www.file-upload.in Open in urlscan Pro
2606:4700:3031::6815:3355 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.file-upload.com/7r3r2tuk9h3u
Effective URL:
https://www.file-upload.in/file.php?get=7r3r2tuk9h3u
Submission: On November 26 via manual (November 26th 2023, 10:17:29 pm UTC) from TR — Scanned from CH

Summary HTTP 302 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 46 IPs in 11 countries across 48 domains to perform 302 HTTP transactions. The main IP is 2606:4700:3031::6815:3355, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.file-upload.in.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 27th 2023. Valid for: a year.

This is the only time www.file-upload.in was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2400:52e0:1e0... 2400:52e0:1e00::1080:1	200325 (BUNNYCDN) (BUNNYCDN)
3	2606:4700:303... 2606:4700:3031::6815:3355	13335 (CLOUDFLAR...) (CLOUDFLARENET)
28	2606:4700::68... 2606:4700::6810:8516	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6810:8616	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.152.89 172.64.152.89	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:209... 2600:9000:2090:7800:10:dd8:5e40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:244... 2600:9000:2447:e200:a:e047:753:a221	16509 (AMAZON-02) (AMAZON-02)
1	18.239.18.33 18.239.18.33	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	162.19.138.116 162.19.138.116	16276 (OVH) (OVH)
1 3	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
1	52.215.24.0 52.215.24.0	16509 (AMAZON-02) (AMAZON-02)
47	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
29	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
1 4	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	37.157.4.28 37.157.4.28	198622 (ADFORM) (ADFORM)
1 2	67.220.226.234 67.220.226.234	16509 (AMAZON-02) (AMAZON-02)
2	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
15 43	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
10	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
9 19	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	69.166.1.67 69.166.1.67	27630 (AS-XFERNET) (AS-XFERNET)
1 1	20.127.253.7 20.127.253.7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	35.214.226.85 35.214.226.85	15169 (GOOGLE) (GOOGLE)
4 5	185.89.210.90 185.89.210.90	29990 (ASN-APPNEX) (ASN-APPNEX)
1	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
2 2	2a02:fa8:8806... 2a02:fa8:8806:13::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
4 4	18.192.88.240 18.192.88.240	16509 (AMAZON-02) (AMAZON-02)
1 1	193.0.160.131 193.0.160.131	54312 (ROCKETFUEL) (ROCKETFUEL)
1 1	2a05:d018:d29... 2a05:d018:d29:3605:1147:a3e6:9be5:4305	16509 (AMAZON-02) (AMAZON-02)
1 1	124.146.153.170 124.146.153.170	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
1 2	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
1 1	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	213.155.156.185 213.155.156.185	1299 (TWELVE99 ...) (TWELVE99 Arelion)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	176.34.96.61 176.34.96.61	16509 (AMAZON-02) (AMAZON-02)
1 2	23.35.237.56 23.35.237.56	16625 (AKAMAI-AS) (AKAMAI-AS)
12	2606:4700::68... 2606:4700::6811:ca6e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:9000:244... 2600:9000:2449:6200:16:eff:6080:93a1	16509 (AMAZON-02) (AMAZON-02)
302	46

1 188.114.97.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.file-upload.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

www.file-upload.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1e00::1080:1 (Germany)

ASN200325 (BUNNYCDN, SI)

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3031::6815:3355 (United States)

ASN13335 (CLOUDFLARENET, US)

www.file-upload.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2606:4700::6810:8516 (United States)

ASN13335 (CLOUDFLARENET, US)

live.demand.supply	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:8616 (United States)

ASN13335 (CLOUDFLARENET, US)

api.demand.supply	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.152.89 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-ima.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2090:7800:10:dd8:5e40:93a1 (United States)

ASN16509 (AMAZON-02, US)

connectid.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2447:e200:a:e047:753:a221 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.18.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-18-33.ams58.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.116 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533567.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.71.149.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.24.0 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-24-0.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

47 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.98.64.218 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.4.28 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.220.226.234 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 142.250.184.194 (United States) 15 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 104.18.36.155 (None, ) 9 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.166.1.67 (United States) 1 redirects

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.127.253.7 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.226.85 (Groningen, Netherlands) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 85.226.214.35.bc.googleusercontent.com

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.90 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:13::1370 (Singapore) 2 redirects

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.192.88.240 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-88-240.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.131 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:1147:a3e6:9be5:4305 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.153.170 (Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.254 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.185 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 176.34.96.61 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-176-34-96-61.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.237.56 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-56.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6811:ca6e (United States)

ASN13335 (CLOUDFLARENET, US)

c.bannerflow.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2449:6200:16:eff:6080:93a1 (United States)

ASN16509 (AMAZON-02, US)

dfghidiqaynia.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
83	googlesyndication.com 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	511 KB
72	doubleclick.net 15 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439	473 KB
31	demand.supply live.demand.supply — Cisco Umbrella Rank: 53681 api.demand.supply — Cisco Umbrella Rank: 91692	45 KB
25	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	3 MB
22	file-upload.org www.file-upload.org — Cisco Umbrella Rank: 671147	550 KB
19	casalemedia.com 9 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 486	13 KB
12	bannerflow.net c.bannerflow.net — Cisco Umbrella Rank: 8923	149 KB
8	openx.net 3 redirects oajs.openx.net — Cisco Umbrella Rank: 1656 google-bidout-d.openx.net — Cisco Umbrella Rank: 1665 eu-u.openx.net — Cisco Umbrella Rank: 2753 us-u.openx.net — Cisco Umbrella Rank: 522 rtb.openx.net — Cisco Umbrella Rank: 695	2 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	382 KB
5	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 246 secure.adnxs.com — Cisco Umbrella Rank: 495	4 KB
4	bidswitch.net 4 redirects x.bidswitch.net — Cisco Umbrella Rank: 351	2 KB
4	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
4	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 574 www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2462	38 KB
3	cloudfront.net dfghidiqaynia.cloudfront.net	19 KB
3	adform.net 3 redirects c1.adform.net — Cisco Umbrella Rank: 599	2 KB
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 454 mug.criteo.com — Cisco Umbrella Rank: 2926	7 KB
3	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 863 id5-sync.com — Cisco Umbrella Rank: 440	36 KB
3	yahoo.com 1 redirects connectid.analytics.yahoo.com — Cisco Umbrella Rank: 4351 ups.analytics.yahoo.com — Cisco Umbrella Rank: 327 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492	10 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	174 KB
3	file-upload.in www.file-upload.in	11 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1403	605 B
2	360yield.com 2 redirects match.360yield.com — Cisco Umbrella Rank: 2249	812 B
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 823	1 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4905	651 B
2	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 746	587 B
2	dotomi.com 2 redirects dclk-match.dotomi.com — Cisco Umbrella Rank: 3451	887 B
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 353	297 B
2	amazon-adsystem.com 1 redirects aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 890	2 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 976 bcp.crwdcntrl.net — Cisco Umbrella Rank: 887	13 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 364 fonts.googleapis.com — Cisco Umbrella Rank: 31	31 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	147 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 14674	10 KB
1	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 377	775 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 795	709 B
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1208	1 KB
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 868	761 B
1	loopme.me 1 redirects csync.loopme.me — Cisco Umbrella Rank: 940	415 B
1	inmobi.com 1 redirects sync.inmobi.com — Cisco Umbrella Rank: 1562	707 B
1	sonobi.com 1 redirects sync.go.sonobi.com — Cisco Umbrella Rank: 931	756 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 376	456 B
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2491	3 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2139	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 335	1 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 668	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1762	8 KB
1	33across.com cdn-ima.33across.com — Cisco Umbrella Rank: 1383	5 KB
1	file-upload.com 1 redirects www.file-upload.com	435 B
0	alexametrics.com Failed certify-js.alexametrics.com Failed
302	48

