7iN1VA3JvIq_5NYPVIrcCKwOmC9h8VbT2XelaQ98jP0H03gjdVwItgB_8GQJxOyMeyupWmNVr931TQ&cry=1&dbm_d=AKAmf-CMYTvRswUkzXvTdgN-wkvgR6YZW9y2VgohoWTYHRm-htfmqzfTlBb2WaCFFKZGN26qTWG7idAsBcSZ_x7B-O9XCbWry3rpaPzPZXmIsYck20Kj07pqHZgVaTAURiLWan6c9jdMtHCzgDHa-3w7qBwfC8wB9KtUP-9rvONeMsYP0fjT1Ft0BhxCwqo04hG19rfaXqWOLVo_AJ7LYSgQOj6_56KuBwu-WFkdK1lXuiUOZBi4RqPgoId3xrN8FKQVp8EBB17J_UmbJF7NtvYpuv-cKb9q43Rj3qtlTm5b1O6T5IkpHOwLLk-vToh3beOKn9YoQQC_2KEjnYpa6D9mkI5HgpgMr1zy0pmeLrBe36FJ_ULRXxG9VLwpaZjy3Sb7ogTWg-IJR32k855SllzO_iSpd5_5Vs_dba9IaLJXfSGVPg_lD7FEMcbef0vba9e-PFHbHdOBdgiQWUjTNHI5lIG5YugJ9tmFcNzcHJoi9kwNRqeHeiNo2rmU3EIpouvMXffMsx4TfQdgWXs63tRlHqqwtbWm2Jt-Kwj3cY_loETFG_PusYDNFpLzoFwyZBKvvhThGUWJ7hw6Z_3B3w8gOFzT8r93BJdzJOZPNN85RiMi8qZLi_91Bq0dVXbuntDki_x2X-zgi_W-4lbXKqXP10sOCVc2f9050acesjV0PgMUBnpXHDj40EBW4BC8qBtTJ_FXwrMndB4Z_zW1nvFXcxCb-oCHyhNWxB5Ns0tJ2pJ_3x4lI8oCZlDUPJmKlbdUJZ6kMsGbCtr0GkRyHwjibt6E88Ls-saoHdGADPMMC2e3D4wdwSPhqEXcpopbeCJVoleqKS1bpYq3B0qJVHxq9SFi7LWvvkaiVEYEVU5X68ZGIWaPIEwAY4GOCgcVoFWEyC6oYG50eqeBrMxVIarnYfacxbWRw0YxoVuiFxha6gW3Q4ulg8fDwNguIV05lXJQPxWIB9OynxibNnvPBWxKHm1B_zlTeJGAAP8vTa9gC6ZRycS_q2D7Pgp_yXoMpeCf27LcatTNLmd1G48u9z5ftPpRs220snblDhc18bggVUcaqdG6A5UEG4fkdfIf3zlNHNJ-XIEBLsaZO_BCiYhU6sgWhbsLE9MMr68ajfV47V_IiX_7-7H-6qCy1l2RwsBtpzfYUYxnILWTzMEJRP-0E_h1fFeiPHkMeRngkabuWrnf2PMQArVGsaT2WiVich30YhFNoECPCvRPCmbB6cJiH1Myimkz4UTCbF0a7iAgXz73FfgkR2IEFQBjP2GUElij4vfjeU7rXGvyOd7fvVrUToVOkVS4XfNlxdUT6BoOe6cHnSQMHAU9tr9YHI4yolxS7bXdUKOJmVWa9V77LMw_SpUJcpzgnmSafii5O2h5qRxtjFqwfAkfFJBPrWioMJshiWRasrfX90SbTHwgPw3EDeoS0_3n3xRQdDHmR5_Gby_CSYVxXUIadNSFqdzboo15znL2zsgGVZ_z6kA9bquw7uD53QaUW5quWjTzwytun3He5-NZEQ5Knwyqx6nUX57RLpnCMmpyPovKGlYxXH-hzVHGF04eM-Nm4yKgI7XpdHlMixGLwnEEfK3NxW8J7rhPM-EdLs36ZFgdr1z1Ajw2o2YULOC38wlLq2sK8hWDeOU8Npu1JUqZ1IMgLWhaA_A6VzvrgCbkniNzX06j3Y72hnGSZEZHqGGjfOMMXWOMqFlckWUO4vSlw_ti_NIwhod4tKJvdYuVQGWcy_h3FssD0rOrn1G1XRCLynHzxpkba3XRvl1QFeJOxNgG6E3wtU_dqocdp7QDmpxr-GpapqO0dDh8p6Yy4oAAr9WuE-XrrOV4fOaNGO3YQXwKZecaMpAWQprzbvMknj8yV84bz_ONEk1Mxp2LRn3M1rBbgkIKIBvbPaX-z9OUky-YzA2YAmRXA0ZWOpcBjncCOoKOC_bbNzvvHQ2056jBuFhUpeC8uzWgYI5ZYt_gcj8e6Hbtv0MBvoQWyYAxLo3vNe0-GdDll1Bmey_JgbYqqyy9fa2bry70342GHEh9wSI_ofv7OiFsxWovBSlYLano96Z9fBpKsO3QOyBcW69a36bzdrAvkNgwrl7ZUc-o8jDvHrzBVoTZlazL6VRbAztDxmX8PMcaeG9A6i3h2v28-x4EIw6RxcNWjjtECWKF6q24C6V-WJWyWHQ3_MhnFQ_7S_SD4ZWczZ7L9bTZcDGcBRBqXTT4UqxVJ2O_Gk6WHn0b9OL-DCn_k4Bj2iJb2M-A_b5bsS5c2SocK6ijpvbMu2ZX8OKCmGu7k828Qij8q_YTjdc_SmLgXCCVWeSuFRMHSNiQ4yKARfBXWVWtMepIPuD34cl4tomZpr5DWouoQJIfGpF9TexYUSmJw2bBctiipGmt98Mxgyxgfmsjj2LiS2RL_IVGMWc2JbPB7eO1QgJMz_rvVMakzDo8C0Y0US85ZJf1aPo54DIgC6LUEnBJhicpzRRhUK6MgPp5MuXicdMinB9qyYRgBE9JnUPhTxOBirHiRwXxbDRc2ApmlvlnNYJX3dgTfBKlnfFqFR3wmGNrul2tICr8xwHrJzzcGuHSIJzEctILK5EftKsY9NwC79gPivuwCXOwB5f7lY3NRd4DgCtGSsuWYBeGSlm5X9t8C7L7BmCLM7HQ68dZrUE8PIRUa9FPJ8HQILyZJIAdvkbnBiNuYX-ihEG5lBQxou4PpSvvAYG4G4p3pKJXFDAdhCA70CdYoeQn5KPlC9bbiI7UQplAgO_2QWwy7psi8UFZLgBXVmfmu2D1O_3R8N2AcQL05zxyZ6F-i5rjV6h1O38zj8FuQWuWPaf1J3skB6BYCedFEL4tEXF6SjclklFyL2ogj2si80gw1doekgFao_HhefvTzyiKhyfO2QdxBOGYC3tKvmt4aUhwy8B3eCOEEAnxVh2smUhwH-LV0v8FnF0_uqds1axhsNco7YqpJq5dYgF4PxGqPZuYvQ-DmEtQPS8FlKu_Trdo8C6bFq6hWq8GlQwrqIQ1B71t6SiVidRdjky3HFoRyJAoltpvOvxAGevRA1EVUcMVDTqsCBcvNJmXubOupaUdR_EuuXu6VhSgKDbckhfPIS0PJm3ds79g8S2FvXi32crABTP_rkhdWttvDuZnSCYCU7hfsacfW5h7rtPDiAhBsaMi5502-lxbXh6MELrNDmkVDZRuEdXnnwL34BF4oIdFWud-9dTfIN8DBKbY9LBw1D5J2WPx0f6L_6eUQv17ABK4hKjxrQfTxnDO3E0QrFN0JT53-_p7&cid=CAASEuRorYXwBImsqkW1sUQHin94gQ&rfl=3%2Chttps%253A%252F%252Fdownfile.site%242%2C%2Chttps%253A%252F%252Fdownfile.site%252F2021%252F08%252F15%252Fthe-next-cyber-victim-could-be-you%252F%240 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:03:41 GMT content-encoding gzip x-content-type-options nosniff age 514 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9544 x-xss-protection 0 server cafe etag 6261108306223674270 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 01 Feb 2022 01:03:41 GMT
GET H3	200	UFYwWwmt.js Show response tpc.googlesyndication.com/sodar/ Frame 238C	41 KB 15 KB	27ms 27ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dp_H6yaHUQ3z-ctOV6FgrkZvlSDavgz4sfnJzRdCB07myY0-TWPNKhDW6YEZ-nLI3Br-QdO9107E5b7iN1VA3JvIq_5NYPVIrcCKwOmC9h8VbT2XelaQ98jP0H03gjdVwItgB_8GQJxOyMeyupWmNVr931TQ&cry=1&dbm_d=AKAmf-CMYTvRswUkzXvTdgN-wkvgR6YZW9y2VgohoWTYHRm-htfmqzfTlBb2WaCFFKZGN26qTWG7idAsBcSZ_x7B-O9XCbWry3rpaPzPZXmIsYck20Kj07pqHZgVaTAURiLWan6c9jdMtHCzgDHa-3w7qBwfC8wB9KtUP-9rvONeMsYP0fjT1Ft0BhxCwqo04hG19rfaXqWOLVo_AJ7LYSgQOj6_56KuBwu-WFkdK1lXuiUOZBi4RqPgoId3xrN8FKQVp8EBB17J_UmbJF7NtvYpuv-cKb9q43Rj3qtlTm5b1O6T5IkpHOwLLk-vToh3beOKn9YoQQC_2KEjnYpa6D9mkI5HgpgMr1zy0pmeLrBe36FJ_ULRXxG9VLwpaZjy3Sb7ogTWg-IJR32k855SllzO_iSpd5_5Vs_dba9IaLJXfSGVPg_lD7FEMcbef0vba9e-PFHbHdOBdgiQWUjTNHI5lIG5YugJ9tmFcNzcHJoi9kwNRqeHeiNo2rmU3EIpouvMXffMsx4TfQdgWXs63tRlHqqwtbWm2Jt-Kwj3cY_loETFG_PusYDNFpLzoFwyZBKvvhThGUWJ7hw6Z_3B3w8gOFzT8r93BJdzJOZPNN85RiMi8qZLi_91Bq0dVXbuntDki_x2X-zgi_W-4lbXKqXP10sOCVc2f9050acesjV0PgMUBnpXHDj40EBW4BC8qBtTJ_FXwrMndB4Z_zW1nvFXcxCb-oCHyhNWxB5Ns0tJ2pJ_3x4lI8oCZlDUPJmKlbdUJZ6kMsGbCtr0GkRyHwjibt6E88Ls-saoHdGADPMMC2e3D4wdwSPhqEXcpopbeCJVoleqKS1bpYq3B0qJVHxq9SFi7LWvvkaiVEYEVU5X68ZGIWaPIEwAY4GOCgcVoFWEyC6oYG50eqeBrMxVIarnYfacxbWRw0YxoVuiFxha6gW3Q4ulg8fDwNguIV05lXJQPxWIB9OynxibNnvPBWxKHm1B_zlTeJGAAP8vTa9gC6ZRycS_q2D7Pgp_yXoMpeCf27LcatTNLmd1G48u9z5ftPpRs220snblDhc18bggVUcaqdG6A5UEG4fkdfIf3zlNHNJ-XIEBLsaZO_BCiYhU6sgWhbsLE9MMr68ajfV47V_IiX_7-7H-6qCy1l2RwsBtpzfYUYxnILWTzMEJRP-0E_h1fFeiPHkMeRngkabuWrnf2PMQArVGsaT2WiVich30YhFNoECPCvRPCmbB6cJiH1Myimkz4UTCbF0a7iAgXz73FfgkR2IEFQBjP2GUElij4vfjeU7rXGvyOd7fvVrUToVOkVS4XfNlxdUT6BoOe6cHnSQMHAU9tr9YHI4yolxS7bXdUKOJmVWa9V77LMw_SpUJcpzgnmSafii5O2h5qRxtjFqwfAkfFJBPrWioMJshiWRasrfX90SbTHwgPw3EDeoS0_3n3xRQdDHmR5_Gby_CSYVxXUIadNSFqdzboo15znL2zsgGVZ_z6kA9bquw7uD53QaUW5quWjTzwytun3He5-NZEQ5Knwyqx6nUX57RLpnCMmpyPovKGlYxXH-hzVHGF04eM-Nm4yKgI7XpdHlMixGLwnEEfK3NxW8J7rhPM-EdLs36ZFgdr1z1Ajw2o2YULOC38wlLq2sK8hWDeOU8Npu1JUqZ1IMgLWhaA_A6VzvrgCbkniNzX06j3Y72hnGSZEZHqGGjfOMMXWOMqFlckWUO4vSlw_ti_NIwhod4tKJvdYuVQGWcy_h3FssD0rOrn1G1XRCLynHzxpkba3XRvl1QFeJOxNgG6E3wtU_dqocdp7QDmpxr-GpapqO0dDh8p6Yy4oAAr9WuE-XrrOV4fOaNGO3YQXwKZecaMpAWQprzbvMknj8yV84bz_ONEk1Mxp2LRn3M1rBbgkIKIBvbPaX-z9OUky-YzA2YAmRXA0ZWOpcBjncCOoKOC_bbNzvvHQ2056jBuFhUpeC8uzWgYI5ZYt_gcj8e6Hbtv0MBvoQWyYAxLo3vNe0-GdDll1Bmey_JgbYqqyy9fa2bry70342GHEh9wSI_ofv7OiFsxWovBSlYLano96Z9fBpKsO3QOyBcW69a36bzdrAvkNgwrl7ZUc-o8jDvHrzBVoTZlazL6VRbAztDxmX8PMcaeG9A6i3h2v28-x4EIw6RxcNWjjtECWKF6q24C6V-WJWyWHQ3_MhnFQ_7S_SD4ZWczZ7L9bTZcDGcBRBqXTT4UqxVJ2O_Gk6WHn0b9OL-DCn_k4Bj2iJb2M-A_b5bsS5c2SocK6ijpvbMu2ZX8OKCmGu7k828Qij8q_YTjdc_SmLgXCCVWeSuFRMHSNiQ4yKARfBXWVWtMepIPuD34cl4tomZpr5DWouoQJIfGpF9TexYUSmJw2bBctiipGmt98Mxgyxgfmsjj2LiS2RL_IVGMWc2JbPB7eO1QgJMz_rvVMakzDo8C0Y0US85ZJf1aPo54DIgC6LUEnBJhicpzRRhUK6MgPp5MuXicdMinB9qyYRgBE9JnUPhTxOBirHiRwXxbDRc2ApmlvlnNYJX3dgTfBKlnfFqFR3wmGNrul2tICr8xwHrJzzcGuHSIJzEctILK5EftKsY9NwC79gPivuwCXOwB5f7lY3NRd4DgCtGSsuWYBeGSlm5X9t8C7L7BmCLM7HQ68dZrUE8PIRUa9FPJ8HQILyZJIAdvkbnBiNuYX-ihEG5lBQxou4PpSvvAYG4G4p3pKJXFDAdhCA70CdYoeQn5KPlC9bbiI7UQplAgO_2QWwy7psi8UFZLgBXVmfmu2D1O_3R8N2AcQL05zxyZ6F-i5rjV6h1O38zj8FuQWuWPaf1J3skB6BYCedFEL4tEXF6SjclklFyL2ogj2si80gw1doekgFao_HhefvTzyiKhyfO2QdxBOGYC3tKvmt4aUhwy8B3eCOEEAnxVh2smUhwH-LV0v8FnF0_uqds1axhsNco7YqpJq5dYgF4PxGqPZuYvQ-DmEtQPS8FlKu_Trdo8C6bFq6hWq8GlQwrqIQ1B71t6SiVidRdjky3HFoRyJAoltpvOvxAGevRA1EVUcMVDTqsCBcvNJmXubOupaUdR_EuuXu6VhSgKDbckhfPIS0PJm3ds79g8S2FvXi32crABTP_rkhdWttvDuZnSCYCU7hfsacfW5h7rtPDiAhBsaMi5502-lxbXh6MELrNDmkVDZRuEdXnnwL34BF4oIdFWud-9dTfIN8DBKbY9LBw1D5J2WPx0f6L_6eUQv17ABK4hKjxrQfTxnDO3E0QrFN0JT53-_p7&cid=CAASEuRorYXwBImsqkW1sUQHin94gQ&rfl=3%2Chttps%253A%252F%252Fdownfile.site%242%2C%2Chttps%253A%252F%252Fdownfile.site%252F2021%252F08%252F15%252Fthe-next-cyber-victim-could-be-you%252F%240 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 14:31:38 GMT content-encoding gzip x-content-type-options nosniff age 38437 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15207 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 17 Jan 2023 14:31:38 GMT
GET H2	200	/ Show response track.adform.net/adfserve/ Frame C9D8	3 KB 2 KB	30ms 30ms	Script text/javascript	37.157.4.25 ADFORM
General Check archive.org Show headers Download Go to Full URL https://track.adform.net/adfserve/?bn=51990269;gdpr=1;gdpr_consent=li;click=https%3A%2F%2Fhal900017.redintelligence.net%2Fc%2Fpm6w5ddwepjvkv5%3Ftprde%3D;js=1;adfxid=1x;2794;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fdownfile.site Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.4.25 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash 0e3dd1213b455d72ae2d8f5ba7470f62401b406b77ea24cd3992a9c063764149 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT content-encoding gzip server nginx vary Accept-Encoding p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control no-cache, no-store, must-revalidate, no-transform strict-transport-security max-age=31536000; includeSubDomains content-type text/javascript; charset=utf-8 content-length 1815 expires -1
GET H/1.1	200 OK	npoee1nv94vs Show response hal9000.redintelligence.net/zone/ Frame 238C	11 KB 4 KB	65ms 23ms	Script text/html	78.46.90.238 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal9000.redintelligence.net/zone/npoee1nv94vs?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNIan7hPmYYi3ONSorATVlJCgAbXN-YNXzN65q-UM8C4QASCT5ps3YJUCyAEJqQLO4HeQvCKzPqgDAaoE9gFP0DMOXSa1-5OJGIE4IjA01A6WnkeCkKWZsp_A4f4qoMQBlUHBK0Xn6QhVKkTVRUG3qP5elWy0W03tunSD6xC4I6vGUX4TipDSPtnsl-Gm1WT-fWVTf5DFqM-Hr2KurKIMa353bhU3bWWQK6KFcarQ8L5csJsFXIntssd3543TwGZ3QxNRi9XFF9LM9Lhh0wrG-mgSCRAqJu5sNsV39zamJnBySL3qSiohvhLfiXAp6MQfRQdWjTecsvoBZsLPP2eGNxiS03XgAraTi0qvDDtYh66kGOYpWmVuoGVZNZkBKGpRA-Sb_eD5svvmqGCzkCC4Db_4kszABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYH4AKAZgLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRorYXwBImsqkW1sUQHin94gQ%26sig%3DAOD64_1GmKNyYigc0njqN0GTiYxKblY48g%26client%3Dca-pub-1995021269147151%26dbm_c%3DAKAmf-Bj0qJsxLbes_K_899fzCltgsO4MHDYSLPtCkVhOhH_WdRdToXF3bKBxNWoITDVLpOev8s8F49PosfdBW0pDsDWrTW-6ATelT99TnHwM9reCfqLHQ6OHb7vXfHfT7H43hIZ4y8boKH7QzmgPhbU0kIndWZaZg%26cry%3D1%26dbm_d%3DAKAmf-Du5U2S1wxuwmYfZfku-njwlOl-l3f6kl-J1x6dp8b1QyzIeIk2VT1lEgPQIhWKZlak9wO8WOv2E1qdlupKyyMoQoSbnT6P34LWOjThpzHDu1L13uaIJb1-GaVijD-v4nSHHh-L2URobL3YkxjYLIQChTrJQFOMqeZwlNuCWH_aLXb3wmmIt_CHS_O1O8cvyWVHSf3VVqSGb9MyJu3o1CTFxdIe-Jr3M70_DGA0_bg74L9YOkmL7R5Ib1gIQNmwKcP4iD0tE1ikiztCvSX9ecgPPJdC-TqJW0t48o8RA3Eqxd1960lVJ96qA0Kd0JWT68XRfORgztFk-yJ6rrgwAKkPPpti9hAZboCHndhMMe3tjHiMlPCLRlPhEQO5craUDaFq5RZo4CMZmbvkEgYC5x9FRZT7bH1h-o56U4ViLqDPRoukmNQ9e26G_Kc0-rcZvEU5MFcPniTQ1aSc1BPzD7NU-klPUPC6WakF8cwhjGcKBDfm_3UrnP2zGDlDTbI1RGEEoPkH%26adurl%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.238.90.46.78.clients.your-server.de Software Apache / Resource Hash d802b3b31655cf0c2eb59a510b8b779328ad6934143493b314d0983361ec2175 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Content-Encoding gzip Server Apache Connection close Content-Length 3955 Vary Accept-Encoding Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	request.php Show response hal900027.redintelligence.net/ Frame 8205	2 KB 1 KB	157ms 98ms	Script application/x-javascript	78.46.111.106 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900027.redintelligence.net/request.php?zone=r9d3a58lo9uw&nw=20&renderingType=javascript&namespace=838e3b370c&subid=&uid=31a3850017b384af&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYeYT7gAOsDcKd_iT4wr0Tw%26mt_aid%3D7397400908430876262%26mt_id%3D8675609%26mt_adid%3D242876%26mt_sid%3D10023288%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_cid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCicQT7hPmYbGROI2KjuwPhuqY4AHPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQmoAwGqBIICT9DmObOBZk4u1CkRTr8Sn3jqPdG8a7la24b1P844JDStsjtiqRHH3F4o5WwCzUBCFVQLPTa9YkFdpIyIutTxFY93qKUX7AI2PBHYauZ9C5_5gayMxPAsf4EUGjIrZdTz09utx5HpU2hEOL0JJgXgV5DU1hl28pbaVaZQoHVu-ND7MJ058hvC7No11UwWauK6w7DMKk0aj_ld7UmRupvhPBPh0W83tarKejydehVKocDvdYDSog87HNEcR_vlmOq7WE3FnR373cJ5ze0tirvo0Z_lD7hYGlcRt5b0T9TqpwhtdD23478jUJ8Cl3zWPZzCxPxFTkVET0q1vOxF8Q5-FisAgAbqx4ewjce2-acBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3tWenEQJoJVN0Wpkdt8IcW7--uow%2526client%253Dca-pub-1995021269147151%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-1995021269147151%26output%3Dhtml%26h%3D280%26slotname%3D4636774736%26adk%3D2501056149%26adf%3D3173046723%26pi%3Dt.ma~as.4636774736%26w%3D336%26psa%3D0%26format%3D336x280%26url%3Dhttps%253A%252F%252Fdownfile.site%252F2021%252F08%252F15%252Fthe-next-cyber-victim-could-be-you%252F%26ea%3D0%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.