	Domain	Requested by
47	pagead2.googlesyndication.com	securepubads.g.doubleclick.net www.file-upload.org 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
43	cm.g.doubleclick.net	15 redirects google-bidout-d.openx.net googleads.g.doubleclick.net 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
29	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.file-upload.org 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com s0.2mdn.net
28	live.demand.supply	www.file-upload.in live.demand.supply
25	s0.2mdn.net	2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com www.file-upload.org s0.2mdn.net
22	www.file-upload.org	www.file-upload.org www.file-upload.in
18	dsum-sec.casalemedia.com	8 redirects googleads.g.doubleclick.net
12	c.bannerflow.net	s0.2mdn.net c.bannerflow.net
12	securepubads.g.doubleclick.net	live.demand.supply securepubads.g.doubleclick.net www.file-upload.org
10	googleads4.g.doubleclick.net	www.file-upload.org
7	googleads.g.doubleclick.net	2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com pagead2.googlesyndication.com www.file-upload.org
7	2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
6	www.googletagservices.com	2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com securepubads.g.doubleclick.net www.file-upload.org
4	x.bidswitch.net	4 redirects
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	www.google.com	tpc.googlesyndication.com 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com www.file-upload.org
3	dfghidiqaynia.cloudfront.net
3	us-u.openx.net	1 redirects google-bidout-d.openx.net googleads.g.doubleclick.net
3	c1.adform.net	3 redirects
3	api.demand.supply	live.demand.supply
3	connect.facebook.net	www.file-upload.in connect.facebook.net
3	www.file-upload.in	www.file-upload.org www.file-upload.in
2	sync.teads.tv	1 redirects
2	match.360yield.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	d5p.de17a.com	2 redirects
2	onetag-sys.com	1 redirects 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
2	dclk-match.dotomi.com	2 redirects
2	match.adsrvr.org	google-bidout-d.openx.net 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
2	aax-eu.amazon-adsystem.com	1 redirects google-bidout-d.openx.net
2	gum.criteo.com	1 redirects static.criteo.net
2	id5-sync.com	cdn.id5-sync.com
2	oajs.openx.net	1 redirects
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	www.file-upload.in www.googletagmanager.com
2	images.dmca.com	www.file-upload.org www.file-upload.in
1	px.ads.linkedin.com	1 redirects
1	um.simpli.fi	1 redirects
1	secure.adnxs.com	1 redirects
1	tg.socdm.com	1 redirects
1	ssum-sec.casalemedia.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	p.rfihub.com	1 redirects
1	fonts.googleapis.com	2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
1	csync.loopme.me	1 redirects
1	sync.inmobi.com	1 redirects
1	sync.go.sonobi.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	rtb.openx.net	1 redirects
1	eu-u.openx.net	google-bidout-d.openx.net
1	google-bidout-d.openx.net	oa.openxcdn.net
1	mug.criteo.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	ups.analytics.yahoo.com	connectid.analytics.yahoo.com
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	connectid.analytics.yahoo.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn-ima.33across.com	securepubads.g.doubleclick.net
1	region1.google-analytics.com	www.googletagmanager.com
1	ajax.googleapis.com	www.file-upload.in
1	ssl.google-analytics.com	www.file-upload.in
1	www.file-upload.com	1 redirects
0	certify-js.alexametrics.com Failed	www.file-upload.in
302	68

This site contains links to these domains. Also see Links.

Domain
www.file-upload.org
www.facebook.com
www.instagram.com
www.youtube.com
file-upload.org
www.file-up.org
www.dmca.com
safeweb.norton.com

Subject Issuer	Validity	Valid
file-upload.org E1	`2023-11-23` - `2024-02-21`	3 months	crt.sh
images.dmca.com R3	`2023-10-26` - `2024-01-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-27` - `2024-03-25`	a year	crt.sh
demand.supply Cloudflare Inc ECC CA-3	`2023-02-19` - `2024-02-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-05` - `2023-12-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-06` - `2024-09-30`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-11-24` - `2024-02-22`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-09` - `2024-01-06`	3 months	crt.sh
connectid.analytics.yahoo.com GlobalSign ECC OV SSL CA 2018	`2023-08-15` - `2024-02-08`	6 months	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-10-24` - `2024-01-22`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-11-02` - `2024-01-31`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
*.id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-03` - `2024-01-24`	6 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh

This page contains 35 frames:

Primary Page: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u
Frame ID: 58710157B6E25C06C306F66641C53F4F
Requests: 100 HTTP requests in this frame

Frame: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 39C374E245BCCDF58AF188DF28C5388E
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.file-upload.in
Frame ID: EE505D2C5F492D814201B1FF7AEAB7E8
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 6DAFD54DAD8FD7A178FBA6FB50D333B2
Requests: 6 HTTP requests in this frame

Frame: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 0D02249743ED70F0C3A495815675DB19
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5B14F545CE758B4C5DDFC5A82B9736B6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 23B26221A45E53A33199B5BC5B189C8C
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiv8tz-ATAB&v=APEucNXeA8JnZfDFjU0U31DPCtYajwRSrPVUvYxcJsSzEbTWaij9XQ8gPDKpN8poc6L5kEwFxWTN0ejacKj_XCKgw7K7fiWKgg
Frame ID: 230453A8E0FC2C0A7C0B2D0EC3B0C6EC
Requests: 4 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstt7KpR-dCKQ7QGnllf4o1H3XCTphly7nvWkZDT_p0ZLiUrmgvlJ3hfKFPNo-9FuoBtgdJkoLCJD5LYN-z50Vbm6izF8PwzKfeN9dRFU2isOo-ewhKMK9YWMJI-qvdM2DC6Q5uZyfLJX9FGOvqchU-n0ehvAgBspSeIUew1wcDMtQ36jeJOWMpzsOc0ewK7RnrxZZcisSqI4eSc3J8nvXca_Y_U6dplissmcQnZUO99KQClWh_THhKK9j4FNz1y-84FulgrSSHssSMq74qDLwrEmkLtueXD6Rdym7Y24IDFBYI5ulLrOMjkeQmVrjwnnemXJO16b5knJVDsQpTyw5x7lRjstyNc5KJF1dPz6udT0JsxrfpIVz-stnMf-1M-aMJK2VWxhfRdr6sa1nv4FJazkydjzAvPdGFNuHt-MlyEvFFgvw&sai=AMfl-YTgJmOnGJUPGV4W_x5Ux3OHOaF_JNsWZDCgDvFoAsSbCCbr8wZKazYrsnqsnR0UDIO2sSavdnkPULoDPYfrNGfYoMCAsL61MJs6Gk7f7FGpvXlAMXe54nEbAtPbZ9w79AU2tQLaJmVqmRcCfwdGWho&sig=Cg0ArKJSzGNRDySQIf31EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: D10231E0228F8EE09D32814654C01190
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: E77CDD381422F81BE03F59BF7FAF819E
Requests: 3 HTTP requests in this frame

Frame: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 77C54FFD62CE986DFF47B6DB7C5D20FC
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiv8tz-ATAB&v=APEucNWazZPWpiyA2l6d8tcrg5zxpGcOZygTgCrs03mDrXh4tk-c-j8FE2lOziW_TCs7WuknSzyk84G8XU9xmrrTqzFY64VWCw
Frame ID: E50EC10E8AFC02C33D2E18A42182666C
Requests: 4 HTTP requests in this frame

Frame: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: DB0DFFE22A8163518E0631A01C8D5EA9
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 9E2FEC03B5CE413C28ED5560B98014E2
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRi7-tz-ATAB&v=APEucNW3rG3gapAYkOjWWXd4Knkjxw-aWC6fsOsB75_z3h35BykAD0A65txNYNPsohxynQ81cd12TsQr-Z10Hhznx9kXrujcbg
Frame ID: D7173E151A3960FF18BE529299FFBBBF
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 06B16633322BCE8F89D190DED513F119
Requests: 3 HTTP requests in this frame

Frame: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 04028F977DEE1D2313AB2258BAB9B0E6
Requests: 20 HTTP requests in this frame

Frame: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 67E2F36B034EE0E6C8EE661AFE5F684F
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICSjpAFEL_Xk7MFGJ2mn_oBMAE&v=APEucNU6Xl9y2EALA-NuBm-T3jZQFf-SZGyu06ln0FQVwV_lD_HSD30013LY9CBNA7JUW0QFeY8YZkNd7Socu-sCtV5S8Xqw5w
Frame ID: 36BAA9C5769C286EF41C08DFCE6A2CB1
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGLHmtPEBMAE&v=APEucNWWk-XbN25TiNsJap2Oc4gEY9I8taiDIU7zQAhsaFu_PUmb6KIQNO5qmk0LHmPig9zCefzXt0KLjkslC82wcr3aBOGSmw
Frame ID: E52F0F92963494F69FB6B1BE4FEEBDF8
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 80074DDC938B03FE22962E3E0DA5CCF8
Requests: 9 HTTP requests in this frame

Frame: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F637E704CDE45AE33FAC5875F085AEE8
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 2913E4A89267D437141903CC24868DF9
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiH-9z-ATAB&v=APEucNUdDaIwoBDhi9vV9m99iG-mOk-znZ-hYPtybDKSQfhNPMjSNi71qbADEFG_gYnFlifNPhRht2Qt71nIa6fWXPT7hVShtw
Frame ID: D300C64908F3F65A1DDADA7671FC766C
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Frame ID: AD02985A68B8DEA7910135ADD184483F
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 6A29528F53A15C6940DD04F0AF06036E
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
Frame ID: F3503392444C9A11FB279CC5A43F98CF
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: B1DA45CB7C843EF6E80C1F12D0E2C5FC
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B3820B46FD2B314F38F51F4B2885CF41
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: D982A1FC55057903D112626BB5508261
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15188330174727847936/CH_EN_Stocks_Track4_Tools-2-ENCH-970x250-638326117443072680-102d336a-dbfe-4e4b-9e38-1fd955ed6d42.html?ev=01_250
Frame ID: D229ED138D49E1E7F8F27BB520FD0FCE
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Frame ID: 9FE7A6AE6888DE62538B382C71290F89
Requests: 1 HTTP requests in this frame

Frame: blob://https://s0.2mdn.net/25cb059b-67a5-488c-b82c-a11301e80572
Frame ID: F840080208324AED4E6F01F3DA5D2A39
Requests: 1 HTTP requests in this frame

Frame: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fsaxo-bank%2F5a0d3b1088665f7354f5da6c%2Fimages%2F9f0ed779-182e-4c28-adce-8e9c63d05cba.png&w=215&h=311&q=99&f=webp&rt=contain
Frame ID: 020CCD6686CFBA79BD07354C8EE27222
Requests: 5 HTTP requests in this frame

Frame: https://dfghidiqaynia.cloudfront.net/go-to-market/Display/AOT_2021/AOT_UK_9_0_Stocks_Tools_1080x1080_15s.webm
Frame ID: 3C239D65A05CD28805C0174696F38683
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

File-Upload – forex-article.store – FileUploadFile-upload

Page URL History Show full URLs

https://www.file-upload.com/7r3r2tuk9h3u HTTP 301
https://www.file-upload.org/7r3r2tuk9h3u Page URL
https://www.file-upload.in/file.php?get=7r3r2tuk9h3u Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

302
Requests

85 %
HTTPS

48 %
IPv6

48
Domains

68
Subdomains

46
IPs

11
Countries

5225 kB
Transfer

11527 kB
Size

53
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://www.file-upload.org/?op=payment_proof
Title: Proof of Payments

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fileuploadcom

Search URL Search Domain Scan URL

URL: https://www.instagram.com/file_upload/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCSbk9gxKeQnawO7cZ0hZPJQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/make-money.html
Title: Make Money

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/login.html
Title: Login

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=register
Title: Sign Up

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=forgot_pass
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=news
Title: News

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/desktop.html
Title: Desktop Uploader

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=change_lang&lang=english
Title: English

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=change_lang&lang=arabic
Title: العربية

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=payments
Title: Premium Download

Search URL Search Domain Scan URL

URL: https://file-upload.org/7r3r2tuk9h3u
Title: Free Download

Search URL Search Domain Scan URL

URL: https://www.file-up.org/?op=register
Title: Sign up now

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/faq.html
Title: FAQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/tos.html
Title: Terms of service

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/child-exploitation.html
Title: Child Abuse Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/copyright.html
Title: Copyright Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/contact.html
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/adv.html
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/dmca.html
Title: DMCA

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/reseller.html
Title: Become a Reseller

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/links.html
Title: Links

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/?op=check_files
Title: Link Checker

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/refund.html
Title: Refund Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.org/banners.html
Title: Banners

Search URL Search Domain Scan URL

URL: https://www.dmca.com/Protection/Status.aspx?ID=ff6622a1-89c3-492e-8fab-02994910b766&refurl=https://www.file-upload.org/vsd4gox6iv4l

Search URL Search Domain Scan URL

URL: https://safeweb.norton.com/report/show?url=www.file-upload.org

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.file-upload.com/7r3r2tuk9h3u HTTP 301
https://www.file-upload.org/7r3r2tuk9h3u Page URL
https://www.file-upload.in/file.php?get=7r3r2tuk9h3u Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.file-upload.com/7r3r2tuk9h3u HTTP 301
https://www.file-upload.org/7r3r2tuk9h3u

Request Chain 78

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.file-upload.in%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.file-upload.in%2F&rid=esp&cc=1

Request Chain 86

https://gum.criteo.com/sid/json?origin=publishertagids&domain=file-upload.in&sn=ChromeSyncframe&so=0&topUrl=www.file-upload.in&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=_xmDGnw2Qml5bUY0c0luc2RuTGNRaEpHeVFob1FURGdEaStoZjlZN2tQVFdtWlhncGs4bkdpbXJCUlpZS3FSeWxRRGg5SHhab0dHcGs2ZGtSNzhMbUpEY0VJRGs5K2kyMlpOYVdTWlVNMk1MMElCZDlwaUhKSVRLRGFzdDRuMDRKN21PWWZNWi96bmhocE1FcWZJMzFzalR0OCtkRURXQWxtMlg1U2NvV0dKVm1UR2FLeU1WeGlIYmc5YlJueFpDNC80Y2tORmU0S21nSjYrM2hmb3owWlVyYVlRaml1eC9yQm1wRTcwTXBkeDh3NG9kaWhJR3VLY3UrZDRNbGJjLzNLR0IyYkZmOHJTYVBST1QwVmVuWUt3bmQwQT09fA&cppv=2

Request Chain 90

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3135072572220521421

Request Chain 91

https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=9d46e52c-6446-c612-1118-74d0e9c35fd8 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=9d46e52c-6446-c612-1118-74d0e9c35fd8&dcc=t

Request Chain 94

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBYeIfjf8h-xhznHD2-lyDA&google_cver=1

Request Chain 134

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELMH8dyBRkPz6IMgMm8bC8s&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELMH8dyBRkPz6IMgMm8bC8s&google_cver=1&C=1

Request Chain 135

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPD9KpF53dgncSndS1amwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1

Request Chain 141

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1

Request Chain 142

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPD9ETev8Uj7gTlATAFZwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1

Request Chain 162

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1

Request Chain 163

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPD9DRlFH6LfiPoDuCalwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1

Request Chain 193

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEAXTauXLwsdV1gnTuvAW0bI&google_cver=1&google_push=AXcoOmRM74eqgiQ07QU6XKvcaTHICAlgziU9_RK6uWgruV5I3Gi_ej2jLhYzhV-Vy88l5iS8sodAzPueFpXbhYe5SZfDYrZut-k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzEzNTA3MjU3MjIyMDUyMTQyMQ&google_push=AXcoOmRM74eqgiQ07QU6XKvcaTHICAlgziU9_RK6uWgruV5I3Gi_ej2jLhYzhV-Vy88l5iS8sodAzPueFpXbhYe5SZfDYrZut-k

Request Chain 194

https://rtb.openx.net/sync/dds?google_gid=CAESEIyEM6ZYftsfQuQDjp_yOao&google_cver=1&google_push=AXcoOmSN0OGPnyz6O21dLetX-uhTACCNakiVNye4IFly72SzRwZshhJavp5wgT-KdTzTZWMsvphcKCk_kmu1-cTiNZ_x5iZxwMk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmSN0OGPnyz6O21dLetX-uhTACCNakiVNye4IFly72SzRwZshhJavp5wgT-KdTzTZWMsvphcKCk_kmu1-cTiNZ_x5iZxwMk&google_hm=GsYTbdFqxMY3YrrwUumugg==

Request Chain 195

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPMQeRLUKPoggYNJFuBsP0g&google_cver=1&google_push=AXcoOmQEaF51WFMKe4uRUoSEkSYhSlPvLm7XYce7hiravwvcnd6LeWgUKGkb0Khv2Al-Y90Axwh7mXRqtNuGdxHBQXpyw8RKuok HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBHMUpDMFItRS1INktU&google_push=AXcoOmQEaF51WFMKe4uRUoSEkSYhSlPvLm7XYce7hiravwvcnd6LeWgUKGkb0Khv2Al-Y90Axwh7mXRqtNuGdxHBQXpyw8RKuok

Request Chain 196

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAXcoOmT7r-sDqSzBwP5bHug6iPX_rEEH-lu8oa2TyMJ0180sBC1J1ouTe8x7p-qsFHHAg6cfctzhqudb3q-2alOujLEVKNJgJw%26google_hm%3D%5BUID%5D&google_gid=CAESEAGog6_MoOg2SC0tPgvYO8U&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmT7r-sDqSzBwP5bHug6iPX_rEEH-lu8oa2TyMJ0180sBC1J1ouTe8x7p-qsFHHAg6cfctzhqudb3q-2alOujLEVKNJgJw&google_hm=5477c103-d59d-4289-b31e-887a91b84a7a