%26dt%3D1642468334494%26bpp%3D1%26bdt%3D172%26idt%3D391%26shv%3Dr20220112%26mjsv%3Dm202201100101%26ptt%3D9%26saldr%3Daa%26cookie%3DID%253D77f8a330fe584294-2221391822cd003c%253AT%253D1642468333%253AS%253DALNI_MbNubERcxfixkRlJrkFUejWitKe0g%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D568832844229%26frm%3D23%26ife%3D4%26pv%3D1%26ga_vid%3D1246905763.1642468333%26ga_sid%3D1642468335%26ga_hid%3D1182417339%26ga_fc%3D1%26nhd%3D1%26u_tz%3D0%26u_his%3D3%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D1600%26bih%3D1200%26isw%3D0%26ish%3D0%26ifk%3D911492361%26scr_x%3D0%26scr_y%3D0%26eid%3D44750774%252C44753740%252C31064017%26oid%3D2%26pvsid%3D959695202485161%26pem%3D655%26tmod%3D21%26eae%3D2%26fc%3D1664%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C0%252C0%26vis%3D1%26rsz%3D%257C%257CEr%257C%26abl%3DCS%26pfx%3D0%26fu%3D32772%26bc%3D31%26ifi%3D2%26uci%3D2.zhyfgmytvd8a%26fsb%3D1%26dtd%3D401&ancestorOrigins=null&random=7019542339539&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 Requested by Host: hal9000.redintelligence.net URL: https://hal9000.redintelligence.net/zone/r9d3a58lo9uw?subid=&gdpr=1&gdpr_consent=li&rnd=7397400908430876262&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYeYT7gAOsDcKd_iT4wr0Tw%26mt_aid%3D7397400908430876262%26mt_id%3D8675609%26mt_adid%3D242876%26mt_sid%3D10023288%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_cid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCicQT7hPmYbGROI2KjuwPhuqY4AHPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQmoAwGqBIICT9DmObOBZk4u1CkRTr8Sn3jqPdG8a7la24b1P844JDStsjtiqRHH3F4o5WwCzUBCFVQLPTa9YkFdpIyIutTxFY93qKUX7AI2PBHYauZ9C5_5gayMxPAsf4EUGjIrZdTz09utx5HpU2hEOL0JJgXgV5DU1hl28pbaVaZQoHVu-ND7MJ058hvC7No11UwWauK6w7DMKk0aj_ld7UmRupvhPBPh0W83tarKejydehVKocDvdYDSog87HNEcR_vlmOq7WE3FnR373cJ5ze0tirvo0Z_lD7hYGlcRt5b0T9TqpwhtdD23478jUJ8Cl3zWPZzCxPxFTkVET0q1vOxF8Q5-FisAgAbqx4ewjce2-acBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3tWenEQJoJVN0Wpkdt8IcW7--uow%2526client%253Dca-pub-1995021269147151%2526adurl%253D%26redirect%3D Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.106.111.46.78.clients.your-server.de Software Apache / Resource Hash c8dc06da7d3369bcb222a07d03eab5f1dc4c033def0c0263b344f98d0d9aaf19 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:15 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Cache-Control no-store, no-cache, must-revalidate, max-age=0 X-NEORY-SubId 45187100009834402179199011843027 Connection close Content-Type application/x-javascript; charset=utf-8 Content-Length 726 Expires Tue, 18 Jan 2022 01:12:15 +0100
GET H3	200	Enqz_20U.html Show response tpc.googlesyndication.com/sodar/ Frame B28C	22 KB 8 KB	19ms 19ms	Document text/html	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Enqz_20U.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip cross-origin-resource-policy cross-origin cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} timing-allow-origin * content-length 8395 x-content-type-options nosniff server sffe x-xss-protection 0 date Mon, 17 Jan 2022 14:31:40 GMT expires Tue, 17 Jan 2023 14:31:40 GMT cache-control public, max-age=31536000 last-modified Tue, 03 Mar 2020 20:15:00 GMT content-type text/html age 38435 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET DATA	200 OK	truncated / Frame C9D8	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/gif
GET H/1.1	200 OK	addDoubleBorder.js Show response cdn.contentspread.net/24i/tools/js/ Frame C9D8	851 B 1 KB	100ms 21ms	Script application/javascript	88.99.65.215 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://cdn.contentspread.net/24i/tools/js/addDoubleBorder.js Requested by Host: hal900017.redintelligence.net URL: https://hal900017.redintelligence.net/request_content.php?s=54995600010044903891610011843017&a=16011e5d Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 88.99.65.215 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.215.65.99.88.clients.your-server.de Software nginx / Resource Hash abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Last-Modified Tue, 03 May 2016 20:54:50 GMT Server nginx ETag "5729101a-353" Content-Type application/javascript Connection close Accept-Ranges bytes Content-Length 851
GET H/1.1	200 OK	request.php Show response hal900016.redintelligence.net/ Frame 238C Redirect Chain https://hal900016.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=8bd67c86ee&subid=&uid=23ed7ff387022c90&screenSize=1600x1200&screenSizeAvail=1600x1200&cl... https://hal900016.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=8bd67c86ee&subid=&uid=23ed7ff387022c90&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...	4 KB 2 KB	169ms 120ms	Script application/x-javascript	138.201.220.30 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900016.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=8bd67c86ee&subid=&uid=23ed7ff387022c90&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNIan7hPmYYi3ONSorATVlJCgAbXN-YNXzN65q-UM8C4QASCT5ps3YJUCyAEJqQLO4HeQvCKzPqgDAaoE9gFP0DMOXSa1-5OJGIE4IjA01A6WnkeCkKWZsp_A4f4qoMQBlUHBK0Xn6QhVKkTVRUG3qP5elWy0W03tunSD6xC4I6vGUX4TipDSPtnsl-Gm1WT-fWVTf5DFqM-Hr2KurKIMa353bhU3bWWQK6KFcarQ8L5csJsFXIntssd3543TwGZ3QxNRi9XFF9LM9Lhh0wrG-mgSCRAqJu5sNsV39zamJnBySL3qSiohvhLfiXAp6MQfRQdWjTecsvoBZsLPP2eGNxiS03XgAraTi0qvDDtYh66kGOYpWmVuoGVZNZkBKGpRA-Sb_eD5svvmqGCzkCC4Db_4kszABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYH4AKAZgLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRorYXwBImsqkW1sUQHin94gQ%26sig%3DAOD64_1GmKNyYigc0njqN0GTiYxKblY48g%26client%3Dca-pub-1995021269147151%26dbm_c%3DAKAmf-Bj0qJsxLbes_K_899fzCltgsO4MHDYSLPtCkVhOhH_WdRdToXF3bKBxNWoITDVLpOev8s8F49PosfdBW0pDsDWrTW-6ATelT99TnHwM9reCfqLHQ6OHb7vXfHfT7H43hIZ4y8boKH7QzmgPhbU0kIndWZaZg%26cry%3D1%26dbm_d%3DAKAmf-Du5U2S1wxuwmYfZfku-njwlOl-l3f6kl-J1x6dp8b1QyzIeIk2VT1lEgPQIhWKZlak9wO8WOv2E1qdlupKyyMoQoSbnT6P34LWOjThpzHDu1L13uaIJb1-GaVijD-v4nSHHh-L2URobL3YkxjYLIQChTrJQFOMqeZwlNuCWH_aLXb3wmmIt_CHS_O1O8cvyWVHSf3VVqSGb9MyJu3o1CTFxdIe-Jr3M70_DGA0_bg74L9YOkmL7R5Ib1gIQNmwKcP4iD0tE1ikiztCvSX9ecgPPJdC-TqJW0t48o8RA3Eqxd1960lVJ96qA0Kd0JWT68XRfORgztFk-yJ6rrgwAKkPPpti9hAZboCHndhMMe3tjHiMlPCLRlPhEQO5craUDaFq5RZo4CMZmbvkEgYC5x9FRZT7bH1h-o56U4ViLqDPRoukmNQ9e26G_Kc0-rcZvEU5MFcPniTQ1aSc1BPzD7NU-klPUPC6WakF8cwhjGcKBDfm_3UrnP2zGDlDTbI1RGEEoPkH%26adurl%3D&documentReferer=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ancestorOrigins=https%3A%2F%2Fdownfile.site%2Chttps%3A%2F%2Fdownfile.site%2Chttps%3A%2F%2Fdownfile.site&random=9657018691955&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol HTTP/1.1 Server 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.30.220.201.138.clients.your-server.de Software Apache / Resource Hash ac35fe94a33e697249800b49704587af4eabd36952f49076c1a2dd201f53584c Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:15 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Cache-Control no-store, no-cache, must-revalidate, max-age=0 X-NEORY-SubId 25139000013457200710616011843016 Connection close Content-Type application/x-javascript; charset=utf-8 Content-Length 1251 Expires Tue, 18 Jan 2022 01:12:15 +0100 Redirect headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:15 GMT Server Apache P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Location request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=8bd67c86ee&subid=&uid=23ed7ff387022c90&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNIan7hPmYYi3ONSorATVlJCgAbXN-YNXzN65q-UM8C4QASCT5ps3YJUCyAEJqQLO4HeQvCKzPqgDAaoE9gFP0DMOXSa1-5OJGIE4IjA01A6WnkeCkKWZsp_A4f4qoMQBlUHBK0Xn6QhVKkTVRUG3qP5elWy0W03tunSD6xC4I6vGUX4TipDSPtnsl-Gm1WT-fWVTf5DFqM-Hr2KurKIMa353bhU3bWWQK6KFcarQ8L5csJsFXIntssd3543TwGZ3QxNRi9XFF9LM9Lhh0wrG-mgSCRAqJu5sNsV39zamJnBySL3qSiohvhLfiXAp6MQfRQdWjTecsvoBZsLPP2eGNxiS03XgAraTi0qvDDtYh66kGOYpWmVuoGVZNZkBKGpRA-Sb_eD5svvmqGCzkCC4Db_4kszABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYH4AKAZgLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRorYXwBImsqkW1sUQHin94gQ%26sig%3DAOD64_1GmKNyYigc0njqN0GTiYxKblY48g%26client%3Dca-pub-1995021269147151%26dbm_c%3DAKAmf-Bj0qJsxLbes_K_899fzCltgsO4MHDYSLPtCkVhOhH_WdRdToXF3bKBxNWoITDVLpOev8s8F49PosfdBW0pDsDWrTW-6ATelT99TnHwM9reCfqLHQ6OHb7vXfHfT7H43hIZ4y8boKH7QzmgPhbU0kIndWZaZg%26cry%3D1%26dbm_d%3DAKAmf-Du5U2S1wxuwmYfZfku-njwlOl-l3f6kl-J1x6dp8b1QyzIeIk2VT1lEgPQIhWKZlak9wO8WOv2E1qdlupKyyMoQoSbnT6P34LWOjThpzHDu1L13uaIJb1-GaVijD-v4nSHHh-L2URobL3YkxjYLIQChTrJQFOMqeZwlNuCWH_aLXb3wmmIt_CHS_O1O8cvyWVHSf3VVqSGb9MyJu3o1CTFxdIe-Jr3M70_DGA0_bg74L9YOkmL7R5Ib1gIQNmwKcP4iD0tE1ikiztCvSX9ecgPPJdC-TqJW0t48o8RA3Eqxd1960lVJ96qA0Kd0JWT68XRfORgztFk-yJ6rrgwAKkPPpti9hAZboCHndhMMe3tjHiMlPCLRlPhEQO5craUDaFq5RZo4CMZmbvkEgYC5x9FRZT7bH1h-o56U4ViLqDPRoukmNQ9e26G_Kc0-rcZvEU5MFcPniTQ1aSc1BPzD7NU-klPUPC6WakF8cwhjGcKBDfm_3UrnP2zGDlDTbI1RGEEoPkH%26adurl%3D&documentReferer=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ancestorOrigins=https%3A%2F%2Fdownfile.site%2Chttps%3A%2F%2Fdownfile.site%2Chttps%3A%2F%2Fdownfile.site&random=9657018691955&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1 Cache-Control no-store, no-cache, must-revalidate, max-age=0 Connection close Content-Type text/html; charset=UTF-8 Content-Length 0 Expires Tue, 18 Jan 2022 01:12:15 +0100
GET H3	200	ze6spFYAGmeX0SVs4uO-WfgikXQwH0dcHguaiLf8sa4.js Show response pagead2.googlesyndication.com/bg/ Frame B28C	35 KB 13 KB	21ms 20ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/ze6spFYAGmeX0SVs4uO-WfgikXQwH0dcHguaiLf8sa4.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cdeeaca456001a6797d1256ce2e3be59f8229174301f475c1e0b9a88b7fcb1ae Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 16:35:04 GMT content-encoding br x-content-type-options nosniff age 31031 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13313 x-xss-protection 0 last-modified Thu, 06 Jan 2022 13:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Tue, 17 Jan 2023 16:35:04 GMT
GET H2	200	Standard Show response s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame C9D8	90 KB 39 KB	44ms 44ms	Script text/javascript	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Full URL https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash 80666771e4c8d157b7643583d0552efd7d7082bf03ed57b819412c5a7e8fb17c Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT content-encoding gzip last-modified Wed, 05 Jan 2022 15:01:11 GMT server nginx x-cache-status HIT vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=100000 expires Wed, 19 Jan 2022 04:22:51 GMT