Request Chain 197

https://sync.inmobi.com/gob?google_gid=CAESEL24AMVqQjq3-HgihWgFtzU&google_cver=1&google_push=AXcoOmQuxGdkPhV-Oo90ICe5_TAhf4OY7678dPiC3ipJq_NpZjx8g6uN8BWIQnx6B8sC_6LJoUGA6u3sNtqr6i5MMlFbg6nlTNY HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmQuxGdkPhV-Oo90ICe5_TAhf4OY7678dPiC3ipJq_NpZjx8g6uN8BWIQnx6B8sC_6LJoUGA6u3sNtqr6i5MMlFbg6nlTNY

Request Chain 198

https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_gid=CAESEPP-82fLsY_tsXsJdzTOZ-Y&google_cver=1&google_push=AXcoOmSxWA8nKfw3YKCDxlzlSh1HRx-zO7fjd5UtDBIzaDce5KyTHZ1dgB7UndeP1P3IislvMffhUMrHwF_JKZ6yoDGl1UyfU6nB HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=40896480-93f1-4b6f-bc81-02ddb4993f72&google_cver=1&google_gid=CAESEPP-82fLsY_tsXsJdzTOZ-Y&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmSxWA8nKfw3YKCDxlzlSh1HRx-zO7fjd5UtDBIzaDce5KyTHZ1dgB7UndeP1P3IislvMffhUMrHwF_JKZ6yoDGl1UyfU6nB&gdpr=${GDPR}

Request Chain 202

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1

Request Chain 203

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPD9ETev8Uj7gTlATAFZwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1

Request Chain 205

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELgwC28vwtEMegwyvusf2h4&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELgwC28vwtEMegwyvusf2h4%26google_cver%3D1

Request Chain 206

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE3OTMxOTg5MjIyODUyMzY0OA%3D%3D

Request Chain 207

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPTAmP-DBlYmyBlvYorm9_o&google_cver=1

Request Chain 208

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTlmZjRhOWItYjE5Yi0yMzRjLWM0ZjYtYWNmZTRiMTI1YTU4

Request Chain 229

https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEH0UQ1hWwuQSbRVnM5esxTU&google_cver=1&google_push=AXcoOmSANVEIY401i_8KM5ZqTMGbxgKaEVHaMn7VKxUNIc5P8CsNKEjgnaiKcZXKBZYO_Js42ELqqqlnBWy3tgSgU6LFIioc957z HTTP 302
https://dclk-match.dotomi.com/match/bounce/current?DotomiTest=770d399eb8ad1615&is_secure=true&networkId=14000&version=1&google_gid=CAESEH0UQ1hWwuQSbRVnM5esxTU&google_cver=1&google_push=AXcoOmSANVEIY401i_8KM5ZqTMGbxgKaEVHaMn7VKxUNIc5P8CsNKEjgnaiKcZXKBZYO_Js42ELqqqlnBWy3tgSgU6LFIioc957z HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAAID8wiuqQguANCPvd1AAAAAAA&expiration=1701123445&google_cver=1&is_secure=true&google_gid=CAESEH0UQ1hWwuQSbRVnM5esxTU&google_push=AXcoOmSANVEIY401i_8KM5ZqTMGbxgKaEVHaMn7VKxUNIc5P8CsNKEjgnaiKcZXKBZYO_Js42ELqqqlnBWy3tgSgU6LFIioc957z

Request Chain 230

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIW1HW0ljBJmHfDjvIfGSP8&google_cver=1&google_push=AXcoOmQAUruppQ1_cnvJ2YNbv9nJ-9jOcDzrfZtPd02SjWf4XyEP3xcnbD6gtpK4zO3nUhGPZ0ghwUQeJb_li2TZEv6VlFrHBJ2a HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEIW1HW0ljBJmHfDjvIfGSP8&google_cver=1&google_push=AXcoOmQAUruppQ1_cnvJ2YNbv9nJ-9jOcDzrfZtPd02SjWf4XyEP3xcnbD6gtpK4zO3nUhGPZ0ghwUQeJb_li2TZEv6VlFrHBJ2a HTTP 302
https://p.rfihub.com/cm?in=1&pub=20513&ssp=google&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=119&user_id=5108559731117933768&expires=30&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AXcoOmQAUruppQ1_cnvJ2YNbv9nJ-9jOcDzrfZtPd02SjWf4XyEP3xcnbD6gtpK4zO3nUhGPZ0ghwUQeJb_li2TZEv6VlFrHBJ2a&google_hm=YR6DxOmiSvmtHMHSXjFN2g==

Request Chain 231

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEElgq8POngowGbczR6HztcY&google_cver=1&google_push=AXcoOmSwntPKyZMYzuNoYVyJEiPErZ8ozd9wyBpmEHdhlh5I9ndSyA0Pxm8wIKq95CeIBr4JzLQ5i7ChJK6LTWbR8IFqPB4AXGrt HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSwntPKyZMYzuNoYVyJEiPErZ8ozd9wyBpmEHdhlh5I9ndSyA0Pxm8wIKq95CeIBr4JzLQ5i7ChJK6LTWbR8IFqPB4AXGrt&google_hm=eS1COEVhWXJoRTJwSDJaaVg1bUVEOHYzR3VDbGQ0YWd2eX5B

Request Chain 232

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENhNLf1aJikQqNy9DyGa5_U&google_cver=1&google_push=AXcoOmSHYJjIco00c-K6slS3IiWLatULwrgrfSfV0j8Nbh3eLPPeob46LFWlKt6WXcLj87KYmefLKvSpB-B86hHPzQCe-CtaNUk6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESENhNLf1aJikQqNy9DyGa5_U&google_hm=ZWPD9ETev8Uj7gTlATAFZwAADJsAAAIB&google_nid=index&google_push=AXcoOmSHYJjIco00c-K6slS3IiWLatULwrgrfSfV0j8Nbh3eLPPeob46LFWlKt6WXcLj87KYmefLKvSpB-B86hHPzQCe-CtaNUk6

Request Chain 233

https://tg.socdm.com/rtb/sync_before?proto=google_ebda&google_gid=CAESEMIVVKGKOnahbOrvGHfX91c&google_cver=1&google_push=AXcoOmR2KQCBbHiG6ls1DMf9Fr2APRiKwdCFuNfOoDPjGBP5AeNyd79ueLTxJzuw42lUxJcxstaxL-N9msJxJ74W-irhZ40ENESy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AXcoOmR2KQCBbHiG6ls1DMf9Fr2APRiKwdCFuNfOoDPjGBP5AeNyd79ueLTxJzuw42lUxJcxstaxL-N9msJxJ74W-irhZ40ENESy&google_hm=WldQRDljQ284WGtBQUNGR3ktWUFBQUFB

Request Chain 234

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEL0E-EHj-4pnrBf9LX6waPE&google_cver=1&google_push=AXcoOmTQjiaMd2WI97uM9T3fU0sfQV2yxSA7YPBgND69OdNeyIOnDD_g4zs1FoV4tZ5T5F79E8uCJN0X3d1Djp8muYAnu8TOGDBRwA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTQjiaMd2WI97uM9T3fU0sfQV2yxSA7YPBgND69OdNeyIOnDD_g4zs1FoV4tZ5T5F79E8uCJN0X3d1Djp8muYAnu8TOGDBRwA HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 235

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEA7yDWOj72598T46U-DhmNE&google_cver=1&google_push=AXcoOmSQErcQJZoiZrpEtyWuYpvdWBD4Mp3GRHzOzjfw28rDXWn3wautXnxWAF-A4dk4uC7e2KDLX38AVdcd1T-KQzJfhzFkxsWbxg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NDE3OTMxOTg5MjIyODUyMzY0OA%3D%3D&google_gid=CAESEA7yDWOj72598T46U-DhmNE&google_cver=1&google_push=AXcoOmSQErcQJZoiZrpEtyWuYpvdWBD4Mp3GRHzOzjfw28rDXWn3wautXnxWAF-A4dk4uC7e2KDLX38AVdcd1T-KQzJfhzFkxsWbxg

Request Chain 239

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1

Request Chain 240

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPD9ETev8Uj7gTlATAFZwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1

Request Chain 256

https://um.simpli.fi/gp_match?google_gid=CAESEAQPlgEu0SxSspl4GUJ-hMc&google_cver=1&google_push=AXcoOmQ7sez5fzK7oM0WoE1nTD2AApNorw0fV2DozfAokuonq8YLLhq2wlmbhcrYBszkF0UVn31HGzpke2yTPtnFFzWpqwJITOAQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00605976505246628E2E921ABF3188EF&google_push=AXcoOmQ7sez5fzK7oM0WoE1nTD2AApNorw0fV2DozfAokuonq8YLLhq2wlmbhcrYBszkF0UVn31HGzpke2yTPtnFFzWpqwJITOAQ