GET H/1.1	200 OK	request_content.php Show response hal900027.redintelligence.net/ Frame 8755	7 KB 3 KB	73ms 21ms	Document text/html	78.46.111.106 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900027.redintelligence.net/request_content.php?s=45187100009834402179199011843027&a=b19b2192 Requested by Host: hal900027.redintelligence.net URL: https://hal900027.redintelligence.net/request.php?zone=r9d3a58lo9uw&nw=20&renderingType=javascript&namespace=838e3b370c&subid=&uid=31a3850017b384af&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYeYT7gAOsDcKd_iT4wr0Tw%26mt_aid%3D7397400908430876262%26mt_id%3D8675609%26mt_adid%3D242876%26mt_sid%3D10023288%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_cid%3D124b61e6-13ee-4601-881c-78d077589407%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCicQT7hPmYbGROI2KjuwPhuqY4AHPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTE5OTUwMjEyNjkxNDcxNTHIAQmoAwGqBIICT9DmObOBZk4u1CkRTr8Sn3jqPdG8a7la24b1P844JDStsjtiqRHH3F4o5WwCzUBCFVQLPTa9YkFdpIyIutTxFY93qKUX7AI2PBHYauZ9C5_5gayMxPAsf4EUGjIrZdTz09utx5HpU2hEOL0JJgXgV5DU1hl28pbaVaZQoHVu-ND7MJ058hvC7No11UwWauK6w7DMKk0aj_ld7UmRupvhPBPh0W83tarKejydehVKocDvdYDSog87HNEcR_vlmOq7WE3FnR373cJ5ze0tirvo0Z_lD7hYGlcRt5b0T9TqpwhtdD23478jUJ8Cl3zWPZzCxPxFTkVET0q1vOxF8Q5-FisAgAbqx4ewjce2-acBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3tWenEQJoJVN0Wpkdt8IcW7--uow%2526client%253Dca-pub-1995021269147151%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-1995021269147151%26output%3Dhtml%26h%3D280%26slotname%3D4636774736%26adk%3D2501056149%26adf%3D3173046723%26pi%3Dt.ma~as.4636774736%26w%3D336%26psa%3D0%26format%3D336x280%26url%3Dhttps%253A%252F%252Fdownfile.site%252F2021%252F08%252F15%252Fthe-next-cyber-victim-could-be-you%252F%26ea%3D0%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.%26dt%3D1642468334494%26bpp%3D1%26bdt%3D172%26idt%3D391%26shv%3Dr20220112%26mjsv%3Dm202201100101%26ptt%3D9%26saldr%3Daa%26cookie%3DID%253D77f8a330fe584294-2221391822cd003c%253AT%253D1642468333%253AS%253DALNI_MbNubERcxfixkRlJrkFUejWitKe0g%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D568832844229%26frm%3D23%26ife%3D4%26pv%3D1%26ga_vid%3D1246905763.1642468333%26ga_sid%3D1642468335%26ga_hid%3D1182417339%26ga_fc%3D1%26nhd%3D1%26u_tz%3D0%26u_his%3D3%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D1600%26bih%3D1200%26isw%3D0%26ish%3D0%26ifk%3D911492361%26scr_x%3D0%26scr_y%3D0%26eid%3D44750774%252C44753740%252C31064017%26oid%3D2%26pvsid%3D959695202485161%26pem%3D655%26tmod%3D21%26eae%3D2%26fc%3D1664%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C0%252C0%26vis%3D1%26rsz%3D%257C%257CEr%257C%26abl%3DCS%26pfx%3D0%26fu%3D32772%26bc%3D31%26ifi%3D2%26uci%3D2.zhyfgmytvd8a%26fsb%3D1%26dtd%3D401&ancestorOrigins=null&random=7019542339539&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.106.111.46.78.clients.your-server.de Software Apache / Resource Hash e6254d070232767371050809c43012a31b46dfb469842b0e7f66cd38abf55f3f Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Server Apache Cache-Control no-store, no-cache, must-revalidate, max-age=0 Expires Tue, 18 Jan 2022 01:12:15 +0100 Pragma no-cache P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Vary Accept-Encoding Content-Encoding gzip Content-Length 2314 Connection close Content-Type text/html; charset=utf-8
GET H/1.1	200 OK	cshow.php www.awin1.com/ Frame 8205	43 B 703 B	100ms 44ms	Image image/gif	104.111.239.217 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.awin1.com/cshow.php?s=2846681&v=14098&q=409715&r=296283&pref1=45187100009834402179199011843027&pv=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-239-217.deploy.static.akamaitechnologies.com Software / Resource Hash 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:15 GMT Strict-Transport-Security max-age=86400 P3P policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV" Cache-Control no-store, no-cache, max-age=0, must-revalidate Awin-Akamai-Rule-Set default Node Helix Connection keep-alive Content-Type image/gif Content-Length 43 Expires 0
GET H/1.1	200 OK	iframe Show response sync.mathtag.com/sync/ Frame BB9F	652 B 765 B	79ms 26ms	Document text/html	185.29.134.244 MEDIAMATH-INC
General Check archive.org Show headers Download Go to Full URL https://sync.mathtag.com/sync/iframe?mt_uuid=124b61e6-13ee-4601-881c-78d077589407&no_iframe=1&synclist=4&mt_lim=1&type=1&gdpr=1&gdpr_consent=li&source=bidder Requested by Host: sync.mathtag.com URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=1&type=1&synclist=4&gdpr=1&gdpr_consent=li Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.29.134.244 , United Kingdom, ASN30419 (MEDIAMATH-INC, US), Reverse DNS Software MT3 4133 baa842e master cdg-pixel-x26 config:1.0.0 / Resource Hash 4c5325edabfb7a618fea7fb98d21d0940c941d4533c4e337923515685808a056 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Content-Type text/html Connection close Access-Control-Allow-Origin * Server MT3 4133 baa842e master cdg-pixel-x26 config:1.0.0 Cache-Control no-cache P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Expires Tue, 18 Jan 2022 01:12:14 GMT Content-Encoding gzip
GET H3	200	cookie_push_onload.html Show response pagead2.googlesyndication.com/pagead/s/ Frame AEF4	1 KB 749 B	28ms 27ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding x-content-type-options nosniff content-encoding gzip server cafe content-length 724 x-xss-protection 0 date Mon, 17 Jan 2022 05:53:44 GMT expires Tue, 18 Jan 2022 05:53:44 GMT cache-control public, max-age=86400 age 69511 etag 48472445140208031 content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H/1.1	200 OK	img sync.mathtag.com/misc/ Frame 8205	43 B 550 B	71ms 25ms	Image image/gif	185.29.134.244 MEDIAMATH-INC
General Check archive.org Show headers Download Go to Show image Full URL https://sync.mathtag.com/misc/img?mm_bnc&gdpr=1&gdpr_consent=li&bcdv=0 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.29.134.244 , United Kingdom, ASN30419 (MEDIAMATH-INC, US), Reverse DNS Software MT3 4133 baa842e master cdg-pixel-x26 config:1.0.0 / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Server MT3 4133 baa842e master cdg-pixel-x26 config:1.0.0 P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Access-Control-Allow-Origin * Cache-Control no-cache Connection keep-alive Content-Type image/gif Keep-Alive timeout=360 Content-Length 43 Expires Tue, 18 Jan 2022 01:12:14 GMT
POST H2	200	/ track.adform.net/csimpr/ Frame C9D8	35 B 478 B	28ms 28ms	Ping image/gif	37.157.4.25 ADFORM
General Check archive.org Show headers Download Go to Full URL https://track.adform.net/csimpr/?bn=51990269&csi=9IRILoLK0NhQp7XEHtF1gBHGey4XQg1Gi7Adx6ZWHcnZKGWOLEEutt6vWmW1dlSa0 Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.4.25 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://hal900017.redintelligence.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT server nginx access-control-max-age 86400 access-control-allow-methods GET, POST p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin https://hal900017.redintelligence.net cache-control no-cache, no-store, must-revalidate, no-transform access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains content-type image/gif access-control-allow-headers Content-Type, Cache-Control, Accept-Encoding, X-Requested-With expires -1
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame B28C	0 20 B	66ms 66ms	Image image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BAOQ77xPmYdKFFJezx_APuqGT-AEAAAAAOAHgBAI&bg=!kpGlkdXNAAaocxMpqHM7ACkAdvg8Wpsxd2vrG9tZ7K0vMHvfhqIpnDjrmVgbdvhDit23miPxrY-pGQIAAABBUgAAAAJoAQcKAHN6EQvBCxshiTuRLnGx0zSyXMmMC8XwQM_0JDfxFxWDgkzr0nTHRijTEcyJ7SG2M0hSREjt3Jr4XXunKbUcqQA4buXuNJKRL7ja9Ms7KYSaARxG9ni0WKPDrZ7hCPJ1BqYD-BRRmZLCbuN_Z4dHfW0Yl-XrmQMKnQip4NFRD2SpRqBAn5-lnHrLmexT-BpCbx3hA4g9O_d42s5EC6LyHSZ3QTebzgJTISuJICDr0DHpPjPo54nss2Jxyj1J2Ie1_UPAYDLDI-7TKnWtEwbdSW8q4f-ipALHB1elVAkg-awP_0CgiiezBvlIeyLVMRYDVLRozfuoKs9vh76Icg7gMgw2T_6XaEqqEP3ivitGsBNMK6yOeNx-pTjhsyrM9t9bRSrC680jvpiUg0WgXvebA_7M6E6xjaLpUY5dw40xfxEQA263mZdmDYzczE2vraSb-lSGLnnxFjg_s5lesk5J40yC5wpgohlQQypIQry_IPuLCFXPA8eOnHCaY-U5g4YbwE-QZDBza-Oha7FCYXeXeaw_Exh_e0roWoCGYnaGV-jh7B3SVBR0BDI630Fj2bFrEweCgAm81ccK7aR4-IqJRrVyEvfQQiFHjdVbVt_U2fYyMlcwKaJ2vX8RV9gC2rIMKsnBwcOjZ_EqvTstoczYRAiF-1SwYKjB9aigtVx2enFZb6PD_dOeUZoJrnOmRPyCnBIMB5aJEZ7NRQgUgbyefJG_7rUz8-RddnZqXQKizYvxFWbKzmcf6PAxXtQqVv08-6bvDMyPETCj5r3fTkY4vIFjGLwagxxZT1bUuyDr7y2twb9KaqRdk3hyrbBVGwotG61Q5Q0oSkxgWoUHMr6bx5dKehs5r5OVsk3etfJYFFJwoJv0tlKKCe5ymurKS_v6hv76Uz_GG5rVfLab__xan4TOx_1XjDnp-KVVGAsT1MonbCpwAGVFm1l3vYIkXcbk9ZvZikTV2Q7Zx4PwpDatxf29HXc5sMfl2nwt7YrTmIJYziwCGOt-gc3SiDQY0Gtf-tRErBj2QEIgX6ut0jhljqaEc8yB8cC8pq9NX8z7n1siH_IN3Tjyjn0BjkJpz6S4UmezdseGtk9SL4fwjPRybdkHKMrsm0xdxd0YXG8oxUsrkuEFj2dpBffispARACeIqSM3yH7f8ieNJnftkcOtCQVsVjG0huybev_3aRgb_h08yA Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	10674031.js Show response s1.adform.net/Banners/Elements/Files/160090/10674031/ Frame D977	3 KB 1 KB	29ms 28ms	Script application/x-javascript	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/10674031.js?ADFassetID=10674031&bv=258 Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash 96bcbe3684c1089d731e6e8b4e7a9af69f361e8299c381a1b22268e85131c0cd Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT content-encoding gzip last-modified Tue, 14 Dec 2021 16:31:55 GMT server nginx etag W/"61b8c6fb-c8a" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 content-type application/x-javascript
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 8755	89 KB 32 KB	70ms 25ms	Script text/javascript	2a00:1450:4001:80f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js Requested by Host: hal900027.redintelligence.net URL: https://hal900027.redintelligence.net/request_content.php?s=45187100009834402179199011843027&a=b19b2192 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900027.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 22:26:20 GMT content-encoding gzip x-content-type-options nosniff age 182755 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 32245 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Sun, 15 Jan 2023 22:26:20 GMT
GET H2	200	evergreen-kis-300x250.jpg media.kaspersky.com/de/affiliates/ Frame 8755 Redirect Chain https://www.awin1.com/cshow.php?s=2846681&v=14098&q=409715&r=296283&pref1=45187100009834402179199011843027&pv=0 https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg	80 KB 80 KB	308ms 127ms	Image image/jpeg	93.159.228.11 KL-EXT
General Check archive.org Show headers Download Go to Show image Full URL https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg Requested by Host: hal900027.redintelligence.net URL: https://hal900027.redintelligence.net/request_content.php?s=45187100009834402179199011843027&a=b19b2192 Protocol H2 Server 93.159.228.11 , Switzerland, ASN200107 (KL-EXT, RU), Reverse DNS Software / Kaspersky Labs, Kaspersky Labs Resource Hash 06d9487d0d05b38994c2a06ab9639cfa33afe0c98f89cbb0f3bcefb4cfb0aa84 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900027.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff last-modified Tue, 14 Sep 2021 12:09:27 GMT server x-powered-by Kaspersky Labs, Kaspersky Labs etag "1b72585d61a9d71:0" x-frame-options SAMEORIGIN content-type image/jpeg x-xss-protection 1; mode=block x-server msk2/MSK8 accept-ranges bytes content-length 81829 date Tue, 18 Jan 2022 01:12:15 GMT Redirect headers Date Tue, 18 Jan 2022 01:12:15 GMT Strict-Transport-Security max-age=86400 P3P policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV" Location https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg Awin-Akamai-Rule-Set default Node Helix Connection keep-alive Content-Length 0
GET H2	200	dpixel cms.quantserve.com/ Frame AEF4	35 B 463 B	102ms 30ms	Image image/gif	2620:116:800d:21:3175:5196:e3fd:8c1d AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEClsBpBF6N4PqS0rStIf--Y&google_cver=1&google_push=AYg5qPIfvh2O-tetYvUbWiIQNlLzv5L0qKZNpqIpfu6xpCsqdoXcGn_JP6k5i4cZN7vM11_vSkNykjBLtpDczWUUCH5ShDC8CMI Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8 Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT strict-transport-security max-age=86400 p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV" cache-control private, no-cache, no-store, proxy-revalidate content-type image/gif content-length 35 expires Fri, 04 Aug 1978 12:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame AEF4 Redirect Chain https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKdZkQh... https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKdZkQh... https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAxMTgwMTEyMTYwMDAxMjg4MzA3NTkxOA%3D%3D&google_push=AYg5qPKdZkQhv1MXHRFw0vV8JQNEQQFmRwIfkYajddjGUS8qnBZFDNYubnXgHK53mPf1Eh...	170 B 188 B	27ms 26ms	Image image/png	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAxMTgwMTEyMTYwMDAxMjg4MzA3NTkxOA%3D%3D&google_push=AYg5qPKdZkQhv1MXHRFw0vV8JQNEQQFmRwIfkYajddjGUS8qnBZFDNYubnXgHK53mPf1Eh0u5hHnAWSMMfXDPhcORnTlOS4Xbw Protocol H3 Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAxMTgwMTEyMTYwMDAxMjg4MzA3NTkxOA%3D%3D&google_push=AYg5qPKdZkQhv1MXHRFw0vV8JQNEQQFmRwIfkYajddjGUS8qnBZFDNYubnXgHK53mPf1Eh0u5hHnAWSMMfXDPhcORnTlOS4Xbw pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT cache-control max-age=0, no-cache, no-store content-length 0 strict-transport-security max-age=2628000 expires Tue, 18 Jan 2022 01:12:16 GMT
GET H2	200	sync odr.mookie1.com/t/v2/ Frame AEF4	43 B 324 B	75ms 36ms	Image image/gif	34.98.67.61 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEFeehtv0G5flM7_EkPz_EYY&google_push=AYg5qPLiVRcBlEmzKHAQ4pCUHN9TVOKecyrybMwjjR8Si9sGeniqQnWo2IgeiGdaMK16DE77suDmZ3ID3xHRGRsy1Zq8x6EfuGg&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 61.67.98.34.bc.googleusercontent.com Software Apache / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT via 1.1 google server Apache p3p CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml" cache-control no-cache, no-store, must-revalidate content-type image/gif;charset=UTF-8 alt-svc clear content-length 43 x-application-context application expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	200	dds rtb.openx.net/sync/ Frame AEF4	43 B 351 B	106ms 34ms	Image image/gif	35.227.252.103 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://rtb.openx.net/sync/dds?google_gid=CAESEMy7jsRIRX31XzfCulgZx4g&google_cver=1&google_push=AYg5qPLVKj9qvrT6lGk7CkcY3WTd_MexUPYH9yKR3bfUH3JPLpzUVjMFyTDahOg4Faa2y1aLxBABe7-b_sXY3Kp39Bf-LQ6R2nI Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 103.252.227.35.bc.googleusercontent.com Software Cowboy / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT via 1.1 google server Cowboy vary Origin p3p CP="CUR ADM OUR NOR STA NID" access-control-allow-origin null access-control-expose-headers cache-control private, max-age=0, no-cache, must-revalidate access-control-allow-credentials true content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 43 x-request-id n64lvv5lpf202r8unsurchgd2mbs8mmf
GET H3	200	pixel cm.g.doubleclick.net/ Frame AEF4 Redirect Chain https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%... https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%... https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Iz6fi7LES-KnJbpZMNBIhQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...	170 B 188 B	62ms 61ms	Image image/png	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Iz6fi7LES-KnJbpZMNBIhQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJvrlt761kquGbk041A5STjWIxwxGERfOcj6w9leYZ6Ua15AqWeM3uM5SW24-NaQISNVxx8ETfU9itvyLLQu4-mRIS1xQ Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 Protocol H3 Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Iz6fi7LES-KnJbpZMNBIhQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJvrlt761kquGbk041A5STjWIxwxGERfOcj6w9leYZ6Ua15AqWeM3uM5SW24-NaQISNVxx8ETfU9itvyLLQu4-mRIS1xQ date Tue, 18 Jan 2022 01:12:15 GMT p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" content-length 0 content-type text/html; charset=UTF-8
GET H3	200	pixel cm.g.doubleclick.net/ Frame AEF4 Redirect Chain https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENmJXFUOLNLefh7dJYRM2do&google_cver=1&google_push=AYg5qPKNBJUHko6PCcFWIJUPOxn6kr3K3c780-z5evGsCFbxa3w5RzEY9_hLOVaHiOnmbRXQdNR... https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lKRjhOOEktQi1HQjg4&google_push=AYg5qPKNBJUHko6PCcFWIJUPOxn6kr3K3c780-z5evGsCFbxa3w5RzEY9_hLOVaHiOnmbRXQdNR67KhhxseXHh3G6GNvt0fbuls	170 B 188 B	30ms 30ms	Image image/png	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lKRjhOOEktQi1HQjg4&google_push=AYg5qPKNBJUHko6PCcFWIJUPOxn6kr3K3c780-z5evGsCFbxa3w5RzEY9_hLOVaHiOnmbRXQdNR67KhhxseXHh3G6GNvt0fbuls Protocol H3 Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Location https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lKRjhOOEktQi1HQjg4&google_push=AYg5qPKNBJUHko6PCcFWIJUPOxn6kr3K3c780-z5evGsCFbxa3w5RzEY9_hLOVaHiOnmbRXQdNR67KhhxseXHh3G6GNvt0fbuls Cache-Control no-cache,no-store,must-revalidate Content-Type text/html content-length 0 X-RPHost 750589468d5634b7e99830971becaf64 Expires 0
GET		pixel cm.g.doubleclick.net/ Frame AEF4 Redirect Chain https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1&googl... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wIm...	0 0
GET H3	204	attr cm.g.doubleclick.net/pixel/ Frame AEF4	0 12 B	25ms 24ms	Image text/html	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JhdHpNaMJHIIhGHzd_mXrcam2sEmoBM8SeU2Yf2J3xz7SJNRZzaKQWkerV2zfxCfZDkuDN Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=280&slotname=4636774736&adk=2501056149&adf=3173046723&pi=t.ma~as.4636774736&w=336&psa=0&format=336x280&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334494&bpp=1&bdt=172&idt=391&shv=r20220112&mjsv=m202201100101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1182417339&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=911492361&scr_x=0&scr_y=0&eid=44750774%2C44753740%2C31064017&oid=2&pvsid=959695202485161&pem=655&tmod=21&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.zhyfgmytvd8a&fsb=1&dtd=401 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT server HTTP server (unknown) alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 content-type text/html
GET H/1.1	200 OK	img sync.mathtag.com/misc/ Frame BB9F	43 B 549 B	51ms 33ms	Image image/gif	185.29.134.244 MEDIAMATH-INC
General Check archive.org Show headers Download Go to Show image Full URL https://sync.mathtag.com/misc/img?mm_bnc&gdpr=1&gdpr_consent=li&bcdv=0 Requested by Host: sync.mathtag.com URL: https://sync.mathtag.com/sync/iframe?mt_uuid=124b61e6-13ee-4601-881c-78d077589407&no_iframe=1&synclist=4&mt_lim=1&type=1&gdpr=1&gdpr_consent=li&source=bidder Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.29.134.244 , United Kingdom, ASN30419 (MEDIAMATH-INC, US), Reverse DNS Software MT3 4133 baa842e master cdg-pixel-x7 config:1.0.0 / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://sync.mathtag.com/sync/iframe?mt_uuid=124b61e6-13ee-4601-881c-78d077589407&no_iframe=1&synclist=4&mt_lim=1&type=1&gdpr=1&gdpr_consent=li&source=bidder User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Server MT3 4133 baa842e master cdg-pixel-x7 config:1.0.0 P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Access-Control-Allow-Origin * Cache-Control no-cache Connection keep-alive Content-Type image/gif Keep-Alive timeout=360 Content-Length 43 Expires Tue, 18 Jan 2022 01:12:14 GMT
GET H2	200	screen.css s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/ Frame D977	1 KB 885 B	37ms 34ms	Stylesheet text/css	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/screen.css Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash 4879c5ca67a36e3c2c633557a3a3886ab14b5b6490fa9936acf0fd0abe892778 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT content-encoding gzip last-modified Tue, 14 Dec 2021 16:31:55 GMT server nginx etag W/"61b8c6fb-567" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 content-type text/css
GET H2	200	Adform.DHTML.js Show response s1.adform.net/banners/scripts/rmb/ Frame D977	30 KB 13 KB	42ms 39ms	Script application/x-javascript	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Full URL https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626 Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT content-encoding gzip last-modified Fri, 14 May 2021 12:35:21 GMT server nginx etag W/"609e6e89-76d9" x-cache-status HIT p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 content-type application/x-javascript
GET H2	200	introfill.png s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/ Frame D977	117 B 413 B	43ms 40ms	Image image/png	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Show image Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/introfill.png Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash 9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT last-modified Tue, 14 Dec 2021 16:31:55 GMT server nginx etag "61b8c6fb-75" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-type image/png content-length 117
GET H2	200	stoerer.png s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/ Frame D977	12 KB 12 KB	48ms 46ms	Image image/png	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Show image Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/stoerer.png Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash e5595db09650405bd6fe4cd28e4433abbbd694d6faa84292c353930bdad1a4d2 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT last-modified Tue, 14 Dec 2021 16:31:55 GMT server nginx etag "61b8c6fb-2e15" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-type image/png content-length 11797
GET H2	200	text1.png s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/ Frame D977	11 KB 11 KB	57ms 54ms	Image image/png	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Show image Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/text1.png Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash e6bcb09b72fe4af0a7025a07592c4d798c853a0bc53443bbfaeeb58dbaee58bf Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT last-modified Tue, 14 Dec 2021 16:31:56 GMT server nginx etag "61b8c6fc-2b14" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-type image/png content-length 11028
GET H2	200	banderole.png s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/ Frame D977	11 KB 11 KB	62ms 59ms	Image image/png	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Show image Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/banderole.png Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash 198ea6df487d503e09a019bc8e21eca1dd7487637b707551e99d51d4b8a6bd99 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT last-modified Tue, 14 Dec 2021 16:31:55 GMT server nginx etag "61b8c6fb-2c57" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-type image/png content-length 11351
GET H2	200	disclaimer.png s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/ Frame D977	4 KB 4 KB	62ms 60ms	Image image/png	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Show image Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/disclaimer.png Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash 339b062715f0fa93bd4509bbd3c7ee6ebb3ce63ef1140c0dbf3aa8935b7aaf7c Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT last-modified Tue, 14 Dec 2021 16:31:55 GMT server nginx etag "61b8c6fb-fe3" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-type image/png content-length 4067
GET H2	200	date.png s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/ Frame D977	2 KB 3 KB	62ms 60ms	Image image/png	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Show image Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/date.png Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash c4b84291d70c84edf4583b610057d85a19f5a7fa9c733fe7669afc6959bf70ac Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT last-modified Tue, 14 Dec 2021 16:31:55 GMT server nginx etag "61b8c6fb-921" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-type image/png content-length 2337
GET H2	200	cta.png s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/ Frame D977	2 KB 2 KB	62ms 60ms	Image image/png	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Show image Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/cta.png Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash c7ad088d10fbd3b025673a12b355062745683bd32b37a41bb68d0492b45a7b93 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT last-modified Tue, 14 Dec 2021 16:31:55 GMT server nginx etag "61b8c6fb-7f3" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-type image/png content-length 2035
GET H2	200	logostart.png s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/ Frame D977	7 KB 7 KB	73ms 72ms	Image image/png	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Show image Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/logostart.png Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash 411c5cad0d24027c726e52a3903531a2c8348c845e6552932c7698e997a81405 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT last-modified Tue, 14 Dec 2021 16:31:55 GMT server nginx etag "61b8c6fb-1a64" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-type image/png content-length 6756