Request Chain 257

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEHMZV78erCQvKYGlqz7_-FY&google_cver=1&google_push=AXcoOmTQp4iCAwJjupDNVs06xFJZiYs1d93VgzTycg_S1vaRfVPdx-0EKOzl2wW5orlsG7K6IiZDZLd5XH2JmTRnnil0hW0G8OlVRg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmTQp4iCAwJjupDNVs06xFJZiYs1d93VgzTycg_S1vaRfVPdx-0EKOzl2wW5orlsG7K6IiZDZLd5XH2JmTRnnil0hW0G8OlVRg

Request Chain 258

https://d5p.de17a.com/cookies/google?google_gid=CAESEJhonjUtyAwUmDvmxMPua8k&google_cver=1&google_push=AXcoOmQkN-M52pnKi-9cBXdyVpRiStptB_sYjxY25AJHV5Ilcs8SL7y8xG7MCOizGpazogERvFJRQNw0lB2cCWLVWsKmXhqgAJmFNQ HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEJhonjUtyAwUmDvmxMPua8k&google_cver=1&google_push=AXcoOmQkN-M52pnKi-9cBXdyVpRiStptB_sYjxY25AJHV5Ilcs8SL7y8xG7MCOizGpazogERvFJRQNw0lB2cCWLVWsKmXhqgAJmFNQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQkN-M52pnKi-9cBXdyVpRiStptB_sYjxY25AJHV5Ilcs8SL7y8xG7MCOizGpazogERvFJRQNw0lB2cCWLVWsKmXhqgAJmFNQ

Request Chain 259

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEA5Cz1e9H_aKikTGiyMuYLE&google_cver=1&google_push=AXcoOmTYpekjQz4LsRfvqGs-w6s-Q5ZDs7r0Nf4zEETYIpMp7bnvEyd23rguN-6dJuTKXCEG0rMSAPpfgi-rPYfPMjaCzbeSo-iZ HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEA5Cz1e9H_aKikTGiyMuYLE&google_cver=1&google_push=AXcoOmTYpekjQz4LsRfvqGs-w6s-Q5ZDs7r0Nf4zEETYIpMp7bnvEyd23rguN-6dJuTKXCEG0rMSAPpfgi-rPYfPMjaCzbeSo-iZ&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ysqLSgAoRSy0716MqRD9Sg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmTYpekjQz4LsRfvqGs-w6s-Q5ZDs7r0Nf4zEETYIpMp7bnvEyd23rguN-6dJuTKXCEG0rMSAPpfgi-rPYfPMjaCzbeSo-iZ

Request Chain 260

https://match.360yield.com/match/ebda?google_gid=CAESEH0vyDFaw45p_9bJ-9k1MBc&google_cver=1&google_push=AXcoOmRFDUEl9lV4KP9zAEf9m-pOewzA1_fDAgAf7zr3A-LjsK9OA8NMgn1oziNEgQx6mSSz6l-3StkJMDTOaUVQBSi8wN6K0FWkhg HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEH0vyDFaw45p_9bJ-9k1MBc&google_cver=1&google_push=AXcoOmRFDUEl9lV4KP9zAEf9m-pOewzA1_fDAgAf7zr3A-LjsK9OA8NMgn1oziNEgQx6mSSz6l-3StkJMDTOaUVQBSi8wN6K0FWkhg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=3FbQfG4nT42xRSIjeoZ-Yg&google_push=AXcoOmRFDUEl9lV4KP9zAEf9m-pOewzA1_fDAgAf7zr3A-LjsK9OA8NMgn1oziNEgQx6mSSz6l-3StkJMDTOaUVQBSi8wN6K0FWkhg

Request Chain 261

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEOeLXtwTUKCkv9yZg7gCEfY&google_cver=1&google_push=AXcoOmTEipqJoUfXt2cHZa-KDTkCo0Zc_SOMPjdkp3NwfDgYxXaprr7SSPAUDBNlkpPtVENrMIC7GwRbI0C9jcf27qMmQ2UgUm-qg_s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=N2Y2NDYxMDktZjk2OS00ZjBlLTgzYWQtNjkwNjA0ZDI0MGMw&google_push=AXcoOmTEipqJoUfXt2cHZa-KDTkCo0Zc_SOMPjdkp3NwfDgYxXaprr7SSPAUDBNlkpPtVENrMIC7GwRbI0C9jcf27qMmQ2UgUm-qg_s HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 262

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEHYIWHagDEJMX1SqtHREETQ&google_cver=1&google_push=AXcoOmSLu-qsmwlGW2QfBVTSS2pLqNM7zhnGR2zdbhSSPp1Aj5JtMtMQPJBTq-Ljgnj0YZIJ09fdJChSDRsvK7yLjM8Wb3U4GJ9w5Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=611e83c4-e9a2-4af9-ad1c-c1d25e314dda&%%GOOGLE_PUSH_PAIR%%

302 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

7r3r2tuk9h3u Show response
www.file-upload.org/
Redirect Chain

https://www.file-upload.com/7r3r2tuk9h3u
https://www.file-upload.org/7r3r2tuk9h3u

27 KB
7 KB

110ms
59ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68b257b88bd723c48bf26abdcb2f5e4115b7891444ea9a3dfd21637a37257b21

Security Headers

Name	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82c5804dcaae4c39-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 26 Nov 2023 22:17:22 GMT
expires: Sat, 25 Nov 2023 22:17:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NmOEwhtzH7nYSA9zkdZPHonpjNSXMx%2BAOoW%2FzG9p0UDWe%2FUWIJgy2r3Vu3EpM3qp075uGeFOcTl7KpxHOhKZXeCfGvi8%2B7wIcsjIhwJ7OzzRq7KBHCOA02LMnx8wNqWqbHV6yd35I3OJtdqpfEoimF0M"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0;includeSubDomains;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82c5804d198c5a3d-MXP
content-type: text/html
date: Sun, 26 Nov 2023 22:17:22 GMT
location: https://www.file-upload.org/7r3r2tuk9h3u
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T7JFcYHWUYKTyywy53Fe%2Bbp2HR3ggYQR2lb%2BlB5Ik6EHZkQIiNgmDIL85i4GXPc%2FWqyioBE9gONyWzrTjjLmr8Fvp6wJ3mDqFLgu6vmmw%2F13bagvHDFVlT2Xxv4wT%2FuSnhsiQh8s"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 app.css
www.file-upload.org/mngez/css/ 247 KB
41 KB 36ms
35ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/7r3r2tuk9h3u
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1532328
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6VJWnCl1KzZynD89h6p%2B8J%2BA5cfxXTFdO0p1DTb%2FDh0%2BjSt0WxZbjmJt9FBxoF6LLlex0yP69gD4ybAgAxDe%2Br8EVRD%2BUTz1FSzeTvBM8Ua7QK459GEAdIkKSIzc%2FjvKg9dYE4yzfp4LY94YOOg1lBSI"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 82c5804e2b294c39-MXP
expires: Fri, 10 Nov 2023 04:38:34 GMT

GET
H2 200 app.js Show response
www.file-upload.org/mngez/js/ 235 KB
80 KB 90ms
90ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/7r3r2tuk9h3u
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:22 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PNZm4lmBHXMQvV36SkSFeC36NO73VofMNMHNY7j5NyP5ukUllRTTXCl45J8vvtDg2klZDEIoCmoN1MhUt7%2Bnd9uyTNj8OsfbR342rN7ATWXRk7TgIXQdk2MzaeNm4vdQVifvnn5nMZki0wNWRAawIblj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 82c5804e3b2c4c39-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 logo_new.png
www.file-upload.org/assets/images/ 3 KB
4 KB 27ms
27ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/7r3r2tuk9h3u
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 435165
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tBieJAeJHp00nQI22k1Mnv5sNtOv%2BYWxbPT1CrkjZvDhtgxNo%2FhQ9CENwzZXYpo9ovg2IJ1sik2EE3csIyZ1otOxsItFMLeUSBqLAfgH0Ku6kLl4DmB%2BIHbIHp7tT0uqmY3qO4CzgBh80EaEmPpElXJd"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c5804e3b304c39-MXP
expires: Tue, 28 Nov 2023 21:24:37 GMT

GET
H2 200 email-decode.min.js Show response
www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 23ms
23ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/7r3r2tuk9h3u
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 16 Nov 2023 21:55:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65568fe4-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4j5d%2BXMaCNmyBTL00nshdht4WrynQfuZqo3elc%2FVRkcU3nj%2BwFV3UbaMQuxBje5CoAkKV3RfqQ%2Fn5yQSMv4rtuZV%2B3fTFLlya%2F3m74Wccc1kdqF%2B7Ba9tpqXkx8ABpJdR%2F81VLipkLsJ3nUlV1cRtIPg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 82c5804e3b314c39-MXP
expires: Tue, 28 Nov 2023 22:17:22 GMT