GET H2	200	logo.png s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/ Frame D977	4 KB 4 KB	74ms 72ms	Image image/png	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Show image Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/logo.png Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash 77b3b2c53216ee57263fe847e0bd6f28ae2577a25c2ae00ab470dc164c769096 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT last-modified Tue, 14 Dec 2021 16:31:55 GMT server nginx etag "61b8c6fb-108f" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-type image/png content-length 4239
GET H2	200	model.jpg s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/ Frame D977	27 KB 27 KB	77ms 76ms	Image image/jpeg	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Show image Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/model.jpg Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash bd535a677d909fe39a55e19607aec7a8d5fd2046b889dd0e206ea0b690df261f Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT last-modified Tue, 14 Dec 2021 16:31:56 GMT server nginx etag "61b8c6fc-6b6f" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-type image/jpeg content-length 27503
GET H2	200	background.jpg s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/ Frame D977	9 KB 10 KB	85ms 84ms	Image image/jpeg	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Show image Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/background.jpg Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash 80d38f93a401277a265638209ae590d22642534a3e52df9f9f95229fbbf65471 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT last-modified Tue, 14 Dec 2021 16:31:56 GMT server nginx etag "61b8c6fc-2572" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-type image/jpeg content-length 9586
GET H3	200	CSSPlugin.min.js Show response cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame D977	38 KB 14 KB	76ms 43ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 17190 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 13669 timing-allow-origin * last-modified Mon, 04 May 2020 16:10:25 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03e71-9833" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lOoUUH%2BSlmGapTR%2BXbqcmk9o9rO5qhNAPISQ%2B8VNV9WjyKJ%2BdzYa3JTD5G%2BxDthWBZPr7gnA8RD%2FCRBrfgbZ4tyWb%2Bc8b3qGzBCOTvIUONMlbyVVBN9jm6lThc%2BhBJHqBNIYv55%2FoD2otzykDIfIvMFq"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6cf3f43a88717031-FRA expires Sun, 08 Jan 2023 01:12:15 GMT
GET H3	200	EasePack.min.js Show response cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame D977	5 KB 2 KB	76ms 42ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 2419097 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1730 timing-allow-origin * last-modified Mon, 04 May 2020 16:10:25 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03e71-146f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2BEAf09FX%2BsBuXLz1L%2B07%2FPrs6eUhslMFCgvi7CYBnAOuW9yvCu0D%2FtJyvl5spIXd6vBjJZms0hrJPORj5C66XUHgUh1B6WGzl%2BqcrN4BOJL52J2bMRFHbmoUeoWk%2FGCDLyr5mPw9DtRM78U2tdtV7Cm"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6cf3f43a886c7031-FRA expires Sun, 08 Jan 2023 01:12:15 GMT
GET H3	200	TweenLite.min.js Show response cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame D977	26 KB 9 KB	100ms 68ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1024592 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 8578 timing-allow-origin * last-modified Mon, 04 May 2020 16:10:25 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03e71-697f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xMecHIlhya%2F4eXpHn73273LY8vPZtyr8gQn2qazrMoSivU9qMcCKw0ikBoPNQ04%2FH3qmLlqbmUw%2BaSjASWa1r5k3noG5AXMBVhroim7jmPLOL%2BxDX7Q3Jgi64tataxBIXWoBio00yyaIBfSsMUr4K6LZ"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6cf3f43a886d7031-FRA expires Sun, 08 Jan 2023 01:12:15 GMT
GET H2	200	script.js Show response s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/ Frame D977	7 KB 1 KB	86ms 86ms	Script application/x-javascript	37.157.2.248 ADFORM
General Check archive.org Show headers Download Go to Full URL https://s1.adform.net/Banners/Elements/Files/160090/10674031/bvpath_258/script.js Requested by Host: s1.adform.net URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash 88810ce65ee55d7a60e833aa3fce057ba28d3a609f3504d6f66f0f77290d9334 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900017.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:15 GMT content-encoding gzip last-modified Tue, 14 Dec 2021 16:31:55 GMT server nginx etag W/"61b8c6fb-1c0e" x-cache-status HIT strict-transport-security max-age=0 p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" access-control-allow-origin * cache-control public, max-age=604800 content-type application/x-javascript
GET H/1.1	200 OK	link.html Show response track.webgains.com/ Frame 238C	1 KB 2 KB	404ms 153ms	Script text/html	46.236.13.147 PULSANT-AS
General Check archive.org Show headers Download Go to Full URL https://track.webgains.com/link.html?wglinkid=3432265&wgcampaignid=99582&js=1&nw=1&viewref=25139000013457200710616011843016 Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_CBC Server 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB), Reverse DNS 46-236-13-147.servers.dedipower.net Software Apache / Resource Hash 40aeda9aecf55ec37bf1b8b6df93ba90f3b72e9c6ec02755fcf9474bb6096301 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:16 GMT Last-Modified Tue, 18 Jan 2022 01:12:16 GMT Server Apache P3P policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV" X-WG-cache hit Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection close Content-Type text/html;charset=utf-8 Content-Length 1238 Expires Mon, 26 Jul 1997 05:00:00 GMT
GET H/1.1	200 OK	link.html Show response track.webgains.com/ Frame 238C	1 KB 2 KB	403ms 155ms	Script text/html	46.236.13.147 PULSANT-AS
General Check archive.org Show headers Download Go to Full URL https://track.webgains.com/link.html?wglinkid=723181&wgcampaignid=99582&js=1&nw=1&clickref=25139000013457200710616011843016&viewref=25139000013457200710616011843016 Requested by Host: downfile.site URL: https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_CBC Server 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB), Reverse DNS 46-236-13-147.servers.dedipower.net Software Apache / Resource Hash adefbc40e2c07ab72f269973098da656c4a6ef379aeb4198f75655a4059dfd66 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:16 GMT Last-Modified Tue, 18 Jan 2022 01:12:16 GMT Server Apache P3P policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV" X-WG-cache hit Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection close Content-Type text/html;charset=utf-8 Content-Length 1269 Expires Mon, 26 Jul 1997 05:00:00 GMT
GET H/1.1	200 OK	cshow.php www.awin1.com/ Frame 238C	43 B 704 B	54ms 54ms	Image image/gif	104.111.239.217 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.awin1.com/cshow.php?s=2874697&v=22610&q=408799&r=296283&pref1=25139000013457200710616011843016&pv=1 Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=8bd67c86ee&subid=&uid=23ed7ff387022c90&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCNIan7hPmYYi3ONSorATVlJCgAbXN-YNXzN65q-UM8C4QASCT5ps3YJUCyAEJqQLO4HeQvCKzPqgDAaoE9gFP0DMOXSa1-5OJGIE4IjA01A6WnkeCkKWZsp_A4f4qoMQBlUHBK0Xn6QhVKkTVRUG3qP5elWy0W03tunSD6xC4I6vGUX4TipDSPtnsl-Gm1WT-fWVTf5DFqM-Hr2KurKIMa353bhU3bWWQK6KFcarQ8L5csJsFXIntssd3543TwGZ3QxNRi9XFF9LM9Lhh0wrG-mgSCRAqJu5sNsV39zamJnBySL3qSiohvhLfiXAp6MQfRQdWjTecsvoBZsLPP2eGNxiS03XgAraTi0qvDDtYh66kGOYpWmVuoGVZNZkBKGpRA-Sb_eD5svvmqGCzkCC4Db_4kszABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYH4AKAZgLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRorYXwBImsqkW1sUQHin94gQ%26sig%3DAOD64_1GmKNyYigc0njqN0GTiYxKblY48g%26client%3Dca-pub-1995021269147151%26dbm_c%3DAKAmf-Bj0qJsxLbes_K_899fzCltgsO4MHDYSLPtCkVhOhH_WdRdToXF3bKBxNWoITDVLpOev8s8F49PosfdBW0pDsDWrTW-6ATelT99TnHwM9reCfqLHQ6OHb7vXfHfT7H43hIZ4y8boKH7QzmgPhbU0kIndWZaZg%26cry%3D1%26dbm_d%3DAKAmf-Du5U2S1wxuwmYfZfku-njwlOl-l3f6kl-J1x6dp8b1QyzIeIk2VT1lEgPQIhWKZlak9wO8WOv2E1qdlupKyyMoQoSbnT6P34LWOjThpzHDu1L13uaIJb1-GaVijD-v4nSHHh-L2URobL3YkxjYLIQChTrJQFOMqeZwlNuCWH_aLXb3wmmIt_CHS_O1O8cvyWVHSf3VVqSGb9MyJu3o1CTFxdIe-Jr3M70_DGA0_bg74L9YOkmL7R5Ib1gIQNmwKcP4iD0tE1ikiztCvSX9ecgPPJdC-TqJW0t48o8RA3Eqxd1960lVJ96qA0Kd0JWT68XRfORgztFk-yJ6rrgwAKkPPpti9hAZboCHndhMMe3tjHiMlPCLRlPhEQO5craUDaFq5RZo4CMZmbvkEgYC5x9FRZT7bH1h-o56U4ViLqDPRoukmNQ9e26G_Kc0-rcZvEU5MFcPniTQ1aSc1BPzD7NU-klPUPC6WakF8cwhjGcKBDfm_3UrnP2zGDlDTbI1RGEEoPkH%26adurl%3D&documentReferer=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ancestorOrigins=https%3A%2F%2Fdownfile.site%2Chttps%3A%2F%2Fdownfile.site%2Chttps%3A%2F%2Fdownfile.site&random=9657018691955&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-239-217.deploy.static.akamaitechnologies.com Software / Resource Hash 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:15 GMT Strict-Transport-Security max-age=86400 P3P policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV" Cache-Control no-store, no-cache, max-age=0, must-revalidate Awin-Akamai-Rule-Set default Node Helix Connection keep-alive Content-Type image/gif Content-Length 43 Expires 0
GET H/1.1	200 OK	viewability Show response hal900027.redintelligence.net/ Frame 8755	0 150 B	118ms 43ms	Script text/html	78.46.111.106 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900027.redintelligence.net/viewability?s=45187100009834402179199011843027&a=94231503&vb=m Requested by Host: hal900027.redintelligence.net URL: https://hal900027.redintelligence.net/request_content.php?s=45187100009834402179199011843027&a=b19b2192 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.106.111.46.78.clients.your-server.de Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900027.redintelligence.net/request_content.php?s=45187100009834402179199011843027&a=b19b2192 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:15 GMT Server Apache Connection close Content-Length 0 Content-Type text/html; charset=UTF-8
GET DATA	200 OK	truncated / Frame 8755	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/gif
GET H3	200	activeview pagead2.googlesyndication.com/pcs/ Frame B022	42 B 64 B	72ms 72ms	Image image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstdCzkUdIw6BfEco4GtGuULzJDw39ZwxO51QuNVfKCjmgUB4wbRfxSzFZ1vmRFPuuAff0Ic5spqtjDgwEQS7KNT54bUu5rkONYWERaKMu37rJwxDn85NQ&sai=AMfl-YTlrX45zHK9_WA9i9GoMCnX_YGw4Ag0odvFdl6yHR_w9MgeMH8J-R4OqBJfzGw2rBlVFZ5vSYVzqHIZThRtINUNLr6ISa3YN_5jNx9nt-bdIoYufyuJ-UgKBq4iVeE&sig=Cg0ArKJSzGUW6vPXlrryEAE&id=ampim&o=315,110&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=578&tls=1578&g=100&h=100&tt=1579&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=953638841 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:15 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	v2hgbmoUbj63_jf51UvJZhZNUSFfdCg_VyW8ms9Hm6fbuuwkkq0MV3Oq4lgzOW_J1I59fSqzp8cOXd9yEvFs expansioneggnog.com/	2 B 320 B	45ms 45ms	Ping application/json	35.201.103.212 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://expansioneggnog.com/v2hgbmoUbj63_jf51UvJZhZNUSFfdCg_VyW8ms9Hm6fbuuwkkq0MV3Oq4lgzOW_J1I59fSqzp8cOXd9yEvFs Requested by Host: expansioneggnog.com URL: https://expansioneggnog.com/v2wyzCAcKjRmxtVMnataKimYPM35TsgPadfzCS_A-JiYYEp-9prcEkAd5cXLn6Xbp Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.103.212 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 212.103.201.35.bc.googleusercontent.com Software / Resource Hash 4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers strict-transport-security max-age=15724800; preload x-datacenter gce-europe-west1 date Tue, 18 Jan 2022 01:12:15 GMT vary Accept-Encoding, Origin access-control-allow-methods POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://downfile.site cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true x-hostname fen-hoothoot-europe-west1-spot-33r1 timing-allow-origin * access-control-allow-headers DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie content-length 2 expires Tue, 18 Jan 2022 01:12:14 GMT
GET H3	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame 8EC6	42 B 64 B	59ms 59ms	Fetch image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvfJQHdBaLMW6WP8BsZaQHe44bNX0bu_Gt4tYGqh0X1tgkT4s3FWRyhq1dS-a34jlH0yGAh0mVKPCLmdA5HXGKqQzWp8L1UA7vdroUgElPaiOCUfN0nvA&sai=AMfl-YSeJseiRCt8ZyNQ5oljEH3O427ZOlxLtifb98MrNcSaaYEUaaButFef8NVPPhXL-e77T1V23Zr8SfnbJrrba247PoH_P7J02Iouc6fRZ0wzUWiXdepFRhmKn6TZEQU&sig=Cg0ArKJSzDuWTxpEdBgbEAE&id=lidar2&mcvt=1000&p=430,650,1030,950&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2755071693&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1642468334297&rpt=702&isd=0&lsd=0&met=mue&wmsd=0 Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	view securepubads.g.doubleclick.net/pcs/ Frame 9E52	0 0	60ms 59ms	Fetch image/gif	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuPu7NajpS7oFVsmjFp-Wb7mjGqdaWn8AsOyE72q_JsKxsze9TfCJLbEuUF_HqAQSK-DjDKieFor11uQFLM4RQrot1O9BJN8n5ZcMTfVfMq2TPF8XF9q4N1V1Sp5U5zuh4T9Y2LstimUByZkL94e-EOgr_8PnpT0pcXL9IDxsbipCpwrQLP4ibcgTY6nUG5mUDqy-vxrqNDIF8wDMK0GXuJ0Uc5yKTrJ66pZnrC7tMdfHOceg4gADtIGeOBGvS3FBqd-3e0TwxAaDx66j5uTRHlHiLIj3-6cn2aZmfeMkb6fF0nNzkv0H53kA7ARoXvplY2tl2-gw&sai=AMfl-YT2pTFEFXXeqGgubVReO1rCrJOcNh4DBWdnU_zfFIZsaZK5JvC-rlt4-g6Qdn2mJLmsPFXbsORWhbccXX3DTw3escnlji4snD2b9Fo9vt-WiJqDBQ4dSNZwGhgxlxQ&sig=Cg0ArKJSzK5mHp0PmViqEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl= Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Tue, 18 Jan 2022 01:12:16 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe expires Tue, 18 Jan 2022 01:12:16 GMT
GET H3	200	sodar Show response pagead2.googlesyndication.com/getconfig/ Frame 9E52	11 KB 9 KB	49ms 49ms	XHR application/json	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220112&st=env Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site&bust=31064017 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 4547dc45ff596beb2b964808d07eeab4de6b453b6153262fb14076de93f71207 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Tue, 18 Jan 2022 01:12:16 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8747 x-xss-protection 0
POST H3	204	csi csi.gstatic.com/ Frame 8EC6	0 17 B	582ms 303ms	Ping image/gif	2404:6800:4008:c01::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=5~kyjf8m79&c=4736328345014&slotId=2368164172507&qqid=CM-ayayPuvUCFQ-Idwod1KgNYA&dm=17761&event_name=first_play&asset_bytes=146387&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=13&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=3&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=ff.kyjf8mf0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/mysidia/3a74317e9b2bb5d49fed9cf198abdbac.js?tag=video_mra/web_raspberry Protocol H3 Security QUIC, , AES_128_GCM Server 2404:6800:4008:c01::5e Taipei, Taiwan, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT last-modified Wed, 21 Jan 2004 19:51:30 GMT server Golfe2 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	pvClk.min.js Show response analytics.webgains.io/ Frame 238C	51 KB 51 KB	103ms 21ms	Script application/javascript	18.66.97.25 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://analytics.webgains.io/pvClk.min.js Requested by Host: track.webgains.com URL: https://track.webgains.com/link.html?wglinkid=723181&wgcampaignid=99582&js=1&nw=1&clickref=25139000013457200710616011843016&viewref=25139000013457200710616011843016 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.25 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-25.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-version-id wvDglZsFnxZ0eZ1mUErJkFMo1VNidWYJ via 1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront) last-modified Tue, 09 Nov 2021 11:05:10 GMT server AmazonS3 age 107574 etag "ec0ced40cbb5211db06b8a36f209e442" x-cache Hit from cloudfront content-type application/javascript date Mon, 17 Jan 2022 01:14:21 GMT x-amz-cf-pop FRA56-P2 accept-ranges bytes content-length 51794 x-amz-cf-id qNxsks3ByFVmA1DI9H5PMpZEmopHFtArxZUHRucbaJzjkcmEHXckBQ==
GET H/1.1	200 OK	link.html track.webgains.com/ Frame 238C	4 KB 5 KB	149ms 45ms	Image image/png	46.236.13.147 PULSANT-AS
General Check archive.org Show headers Download Go to Show image Full URL https://track.webgains.com/link.html?wgcampaignid=99582&viewref=65737200012771200710772011843028&wglinkid=723181 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_CBC Server 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB), Reverse DNS 46-236-13-147.servers.dedipower.net Software Apache / Resource Hash 21744e5617ca04d2ad0b171c0dd028fab66f8978cf23ad01bc926fab7ffc3f03 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:16 GMT Last-Modified Tue, 18 Jan 2022 01:12:16 GMT Server Apache P3P policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV" X-WG-cache hit Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection close Content-Type image/png Content-Length 4193 Expires Mon, 26 Jul 1997 05:00:00 GMT
GET H3	200	activityi;dc_pre=CKLd762PuvUCFWjUEQgdte4C0w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=67304878514.74898 Show response 8019191.fls.doubleclick.net/ Frame 7A69 Redirect Chain https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=67304878514.74898? https://8019191.fls.doubleclick.net/activityi;dc_pre=CKLd762PuvUCFWjUEQgdte4C0w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=67304878514.74898?	391 B 345 B	67ms 37ms	Document text/html	142.250.186.70 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://8019191.fls.doubleclick.net/activityi;dc_pre=CKLd762PuvUCFWjUEQgdte4C0w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=67304878514.74898? Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.70 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f6.1e100.net Software cafe / Resource Hash 2f6afd9f252feef0e1378b4e7bf7b942e02598fd2b84200a16aff74598f3e420 Security Headers Name Value Strict-Transport-Security max-age=21600 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin date Tue, 18 Jan 2022 01:12:16 GMT expires Tue, 18 Jan 2022 01:12:16 GMT cache-control private, max-age=0 strict-transport-security max-age=21600 content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip server cafe content-length 322 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Redirect headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin date Tue, 18 Jan 2022 01:12:16 GMT pragma no-cache expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, must-revalidate follow-only-when-prerender-shown 1 strict-transport-security max-age=21600 location https://8019191.fls.doubleclick.net/activityi;dc_pre=CKLd762PuvUCFWjUEQgdte4C0w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=67304878514.74898? content-type text/html; charset=UTF-8 x-content-type-options nosniff server cafe content-length 0 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H/1.1	200 OK	request_content.php Show response hal900016.redintelligence.net/ Frame 9F56	7 KB 2 KB	73ms 29ms	Document text/html	138.201.220.30 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900016.redintelligence.net/request_content.php?s=25139000013457200710616011843016&a=fe2b5d21 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.30.220.201.138.clients.your-server.de Software Apache / Resource Hash c81d09115f8128b989dc66fd4c98c58ab2bf0797fb487d9583ff55eeb1fd5f82 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers Date Tue, 18 Jan 2022 01:12:16 GMT Server Apache Cache-Control no-store, no-cache, must-revalidate, max-age=0 Expires Tue, 18 Jan 2022 01:12:16 +0100 Pragma no-cache P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Vary Accept-Encoding Content-Encoding gzip Content-Length 2045 Connection close Content-Type text/html; charset=utf-8
GET H3	200	cookie_push_onload.html Show response pagead2.googlesyndication.com/pagead/s/ Frame E3C6	1 KB 749 B	20ms 19ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding x-content-type-options nosniff content-encoding gzip server cafe content-length 724 x-xss-protection 0 date Mon, 17 Jan 2022 05:53:44 GMT expires Tue, 18 Jan 2022 05:53:44 GMT cache-control public, max-age=86400 age 69512 etag 48472445140208031 content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	sodar2.js Show response tpc.googlesyndication.com/sodar/ Frame 9E52	17 KB 6 KB	30ms 30ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site&bust=31064017 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:16 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6386 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" etag "1637097310169751" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 18 Jan 2022 01:12:16 GMT
GET H/1.1	200 OK	link.html track.webgains.com/ Frame 238C	667 B 1 KB	131ms 45ms	Image image/jpeg	46.236.13.147 PULSANT-AS
General Check archive.org Show headers Download Go to Show image Full URL https://track.webgains.com/link.html?wgcampaignid=99582&viewref=89142500012667300710776011843024&wglinkid=3432265 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_CBC Server 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB), Reverse DNS 46-236-13-147.servers.dedipower.net Software Apache / Resource Hash 9ea21905a7edfa4ceda705f977891d5e100f9709318836cfacbab47ad3321ff1 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 18 Jan 2022 01:12:16 GMT Last-Modified Tue, 18 Jan 2022 01:12:16 GMT Server Apache P3P policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV" X-WG-cache hit Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection close Content-Type image/jpeg Content-Length 667 Expires Mon, 26 Jul 1997 05:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame E3C6 Redirect Chain https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEClsBpBF6N4PqS0rStIf--Y&google_cver=1&google_push=AYg5qPJZm6pKHVP_DrsMtNrDqgTyza-sppdh0-yyGMVGmY_RjY8RV47tlO... https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJZm6pKHVP_DrsMtNrDqgTyza-sppdh0-yyGMVGmY_RjY8RV47tlOPqK7SXR91TvAuSAlY0uovejQZpcbYTx4CtzHWBqg&google_hm=9nMrUUvG...	170 B 188 B	43ms 42ms	Image image/png	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJZm6pKHVP_DrsMtNrDqgTyza-sppdh0-yyGMVGmY_RjY8RV47tlOPqK7SXR91TvAuSAlY0uovejQZpcbYTx4CtzHWBqg&google_hm=9nMrUUvGnR2N3ch8LvUtKA Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJZm6pKHVP_DrsMtNrDqgTyza-sppdh0-yyGMVGmY_RjY8RV47tlOPqK7SXR91TvAuSAlY0uovejQZpcbYTx4CtzHWBqg&google_hm=9nMrUUvGnR2N3ch8LvUtKA pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT cache-control private, no-cache, no-store, proxy-revalidate content-length 0 strict-transport-security max-age=86400 expires Fri, 04 Aug 1978 12:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame E3C6 Redirect Chain https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLO46wO9udhpcr0kSetE2bFiGrcbmejix6-L61EwEGwFNKe8AsrDeUTzkdkGXjw1LZwO23uaL2OhoNa1dC0zemhsKO0JHs&google_gid=CAESEJo2V1RWnmn5iokdvyaGqyw&goog... https://id.rlcdn.com/1000.gif?memo=CK69HBoNCPCnmI8GEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMTzQ2d085dWRocGNyMGtTZXRFMmJGaUdyY2JtZWppeDYtTDYxRXdFR3dGTktlOEFzckRlVVR6a2RrR1hqdzFMWndPMjN1YUwyT2hvTmExZE... https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwemZYckYyZjZwb0NpQm1VX0lJdUJVSFI1a2tySGFZanExdTlSQWczeUhpaw==&google_push	170 B 188 B	28ms 28ms	Image image/png	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwemZYckYyZjZwb0NpQm1VX0lJdUJVSFI1a2tySGFZanExdTlSQWczeUhpaw==&google_push Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers date Tue, 18 Jan 2022 01:12:16 GMT via 1.1 google p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" location https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwemZYckYyZjZwb0NpQm1VX0lJdUJVSFI1a2tySGFZanExdTlSQWczeUhpaw==&google_push cache-control no-cache, no-store timing-allow-origin * alt-svc clear content-length 0