GET
H2 200 anti1.png
www.file-upload.org/mngez/images/ 19 KB
19 KB 30ms
30ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/7r3r2tuk9h3u
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1436608
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K24fw0znvJxFebYCNIRSlK7StKMAN3mOJaN0d6w5gukXyoYFXy%2BBxGS%2Bp7XdcW1v4%2BT2H4bNbP2kDVHHWtlnXCXkk8WPoxW56bwMp%2BKZIUxgQOr5wRmtTSZ4wll%2FQsmVTGWT%2FM%2BDdCi%2FMMklw7SqDGAM"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c5804e5b624c39-MXP
expires: Fri, 17 Nov 2023 07:13:54 GMT

GET
H2 200 anti2.png
www.file-upload.org/mngez/images/ 641 B
978 B 25ms
25ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/7r3r2tuk9h3u
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1616233
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cTRVtJdrYVCNXtPNt4hgSyU8cwV2eYoZiYkYGTLDk6KwplL288VHU9v3zPqgPo2Bdrt%2Fx%2BHsMU0Nr3GzHw3WRf07T1e8zB5eSicl%2BVanMa6Zl3SJ2vqGcG2ZQiIIPvSObSUA5%2BKfbRJm7xD8B6HOTOXA"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c5804e5b674c39-MXP
expires: Wed, 15 Nov 2023 05:20:09 GMT

GET
H2 200 _dmca_premi_badge_4.png
images.dmca.com/Badges/ 4 KB
5 KB 89ms
25ms Image
image/png 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 / ASP.NET
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 19:00:16
cdn-pullzone: 1574055
content-length: 4535
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "0abbdbd420cc1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: 158979bf89f75ada0091d863e91c9ace
accept-ranges: bytes
cdn-requestcountrycode: CH
link: <https://dmca-images.azurewebsites.net/Badges/_dmca_premi_badge_4.png?ID=466fa1aa-ce2e-4b71-b329-6cd08d681302>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 norton.png
www.file-upload.org/assets/images/ 5 KB
5 KB 27ms
26ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/7r3r2tuk9h3u
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2148648
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M308n0rRc96sczGUPwd0xIMffmiPmsgEth6x4CPdnjeQamkGvXl3Vy7cZRJqNUq2qT6uhvk72ex119b%2Fe%2F2GPsOVQCQhsApOiPtTFxJgFs4PvGXjUcMWXlsPAQvqf8isBaqEHuzdWPI9snvk%2FROJ6ZrO"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c5804e8abfba86-MXP
expires: Thu, 09 Nov 2023 01:26:34 GMT

GET
H2 200 Primary Request file.php Show response
www.file-upload.in/ 23 KB
7 KB 284ms
231ms Document
text/html 2606:4700:3031::6815:3355
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:3355 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24ed9d5f218f03c642d54f9901d630759852441dd960573817b8a6e0823e73b6

Request headers

Referer: https://www.file-upload.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82c5804f59d1524c-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 26 Nov 2023 22:17:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=frLibxwYcii%2FbOCD8jwubcNDugyLfrhkK6Ri72HEQHBmYOBXCOs4zqX7AWZ3s3rvo3DmU2U%2FpC8AodJNSoUjLbq69QXV19mCPh8Im%2BRPdMNBW9%2BHFxDCwiCICa0m%2F0drsZgy99%2BQDoADHgJJgRWX4go%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 44ms
44ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1532075
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dhTgex69IFuPJ%2FE4tJhtrj6noaOCRAnGrwCnQEdzSEm6gTKj3F5L85ZABktso4vs%2F28f0HBqGUJAxjh7DkfgC6QwX7PYn4nkqy5I46K36FMirtlqW3Tc4YsWSI%2BpVZwVJ%2Bw43WsSbpYkj9ksLCT%2B2SDu"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c5804f0b50ba86-MXP
expires: Thu, 16 Nov 2023 04:42:48 GMT

GET
H3 200 fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 75 KB
76 KB 26ms
25ms Font
font/woff2 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4452
etag: "12d68-5fe4d56c8e4d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXBWTmpc7xApL1o45LbHZjc5pTsJ0nSY1ZtxRGhe0yXw1Wd1qtKJggJZIjYp8t6YO2HHaH2hf%2BsCGNYIfxqvn2ZRRSfCxth2JdNw94xqDKejSKhqGXYiRWQa2QSHfqtXEaDljv2%2F09E0Te7BP5cqZfbx"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 82c5804f0b52ba86-MXP
alt-svc: h3=":443"; ma=86400
content-length: 77160

GET
H3 200 poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 8 KB
8 KB 80ms
80ms Font
font/woff2 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1910
etag: "1ee0-5fe4d56c8f861"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XX7BqSRYcKMq3npmU2MxUUORTnfE9JueWHHMOfa7AtDPM09%2BZQ5qLgVawPXXxaAm6HtMRzu1z%2BvhkxQ4PQEpr6Bm4J1nt6VTTh6q1soK0CZcVFNveUMK%2BGmC%2FoRpP1E0b1FEV0KesoBuessVbdkKC70%2B"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 82c5804f0b54ba86-MXP
alt-svc: h3=":443"; ma=86400
content-length: 7904

GET
H3 200 poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 8 KB
8 KB 80ms
80ms Font
font/woff2 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2045
etag: "1ecc-5fe4d56c90801"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3DuHQWc2EqtW9WM7nipBa6pZ61DVe8s%2BHVcW7m1%2B4H2ITr1h0F8CbnBt8qgvKU%2BMQShuQal0QpwHnY24Wao2E67A8hISP86qp%2F%2BGjItwymyVHrFe0U6%2Fnjku0e9yPR%2Bq3aXLC3BV0Nw3KSnfuO4l45lu"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 82c5804f0b58ba86-MXP
alt-svc: h3=":443"; ma=86400
content-length: 7884

GET
H2 200 up.js Show response
live.demand.supply/ 5 KB
3 KB 239ms
178ms Script
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/up.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73ac1b0d31e51b405a912a984cdb65eac0887db8ccdfe273a924ece9481b0444

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HG1608VNT7B7GPV4R89G4CD7
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
age: 122
cf-polished: origSize=4807
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
server: cloudflare
etag: W/"b4a520d798fda49cced6e3ca05c12687-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
cf-ray: 82c580513d903cbf-CDG
link: <https://live.demand.supply/impl.v17.21.3.js>; rel=preload; as=script,<https://live.demand.supply/p4/v17-21-0/d3d3LmZpbGUtdXBsb2FkLmluLw==>; rel=preload; as=script
timing-allow-origin: *

GET
H2 200 blockadblock.js Show response
www.file-upload.in/ 7 KB
2 KB 32ms
30ms Script
application/javascript 2606:4700:3031::6815:3355
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.in/blockadblock.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:3355 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9a42cb27417d2b87b8d5983655566731a38089d5e30735e9e931008ea59c634

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 855114
content-encoding: br
x-cache: HIT from Backend
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Jul 2023 11:59:30 GMT
server: cloudflare
etag: W/"64afe722-1c1d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KRLt3X%2BvxrrYJ2OtTxid%2BUzOEfZGPNu8xW4OuEzZPIew4HGgEoLk6NyR0fR4%2BjpY9KA5E0ZndgYx2P8%2BtfoCr9T%2Fl%2BoZH0a4Hb1P1ycAwPthgRcVqh%2Br%2BJtSXF4Ny9H9%2Fj3DMW4yVTlo5z7J1JlP5Ss%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 82c58050dba0524c-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
67 KB 84ms
34ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6d2d6d5bd3cd0ab3138347e06b42c2af4d6fa6998d18d7c097f5ef9f98174579

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68579
x-xss-protection: 0
last-modified: Sun, 26 Nov 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 26 Nov 2023 22:17:23 GMT

GET
H3 200 app.css
www.file-upload.org/mngez/css/ 247 KB
41 KB 30ms
29ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1532329
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJuIOAR%2FngPwUyrqZoxsro6G3p%2FWvV6rM9bH3H7GGoD%2B8nSqxUfbLgL84olNupWPRam87k69wKobJJkt6Lzi%2FtsQE86PTTApf2shaWm98nwlZ1XTf0q0XWtOWvDfpepe3Cr%2Bwi5WzESpZ3JVhIqoskrB"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 82c58050dd9eba86-MXP
expires: Fri, 10 Nov 2023 04:38:34 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 297 KB
85 KB 56ms
32ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=7c2110b22b4d5e674b39cb584e8979a6