GET H3	200	dds rtb.openx.net/sync/ Frame E3C6	43 B 64 B	68ms 47ms	Image image/gif	35.227.252.103 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://rtb.openx.net/sync/dds?google_gid=CAESEMy7jsRIRX31XzfCulgZx4g&google_cver=1&google_push=AYg5qPLqLJAvYJSOIyo5rnP5v88Pe8NpFn76y5F1uAWhiipLFirfjdI-gpimnZ427zoVlLrei4_NEV0ZKo0ucyRX_achgL2cUnA Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Security QUIC, , AES_128_GCM Server 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 103.252.227.35.bc.googleusercontent.com Software Cowboy / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT via 1.1 google server Cowboy vary Origin p3p CP="CUR ADM OUR NOR STA NID" access-control-allow-origin null access-control-expose-headers cache-control private, max-age=0, no-cache, must-revalidate access-control-allow-credentials true content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 43 x-request-id 1kf9fol70lltp0o8h0hrkidljo15mvq2
GET H3	200	pixel cm.g.doubleclick.net/ Frame E3C6 Redirect Chain https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%... https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Iz6fi7LES-KnJbpZMNBIhQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...	170 B 188 B	43ms 42ms	Image image/png	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Iz6fi7LES-KnJbpZMNBIhQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPL0oZ1e9WoaV4ByKUR2KbYZJGq2GU-iusrGENgI6o1hO1QKCuuigirogUNTN7nVELRckkk-BqDV0McAmnYhkivomfW6-io Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Iz6fi7LES-KnJbpZMNBIhQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPL0oZ1e9WoaV4ByKUR2KbYZJGq2GU-iusrGENgI6o1hO1QKCuuigirogUNTN7nVELRckkk-BqDV0McAmnYhkivomfW6-io date Tue, 18 Jan 2022 01:12:15 GMT p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" content-length 0 content-type text/html; charset=UTF-8
GET H3	200	pixel cm.g.doubleclick.net/ Frame E3C6 Redirect Chain https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENmJXFUOLNLefh7dJYRM2do&google_cver=1&google_push=AYg5qPKSVEhNBcS7V1FJHHkM2Mhfl93EEeRh6ttKIIpMcmMAI4dXrU7xYNWvmDkyzkFXjl4f792... https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lKRjhOREstMUEtNFNLNQ==&google_push=AYg5qPKSVEhNBcS7V1FJHHkM2Mhfl93EEeRh6ttKIIpMcmMAI4dXrU7xYNWvmDkyzkFXjl4f792E5LRJEIufQ-7Gq5iHCvOvagw	170 B 188 B	28ms 28ms	Image image/png	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lKRjhOREstMUEtNFNLNQ==&google_push=AYg5qPKSVEhNBcS7V1FJHHkM2Mhfl93EEeRh6ttKIIpMcmMAI4dXrU7xYNWvmDkyzkFXjl4f792E5LRJEIufQ-7Gq5iHCvOvagw Protocol H3 Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Location https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lKRjhOREstMUEtNFNLNQ==&google_push=AYg5qPKSVEhNBcS7V1FJHHkM2Mhfl93EEeRh6ttKIIpMcmMAI4dXrU7xYNWvmDkyzkFXjl4f792E5LRJEIufQ-7Gq5iHCvOvagw Cache-Control no-cache,no-store,must-revalidate Content-Type text/html content-length 0 X-RPHost 750589468d5634b7e99830971becaf64 Expires 0
GET		pixel cm.g.doubleclick.net/ Frame E3C6 Redirect Chain https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1&googl... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe...	0 0
GET H2	200	trk ag.innovid.com/ Frame E3C6	43 B 296 B	433ms 33ms	Image image/gif	2a05:d01c:1d8:8102:6f46:d53f:d0c7:668b AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ag.innovid.com/trk?tid=11711&google_gid=CAESENSl9hY_tTNvLopkcIBb3lE&google_cver=1&google_push=AYg5qPIwTM2hilmqCGb17fu0ReCGN4CFYL3POUK6lWQGJISNgx6UNRy2V8E1klLDwKw3_V4f-jfFlhORw6UZ07WbM-HBMfYOtaA Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a05:d01c:1d8:8102:6f46:d53f:d0c7:668b London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT cache-control no-cache content-type image/gif content-length 43 request-time 0 expires -1
GET H3	204	attr cm.g.doubleclick.net/pixel/ Frame E3C6	0 12 B	28ms 27ms	Image text/html	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J2x6E_8vKwuuU4pncJrHc8E3PEx4nz8-8RjBfaKHPSgWOq2hmtGtpvEVOC4nsFt-Ef06QA Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1995021269147151&output=html&h=250&slotname=5605423233&adk=3391074604&adf=4198862047&pi=t.ma~as.5605423233&w=300&psa=0&format=300x250&url=https%3A%2F%2Fdownfile.site%2F2021%2F08%2F15%2Fthe-next-cyber-victim-could-be-you%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642468334608&bpp=1&bdt=295&idt=291&shv=r20220112&mjsv=m202201060101&ptt=9&saldr=aa&cookie=ID%3D77f8a330fe584294-2221391822cd003c%3AT%3D1642468333%3AS%3DALNI_MbNubERcxfixkRlJrkFUejWitKe0g&prev_fmts=0x0&nras=1&correlator=568832844229&frm=23&ife=4&pv=1&ga_vid=1246905763.1642468333&ga_sid=1642468335&ga_hid=1034924366&ga_fc=1&nhd=2&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2816342114&scr_x=0&scr_y=0&eid=31063752%2C44750774%2C44753740%2C31062423&oid=2&pvsid=4356404215204481&pem=655&tmod=724&eae=2&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=2&uci=2.dkh3m4awa9o9&fsb=1&dtd=295 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:16 GMT server HTTP server (unknown) alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 content-type text/html
GET H3	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/225/ Frame F66F	13 KB 5 KB	24ms 23ms	Document text/html	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip cross-origin-resource-policy cross-origin cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-length 5046 x-content-type-options nosniff server sffe x-xss-protection 0 date Mon, 17 Jan 2022 22:32:14 GMT expires Tue, 17 Jan 2023 22:32:14 GMT cache-control public, max-age=31536000 last-modified Mon, 21 Jun 2021 20:47:05 GMT content-type text/html age 9602 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	aframe Show response www.google.com/recaptcha/api2/ Frame 5D01	783 B 533 B	44ms 43ms	Document text/html	2a00:1450:4001:82a::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 37a46832fc0ca778bddce4c10554bd29e8fab48fcce9b2f935ae1ddb6c89b7b9 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-ji7LmvZu2juwN1tAOS/Tfg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers cross-origin-resource-policy cross-origin cross-origin-embedder-policy require-corp report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} expires Tue, 18 Jan 2022 01:12:16 GMT date Tue, 18 Jan 2022 01:12:16 GMT cache-control private, max-age=300 content-type text/html; charset=utf-8 content-security-policy script-src 'report-sample' 'nonce-ji7LmvZu2juwN1tAOS/Tfg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 511 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	css fonts.googleapis.com/ Frame 9F56	4 KB 649 B	29ms 28ms	Stylesheet text/css	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600 Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request_content.php?s=25139000013457200710616011843016&a=fe2b5d21 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ad246d47536dacf0256646042ec184678bfc630fcb638d9199bd66cf8cb5e457 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900016.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 18 Jan 2022 00:56:27 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 18 Jan 2022 01:12:16 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 18 Jan 2022 01:12:16 GMT
GET H/1.1	200 OK	/ hal9000.redintelligence.net/scale/ Frame 9F56	17 KB 17 KB	68ms 26ms	Image image/png	78.46.90.238 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/59171/creativesup/vega-1200x627.jpg Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request_content.php?s=25139000013457200710616011843016&a=fe2b5d21 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.238.90.46.78.clients.your-server.de Software Apache / Resource Hash d2758e9eb5439bcda06b7e96bb739cf43ac8d3e9d77f972cd94974e0b8226e0f Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900016.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:16 GMT Content-Encoding gzip Server Apache Connection close Content-Length 16818 Vary Accept-Encoding Content-Type image/png
GET H/1.1	200 OK	/ hal9000.redintelligence.net/scale/ Frame 9F56	16 KB 16 KB	68ms 26ms	Image image/png	78.46.90.238 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/52085/creativesup/affiliate-panini-harry-potter-banner-1200x627.jpg Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request_content.php?s=25139000013457200710616011843016&a=fe2b5d21 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.238.90.46.78.clients.your-server.de Software Apache / Resource Hash 0c6294bbf7b85ad2a4d3018b50cd9facf84df904b61ab94a5b11b3a3286344c0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900016.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:16 GMT Content-Encoding gzip Server Apache Connection close Content-Length 15971 Vary Accept-Encoding Content-Type image/png
GET H/1.1	200 OK	/ hal9000.redintelligence.net/scale/ Frame 9F56	13 KB 13 KB	82ms 28ms	Image image/png	78.46.90.238 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/48335/creativesup/highheels_red_1200x627.jpg Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request_content.php?s=25139000013457200710616011843016&a=fe2b5d21 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.238.90.46.78.clients.your-server.de Software Apache / Resource Hash 3f7fd5aeea984a4028ea1e9c20e0a1d31a383e1e9b32f9ed89e8b0bc6f1be12b Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900016.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:16 GMT Content-Encoding gzip Server Apache Connection close Content-Length 13237 Vary Accept-Encoding Content-Type image/png
GET H3	200	ze6spFYAGmeX0SVs4uO-WfgikXQwH0dcHguaiLf8sa4.js Show response pagead2.googlesyndication.com/bg/ Frame F66F	35 KB 13 KB	24ms 19ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/ze6spFYAGmeX0SVs4uO-WfgikXQwH0dcHguaiLf8sa4.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cdeeaca456001a6797d1256ce2e3be59f8229174301f475c1e0b9a88b7fcb1ae Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 16:35:04 GMT content-encoding br x-content-type-options nosniff age 31032 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13313 x-xss-protection 0 last-modified Thu, 06 Jan 2022 13:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Tue, 17 Jan 2023 16:35:04 GMT
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame 5D01	0 0	47ms 47ms	Image text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220112&jk=959695202485161&rc=05ABBMTcPYCXAmeSmDk-COElB-fJVlb86lM9X3w4oYqKbSx1R4vlo0nxwLJcT8Z4YGl34JU2DvnV30XoGNtmXUFuStXiFQR_CXDFYFs1wKXhwCFimix_AoLoeqsZA1__6GNue6bwxeCdVHXWCON3XNeURJGr7Zv78tZffpF2GzDxw5W-FXiP1o7XNwoI_3wxPMZH-TwsvUI8vy7QlvYAjx-v78yt51_84f0n_tNEVk-MRFL2hOsb9evQ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H/1.1	200 OK	viewability Show response hal900016.redintelligence.net/ Frame 9F56	0 150 B	69ms 23ms	Script text/html	138.201.220.30 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900016.redintelligence.net/viewability?s=25139000013457200710616011843016&a=3bd48550&vb=m Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request_content.php?s=25139000013457200710616011843016&a=fe2b5d21 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.30.220.201.138.clients.your-server.de Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://hal900016.redintelligence.net/request_content.php?s=25139000013457200710616011843016&a=fe2b5d21 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 18 Jan 2022 01:12:16 GMT Server Apache Connection close Content-Length 0 Content-Type text/html; charset=UTF-8
GET H3	200	dc_pre=CKLd762PuvUCFWjUEQgdte4C0w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=67304878514.74898 adservice.google.com/ddm/fls/z/ Frame 7A69	42 B 63 B	59ms 59ms	Image image/gif	2a00:1450:4001:830::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://adservice.google.com/ddm/fls/z/dc_pre=CKLd762PuvUCFWjUEQgdte4C0w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=67304878514.74898 Requested by Host: 8019191.fls.doubleclick.net URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKLd762PuvUCFWjUEQgdte4C0w;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=67304878514.74898? Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://8019191.fls.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	204	generate_204 tpc.googlesyndication.com/ Frame F66F	0 9 B	24ms 23ms	Image text/plain	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/generate_204?qwJvVw Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:16 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0