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

30debe7e8820b593c8f6c0cddf6de4430a3a7dd6ccb2da62da0a82a655e0d674

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.file-upload.in/
Origin: https://www.file-upload.in
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 26 Nov 2023 22:17:23 GMT
content-md5: QPdqxS0Nq8Hq7aKQwVyfuA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86879
reporting-endpoints
x-fb-debug: bdsJd565D5H197vGNJGXw0rTzQHOjjxNU4nx+zlXr5+/JvROPnLvUX+/zI9jlkfiy6nGt+2Htcu5G00v9s2P5A==
x-fb-content-md5: abcc124da2b3d3c657c3d61ab6a8d16f
cross-origin-opener-policy: same-origin-allow-popups
etag: "96ea4e3a253826f896031fd0d5d82459"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Fri, 22 Nov 2024 06:03:18 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 106ms
24ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

af27345f740e9fa81e2c73fc810a3e48d85df61f024a42bf7aa3b343166d9093

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 26 Nov 2023 22:17:23 GMT
content-md5: TRuymwyI/Rpnv40+Zd6jrQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
reporting-endpoints
x-fb-debug: iUg+XjOEooP3yMXwca8fDmcGM12g/SQCfZ9PpbM983SKmEZHwsJShccnidLgrMnRPr4HnpYoGhoMME58/CqIKw==
x-fb-content-md5: 736ef78189d1d070a849f7406c5f8e35
cross-origin-opener-policy: same-origin-allow-popups
etag: "4dc7880d6ef4294a3b648149d244078c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sun, 26 Nov 2023 22:23:20 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 70ms
20ms Script
text/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 26 Nov 2023 21:20:22 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3421
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Sun, 26 Nov 2023 23:20:22 GMT

GET atrk.js
certify-js.alexametrics.com/ 0
0

GET
H3 200 app.js Show response
www.file-upload.org/mngez/js/ 235 KB
80 KB 73ms
73ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BRWzr9qBDnJKMSKPxOHaZpYIM6jAniWVuRkwkJRJycYc4uMtgXYP8wyqDt7Q0jKSLqazrx4Fb9CbdKyBpnC9%2BpgTYEKWbuFK0KnXiF1p1WOwKXqd%2BHm5nXVvZvW4SLtR3WaKE06jSYvSrG7PP%2BieI7lP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 82c58050dda0ba86-MXP
alt-svc: h3=":443"; ma=86400

GET
H3 200 logo_new.png
www.file-upload.org/assets/images/ 3 KB
4 KB 25ms
24ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 435166
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OPJAVJnCqVvtCWDdzbZ4hiYDE%2BJaYb72txr1D50YGkyE%2BhMKntUumc%2BTQHMJoIAhG3YrOZfC3pRLSa6sj4ZFsa5esCLrjI9nP%2Fxc1oNydzYHyuM3hf7AXMIJSXvJMddzqfAiL9zn5FM2f5z3whSXsy6H"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c58050dda1ba86-MXP
expires: Tue, 28 Nov 2023 21:24:37 GMT

GET
H2 200 email-decode.min.js Show response
www.file-upload.in/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 22ms
21ms Script
application/javascript 2606:4700:3031::6815:3355
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.in/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:3355 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 16 Nov 2023 21:55:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65568fe4-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I98YA2sLiz2s%2FL%2Bwk%2FUIclSRYbP5Drymq2kbaJ4if3%2BzUVdtYyNH5NeHiOJbKAEeBmrOjTM2rhXdPNe6iYFmw7r%2BSmi4xqpC0rL7Klrj5TkFAZD3AGClVnWKPT7GQvBJ7Fh%2BhxDAofPeg5PlIulucME%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 82c58050dba2524c-MXP
expires: Tue, 28 Nov 2023 22:17:23 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 82 KB
30 KB 72ms
21ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 14:18:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28713
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2024 14:18:50 GMT

GET
H3 200 anti1.png
www.file-upload.org/mngez/images/ 19 KB
19 KB 26ms
26ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1436609
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b3FKIZLhPRIbHg%2FB%2FDdeejU6lR1jOjbJaGL116%2BhD8CCjVim5S2qev%2FsGvn9la1vfRhcuiFxl8WLM13WTZ1wZeA3EzZp%2BxAkHRkgIUTYa2qLVrAHoJYZewzd96x0gb5C9hK%2FtUu759qBo%2BheQzYQCFa%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c580510dd8ba86-MXP
expires: Fri, 17 Nov 2023 07:13:54 GMT

GET
H3 200 anti2.png
www.file-upload.org/mngez/images/ 641 B
1 KB 40ms
40ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1616234
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IC3cwwGjHpkntrIxFeHZwXH9DtIECdvo4R2UnMDQFWr0m6BoBVPOAMgmbDQbmhJbXu%2B9ES%2Fgl7G3FXL3dNakNsMGSX3urIBwdjzu4U8fufmHrwnXIrg7xP%2FOGmphxKVpAYSY5NNLiLT%2F5rRpotRMt%2Fs8"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c580512e09ba86-MXP
expires: Wed, 15 Nov 2023 05:20:09 GMT

GET
H2 200 _dmca_premi_badge_4.png
images.dmca.com/Badges/ 4 KB
5 KB 27ms
27ms Image
image/png 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 / ASP.NET
Resource Hash: 0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 19:00:16
cdn-pullzone: 1574055
content-length: 4535
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "0abbdbd420cc1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: 3e45ca22913e6727065ea0225b08c180
accept-ranges: bytes
cdn-requestcountrycode: CH
link: <https://dmca-images.azurewebsites.net/Badges/_dmca_premi_badge_4.png?ID=466fa1aa-ce2e-4b71-b329-6cd08d681302>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 norton.png
www.file-upload.org/assets/images/ 5 KB
5 KB 26ms
25ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/file.php?get=7r3r2tuk9h3u
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2148649
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2vwUuOBz86SCWyglj7FXgyhTXkj24M2y8jYKsVzniPEg12Q5vVCQdU19Dg4xY3Hue06kS9ldn75zXLWa73VqijAzTQmmzkFeGIfHPBHVgk%2FhPq7a8NgNyaslS2hOOcE0531ykgrp6A1B%2BhJ5h%2BP8muYL"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c580519e87ba86-MXP
expires: Thu, 09 Nov 2023 01:26:34 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 302 KB
86 KB 77ms
54ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=2573a3c11b035e55a00bc0d557f47f29

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

63e288f92b95ce23ed61761110290d643e262c834cb02a6feacd8e011c859da4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.file-upload.in/
Origin: https://www.file-upload.in
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 26 Nov 2023 22:17:23 GMT
content-md5: Mnaznec/U3Vx0qNVfbCw3A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88330
reporting-endpoints
x-fb-debug: hMPFQZnxN+KEd9ksFtQlZd/os+ojYaC9yKb/FlMOcv44XSBkQAJXPpheWS2i7xlU9Vl9HRxNtU3X3698nA8SzQ==
x-fb-content-md5: 0db8b56260f97abb268d6b29abbe86fa
cross-origin-opener-policy: same-origin-allow-popups
etag: "edaa99793167bd93a6e1d81a1e31a43f"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Mon, 25 Nov 2024 21:49:39 GMT

GET
H3 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 25ms
25ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1532075
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sXug1WhdGtAbqOs7sfjUGIAsinvyQOjIg%2BylOZuGSjNLPsD8N3WQUSc%2FYcOrbugX3bYr3dlVll15k0PIDI8MiHNKaXvhhT3XuA5ssERh0nmiQ49gJv0KnobLk3xR7TuQqe8Gk5B3RLbgUcNfm8PhF2Em"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c58051ae99ba86-MXP
expires: Thu, 16 Nov 2023 04:42:48 GMT

GET fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 0
0

GET poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET
H3 200 poppins-v5-latin-regular.woff
www.file-upload.org/mngez/fonts/ 10 KB
11 KB 40ms
39ms Font
font/woff 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff?1fce830e6112511a77108832e13172fd
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.in
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 855135
alt-svc: h3=":443"; ma=86400
content-length: 10400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28a0-5fe4d56c936e1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d5RUsmBgO5ErQVT72YLCxuGNj%2BcR2rxeGMwaen9kDHhcabz8x7dnjJwISlhON43MnJ9JetASDlS0wcAYtwYX0CGLI7YO%2FpajrgqYTbi9YSgNhmvEw%2Fj9ZTOoa1bPMBV6RRGjXBhtMyIMZnttY5v8Ox6k"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c58052190059cb-MXP

GET
H3 200 fontawesome-webfont.woff
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 96 KB
96 KB 25ms
25ms Font
font/woff 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.in
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 855135
alt-svc: h3=":443"; ma=86400
content-length: 98024
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "17ee8-5fe4d56c8f479"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pMoUrvrSxdh27XFlF%2FKHFjhwqzgu8foOE9GnykRnvQByDBse8QRScBA8ocqDfucRvy%2F6Pp5st1dOZJid6Q8JDwJYHVtVkNrt%2BAxFEcGGyZ0mYANK7cDamig%2F4QYIjkIpXsoY1uf54m%2FJzo2PyQyPeo%2FF"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c58052290959cb-MXP