GET H3	200	sodar Show response pagead2.googlesyndication.com/getconfig/ Frame 1A37	11 KB 8 KB	31ms 30ms	XHR application/json	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220112&st=env Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 5066710849cfc8c64b456452d6c45f2563be2d591524b75693e00028fbd72290 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Tue, 18 Jan 2022 01:12:16 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8615 x-xss-protection 0
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 9E52	0 20 B	63ms 62ms	Image image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220112&jk=959695202485161&bg=!wcKlwobNAAaocxMpqHM7ACkAdvg8WuwyjvwVbej5fd8Cq-_3JxyOPy6r2ctvQBZnY1kYb-9yjn-LxgIAAABxUgAAAAJoAQcKAJKIPZHgqiHE0LrzlAM-HcOUo0ePojSxtKre9uSPm_52YLctGAmVVaM3dG0F9ghvlyxPe7I0CSXVmVyaHbjN-UDfJTqzgbLJnyAIhCkvR1lsWwgLBQURukyAEVpbAsejwDTW2lLkawwYR02OK5wonn7vIcSK7UY8SfWa4ZItrdXqGsTiv22csojZ32k8pzV1frWaaJkCytPe2M7TP4QJm5gADB59F3rh8jEjRuSpOg3t8nBMKrPZibggXgEn_-Tg_QXHel7uqhb2OIW1ZljlN71u83FaZWjMzMiA52NlBqG2Lf9RqAwYP9QsC-ff7Gp1Jg8ZHTRvfr1AW-zZwtB31ST_mSWhM7BmbfPgB2VDhMsUHsDTAjS0T6-XZZpGDNEfk25Pv-2m1T10SAVs766OKv61Z7Tw8TyaSbsrIQ_VMnPxxFwnJipEjqUHiYJ8b3YqbpbqnpWVcv-X1qHR_-ZiMEnfK30O0nW7oHv3UAp-qrfQtHj4oY40PUwwCiv8eVxRUuioMstSu7BbWPuTxnx8BfjVy-nIe6L67-kby7YwWNONhKelDOQI0vL4X9Sya0tzzQYLm4YXOjms9gZTB9IFCLHag6ETq6Wz26OZsE5fZjwsmcBLbj5fpgBSn0JJAHbho5n_Mau63Mk_DTu3ptBFjdaaMD2XwndLVOaKUXoS7nWT-kuxVdHqiXcIHPz6F8rNqxPtkPcrFthILAq0IYmzMmv7hjmaAXbfrc6y-lZbKDKjbxSAGG6pFlixI0tAAZMa_oFpM0Zq-VsaHmjF9zDcd2Po5hHCYsmCJE2arPJK8MOtrYBpjVWT4BLh2DMX3X4g7G9rrLg0Ibkr6IZ508El1qUTB8MJkbW-j7tSLL3UNxrnXKY7BpkWaSRAxw8V6zsspeNoheYVaTJZ_dPwtyTzOLNB72YBCMJaOzs2U_QuefcdMD2qTpEgumq0cLdNDsiM2ZwbjCrg7iGONYF6Zh8WwdCAtMZlLX59U4NRrqShpkbN7ZfjDdQgBU2A6y9I_noyENpmxV62shNHO4Z842womhjaxLNI1xmlL-QMwoDtb0SO8OSKtEzQehwmKSH2SsVSI4txCC_gJBzxMl3CEDQNshIsR5eG08z5RnQCC7MtyA58rL2zQ1IfPk1r8KTXiPbFkg Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	sodar2.js Show response tpc.googlesyndication.com/sodar/ Frame 1A37	17 KB 6 KB	28ms 28ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1995021269147151&plah=downfile.site Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:16 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6386 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" etag "1637097310169751" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 18 Jan 2022 01:12:16 GMT
GET H3	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/225/ Frame E21A	13 KB 5 KB	35ms 34ms	Document text/html	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip cross-origin-resource-policy cross-origin cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-length 5046 x-content-type-options nosniff server sffe x-xss-protection 0 date Mon, 17 Jan 2022 22:32:14 GMT expires Tue, 17 Jan 2023 22:32:14 GMT cache-control public, max-age=31536000 last-modified Mon, 21 Jun 2021 20:47:05 GMT content-type text/html age 9602 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	aframe Show response www.google.com/recaptcha/api2/ Frame D5BA	783 B 534 B	32ms 32ms	Document text/html	2a00:1450:4001:82a::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 362831dd82f45d9b522c6faded6f8b5aa91c2ae7bb5bcf19b0c21292b73150ee Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-yYdIbIcwdrpKV+H3Jj1s3Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ Response headers cross-origin-resource-policy cross-origin cross-origin-embedder-policy require-corp report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} expires Tue, 18 Jan 2022 01:12:16 GMT date Tue, 18 Jan 2022 01:12:16 GMT cache-control private, max-age=300 content-type text/html; charset=utf-8 content-security-policy script-src 'report-sample' 'nonce-yYdIbIcwdrpKV+H3Jj1s3Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 512 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame D5BA	0 0	33ms 32ms	Image text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220112&jk=4356404215204481&rc=05ABBMTcPYCXAmeSmDk-COElB-fJVlb86lM9X3w4oYqKbSx1R4vlo0nxwLJcT8Z4YGl34JU2DvnV30XoGNtmXUFuStXiFQR_CXDFYFs1wKXhwCFimix_AoLoeqsZA1__6GNue6bwxeCdVHXWCON3XNeURJGr7Zv78tZffpF2GzDxw5W-FXiP1o7XNwoI_3wxPMZH-TwsvUI8vy7QlvYAjx-v78yt51_84f0n_tNEVk-MRFL2hOsb9evQ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H3	200	ze6spFYAGmeX0SVs4uO-WfgikXQwH0dcHguaiLf8sa4.js Show response pagead2.googlesyndication.com/bg/ Frame E21A	35 KB 13 KB	17ms 17ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/ze6spFYAGmeX0SVs4uO-WfgikXQwH0dcHguaiLf8sa4.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cdeeaca456001a6797d1256ce2e3be59f8229174301f475c1e0b9a88b7fcb1ae Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 16:35:04 GMT content-encoding br x-content-type-options nosniff age 31032 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13313 x-xss-protection 0 last-modified Thu, 06 Jan 2022 13:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Tue, 17 Jan 2023 16:35:04 GMT
GET H3	204	generate_204 tpc.googlesyndication.com/ Frame E21A	0 9 B	16ms 16ms	Image text/plain	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/generate_204?nEJb9A Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 18 Jan 2022 01:12:16 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 1A37	0 20 B	107ms 107ms	Image image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220112&jk=4356404215204481&bg=!7O-l76vNAAaocxMpqHM7ACkAdvg8Wgdm2HjgFxLL4b9fIgwzuVxwtLifHbJuRDdseiqQ2xDynPSc3AIAAABaUgAAAARoAQcKAIBSDsorHyS4h53XocNAHFKXFMqt_BKvMbMTQJM51MaLmohVXB-9aEzxTq71vTxJ-6sGmD5MwSvF_FzprHyT9arR-cTkaY9rqUafLlf82C-sJFXO42P-LIOf4ORnuHdSAFoRC0634e50Fv7upjmPOcEQvs2C6URfw2cL9zeZatC9-pkC_-ihfnFB4zGCg8M3zup8CPeUi8Fhaesbz4L2ejIftdkUNrRm2qel99MAW0wMKZxtWtAUvMK2-XDSu_NL6OPmNpF4MKJjDCQbPpxA63LQM-EkG11lE_wA8jFmsQmf-JVenw9ar-SzdC_Jesbz8VR-x1kAypCpuI39dsMvcXDLhZhbR3Fv3QMxAR_g-oCoYKwxGtlxYwbmKRf76IzxlOcnqNUgORMDA3QSkfTPSvYZO2a2suuhw3Lof8GHOQLUNwO3vYc96CtkBXiflnfjDiEb6eI3HQaGPsS8ViUD9t-6MN-8yHLd9K7LZWpsEZTb6TJoib8H0RQ-tCopNlxwiqO2tNA6GJOYMQOMy51hmUJRXgpr-fVdJ7FEH5SmFl-urbK9L_X5GQ7jhfEDCFkKTt1WMB21yO66F7m8vStJxcacoU_pkQKBeXgkPLhJrbLLnR_JKsff3gJ59bep07vfpiN1pov_DaMpH4r0ftVAhnbUoN4T-UhF2xYZ7-2B-0SdGn3pN3jjLMvfzEn2JdCD7ErgWhd97J0dq0ryT6cS2Ob91dXI-f5q8h9ST75dLydSggJXU_Pr-Br2HM9C9QACWwYu2yQyQa1kgHQvysuy5Eh3NIHTTBgOAQAIRNqy73csY4z_MmdKbonL-te2uBPFmqMA4fSWZqphywpIK_nFTBDzGBW4OGRgHC1LQqBU65rHmbWkgBGbCcz15q8j2CEYw71P3wS6MV9qCxk7Nb8_W67H0xJUfp-LuA4WMHf8jN8jhwndepeBjfSdyY6SbJtoB0VeKR5JVmj3rRoAJcHHZXLKoNWwbV9qA7Pr57_teK9AC07k3fsqHXBvu57efAUUnlv31dm4hhMbGC8TJf4Cc3cZdKaHVJG5gFxoJaG_809jCPeRxcbUIl2FdlUZod7nIfRckztiv7GdJOJzccn5umSwd5bLl2KE1BWRpQhy_NFcMpvzyFIhlxUzW8E-OwpIjBucd1sFRgQZRWP7PfHWWNdl29BbX0dfMHm-8V-FADgSVuEv Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://downfile.site/2021/08/15/the-next-cyber-victim-could-be-you/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:16 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	tracking-event Show response api.webgains.io/ Frame 238C	16 B 232 B	96ms 96ms	Fetch application/json	54.72.0.164 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.webgains.io/tracking-event Requested by Host: analytics.webgains.io URL: https://analytics.webgains.io/pvClk.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.72.0.164 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-72-0-164.eu-west-1.compute.amazonaws.com Software nginx / PHP/7.4.25 Resource Hash c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://googleads.g.doubleclick.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/json Response headers date Tue, 18 Jan 2022 01:12:17 GMT x-content-type-options nosniff server nginx x-powered-by PHP/7.4.25 x-frame-options SAMEORIGIN content-type application/json access-control-allow-origin * cache-control no-cache, private x-xss-protection 1; mode=block
OPTIONS H2	204	tracking-event api.webgains.io/ Frame	0 0	230ms 53ms	Preflight	54.72.0.164 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.webgains.io/tracking-event Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.72.0.164 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-72-0-164.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers content-type Origin https://googleads.g.doubleclick.net User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Sec-Fetch-Mode cors Response headers date Tue, 18 Jan 2022 01:12:17 GMT server nginx access-control-allow-origin * access-control-allow-headers Content-Type access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS
POST H2	200	tracking-event Show response api.webgains.io/ Frame 238C	16 B 232 B	111ms 110ms	Fetch application/json	54.72.0.164 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.webgains.io/tracking-event Requested by Host: analytics.webgains.io URL: https://analytics.webgains.io/pvClk.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.72.0.164 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-72-0-164.eu-west-1.compute.amazonaws.com Software nginx / PHP/7.4.25 Resource Hash c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://googleads.g.doubleclick.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/json Response headers date Tue, 18 Jan 2022 01:12:17 GMT x-content-type-options nosniff server nginx x-powered-by PHP/7.4.25 x-frame-options SAMEORIGIN content-type application/json access-control-allow-origin * cache-control no-cache, private x-xss-protection 1; mode=block
OPTIONS H2	204	tracking-event api.webgains.io/ Frame	0 0	205ms 52ms	Preflight	54.72.0.164 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.webgains.io/tracking-event Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.72.0.164 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-72-0-164.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers content-type Origin https://googleads.g.doubleclick.net User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Sec-Fetch-Mode cors Response headers date Tue, 18 Jan 2022 01:12:17 GMT server nginx access-control-allow-origin * access-control-allow-headers Content-Type access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS
GET H3	200	/ googleads.g.doubleclick.net/pagead/interaction/ Frame 8EC6	42 B 64 B	30ms 30ms	Image image/gif	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://googleads.g.doubleclick.net/pagead/interaction/?ai=CWRMM7RPmYY_wHI-Q3gPU0baABtCRiO1n8vOKysIP5uSp7Y8uEAEgk-abN2CVypGCoAegAYyN8Z0oyAEJ4AIAqAMByAMIqgS3Ak_Q8RzI47gviCAl9dRreAf1Yzs272sGSTjRu32UuE6WOTem6rT9ll2TO-YdhTcn69NWyy31r29U4XCkV36-62iWtI0dDSvPyQl3bne2QrGj7rwFkdn_Yb2ZlGP6Vy3l4sR9muVDdqoaaBU75pRbwz6wD4Pe1nYKzi5PrX_-H8hxWOOW7fTGOKSly6QBCIULLo9lZC6qnt_YZuOngAjItOXZn6puV9HPbqMXdi3GOjCWsMFr3i0IuU-JdCBQm3HsvBXbkM1ASQtAwFCw1Y8ULdzNkn6LCuzP4KHP7-xzC_VoRf95uEQCA6G29A7aI0XJnH5epbUriCHdyxdcGuLKiKSd-HCKtRRO_mAxWuppYwk6ywIsPBVXIQpK4d1U7yrf4qfOSmpk3aL0344aisO5yLJaqXvcgdf2wASajtqI8gPgBAGgBi6AB4zFwf0CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgdsQl4D-FYxzgCMoAKAZgLAcgLAYAMAbgMAbgTnBvYEwyIFAHQFQGYFgH4FgGAFwE&sigh=ioT3emCLbTM&cid=CAQSPgCNIrLMIC7Ccfl6B8ZxtSEECDDt8ofaWgD91P_LEpKsFCX4QjCwyd_8s3jgkDpIf1Vl92aK8EdvFXs4sbD9&label=videoplaytime25 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://c085378f29c58fe59ff22d4e4a0a19c1.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jan 2022 01:12:19 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

cm.g.doubleclick.net

URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_push=AYg5qPJWzeNATlDusjAS4Av0Gtr6clLNBqTJ1bVQ3p9JJKnod_K-0pFzOblX56swcELcJPripbIIis7OFTAM2T6wImiLsYECIu0&google_gid=CAESEGaxgJFZBReMNspIkMrov74&google_cver=1

Domain

cm.g.doubleclick.net

URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeYT7z_10mM5SnkZGKmBqAAABHAAAAIB&google_cver=1&google_push=AYg5qPIWR6-MlL3R4oBkV9en7JsrQVNu13bsAbyeqKws0ghtC9FU2ADtLUuLX4K4wSMyfJURYJGe6qIzPNBiUT-fpG5vQ1gy-Us&google_gid=CAESEGaxgJFZBReMNspIkMrov74