GET
H3 200 poppins-v5-latin-500.woff
www.file-upload.org/mngez/fonts/ 10 KB
11 KB 66ms
66ms Font
font/woff 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff?0261e08bd22d9f91c1d277cd4874ec95
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.in
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 855135
alt-svc: h3=":443"; ma=86400
content-length: 10420
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28b4-5fe4d56c94299"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sw0TNQ7xvxhdNfYLFgBCCO90wGXnsko4xgL9szwLz396auYYA%2BB5e0JKSIXO2snviBJMudmYJTe8%2BaIdrgmY4aIUIkLo0K%2FjlYfa8pAFasug%2FbMMRlUSX24AD2H%2FYRY6LOyw5tTyEP9WF8uqVhly5%2B%2FG"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 82c58052291559cb-MXP

GET
H2 200 impl.v17.21.3.js Show response
live.demand.supply/ 84 KB
28 KB 38ms
36ms Script
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/impl.v17.21.3.js

Requested by

Host: www.file-upload.in
URL: https://www.file-upload.in/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70118c761cd94bb75522b651eeaf62d2fe4e908d98b329c6037dcd72d4ce9afe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HG15ZZQQJ6ZDWNF7XVJ88VSX
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
age: 190148
cf-polished: origSize=86611
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
server: cloudflare
etag: W/"926fb3ee6f61d527df693901803ad911-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
cf-ray: 82c580526ec13cbf-CDG

GET
H2 200 d3d3LmZpbGUtdXBsb2FkLmluLw== Show response
live.demand.supply/p4/v17-21-0/ 2 KB
891 B 218ms
215ms Script
text/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/p4/v17-21-0/d3d3LmZpbGUtdXBsb2FkLmluLw==
Requested by: Host: www.file-upload.in
URL: https://www.file-upload.in/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d19796d3c3e62e5a1bf2630d51039c4acb80ae55d7e363a86966038bdab140d

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 82c580526ec43cbf-CDG
alt-svc: h3=":443"; ma=86400

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
478 B 60ms
33ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?e=ll&d=241&cs=c&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854794
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c580528a3cf180-CDG

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 99 KB
30 KB 119ms
69ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d87d0822bbaa955f9478aadc7c85259135b462165a9c555615fba531995a650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30705
x-xss-protection: 0
server: cafe
etag: 363 / 19687 / 31079694 / config-hash: 16204867678510254442
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 22:17:23 GMT

GET
H3 200 ds.2.html Show response
live.demand.supply/ 413 B
586 B 59ms
32ms XHR
text/html 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/ds.2.html

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HENA90GPES8ZH8TZ8DHTJANP
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 854794
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
cf-ray: 82c580528a3af180-CDG
alt-svc: h3=":443"; ma=86400

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
517 B 58ms
31ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/x/e.js?ce=rl&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEWE8MB1SX911MVYFBP7671S
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854794
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "901b70ae40b5b064aef6259e869a717e-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c580528a3df180-CDG

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 224 KB
79 KB 35ms
35ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

663183ac62b3c55305c0cde395a7b7a8dfc650979b3d206985f3b837d10d040b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81006
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 26 Nov 2023 22:17:23 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 69ms
20ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 26 Nov 2023 21:49:38 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 1665
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 26 Nov 2023 23:49:38 GMT

GET
H3 200 file-upload.in_fluid_sq_fluidsquare Show response
live.demand.supply/cp/ 29 B
373 B 159ms
159ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/file-upload.in_fluid_sq_fluidsquare?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=ZmlsZS11cGxvYWQuaW4v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f72695d5e0fde2f25944b48ada6d91cf2befd5285741b7767f8040b934206ab

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 82c58052aa53f180-CDG
alt-svc: h3=":443"; ma=86400
content-length: 29

GET
H3 200 file-upload.in_fluid_sq_fluidsquare Show response
live.demand.supply/cp/ 29 B
374 B 154ms
154ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/file-upload.in_fluid_sq_fluidsquare?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=ZmlsZS11cGxvYWQuaW4v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f72695d5e0fde2f25944b48ada6d91cf2befd5285741b7767f8040b934206ab

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 82c58052aa55f180-CDG
alt-svc: h3=":443"; ma=86400
content-length: 29

GET
H3 200 file-upload.in_fluid_all_fluidallshapes Show response
live.demand.supply/cp/ 30 B
372 B 163ms
163ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/file-upload.in_fluid_all_fluidallshapes?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=ZmlsZS11cGxvYWQuaW4v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7f956d6fb47d2b64be68785a2da0aa605dfd81d65ce4dff90216dd101d5ff38

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 82c58052aa56f180-CDG
alt-svc: h3=":443"; ma=86400
content-length: 30

GET
H3 200 file-upload.in_fluid_sq_fluidsquare Show response
live.demand.supply/cp/ 29 B
373 B 230ms
230ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/file-upload.in_fluid_sq_fluidsquare?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=ZmlsZS11cGxvYWQuaW4v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f72695d5e0fde2f25944b48ada6d91cf2befd5285741b7767f8040b934206ab

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 82c58052aa57f180-CDG
alt-svc: h3=":443"; ma=86400
content-length: 29

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
479 B 32ms
32ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/x/e.js?ce=fs&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEWE8MB1SX911MVYFBP7671S
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854794
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "901b70ae40b5b064aef6259e869a717e-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c58052aa58f180-CDG

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 94ms
37ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-3T7TKCZCC9&gtm=45je3b81v9114416819&_p=1701037043362&gcd=11l1l1l1l1&dma=0&cid=1496652062.1701037044&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1701037043&sct=1&seg=0&dl=https%3A%2F%2Fwww.file-upload.in%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=624
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
208 B 28ms
27ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=911668722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.file-upload.in%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&ul=en-us&de=UTF-8&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1934943653&gjid=1523029823&cid=1496652062.1701037044&tid=UA-119779859-1&_gid=383712901.1701037044&_r=1&gtm=457e3b81&gcd=11l1l1l1l1&dma=0&jsscut=1&z=503617764

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.file-upload.in/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/ 430 KB
135 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87960e7994f9fc5f6d2fc8c0b93be02f4b9b7cdca0dd9c726f5806d8e9092068

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 13:45:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30691
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138013
x-xss-protection: 0
server: cafe
etag: 17202369310903786887
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 25 Nov 2024 13:45:52 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
479 B 110ms
110ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_fluid_sq_fluidsquare&pdc=0.4551178336143493&ucv=null&e=tcp&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854794
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c58053ab53f180-CDG

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
479 B 31ms
31ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_fluid_sq_fluidsquare&pdc=0.4551178336143493&ucv=null&e=tcp&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854794
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c58053ab5af180-CDG

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
482 B 31ms
31ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_fluid_all_fluidallshapes&pdc=0.22755891680717466&ucv=null&e=tcp&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854794
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c58053ab60f180-CDG

GET
H2 200 file-upload.in_fluid_sq_fluidsquare Show response
api.demand.supply/v17-21-0/a/ 383 B
720 B 95ms
34ms XHR
application/json 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v17-21-0/a/file-upload.in_fluid_sq_fluidsquare?&dsReferer=ZmlsZS11cGxvYWQuaW4v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9897b4c743db06b82f375b9155cfe09e62f8c5e72ca83ad71a6a7d0c6cd15746

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 1482
etag: W/"17f-F4/uZyhQRs8cAu6oSLc3cKduIEA"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 82c580541808f0cb-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 file-upload.in_fluid_sq_fluidsquare Show response
api.demand.supply/v17-21-0/a/ 383 B
514 B 190ms
133ms XHR
application/json 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v17-21-0/a/file-upload.in_fluid_sq_fluidsquare?&dsReferer=ZmlsZS11cGxvYWQuaW4v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9897b4c743db06b82f375b9155cfe09e62f8c5e72ca83ad71a6a7d0c6cd15746

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 1482
etag: W/"17f-F4/uZyhQRs8cAu6oSLc3cKduIEA"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 82c580541804f0cb-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 file-upload.in_fluid_all_fluidallshapes Show response
api.demand.supply/v17-21-0/a/ 385 B
547 B 165ms
129ms XHR
application/json 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v17-21-0/a/file-upload.in_fluid_all_fluidallshapes?&dsReferer=ZmlsZS11cGxvYWQuaW4v
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 543ecea882d39aea47b52446613562c16db55f3776a1386ae9500b209489de56

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 1482
etag: W/"181-1yITlTPCwW6NeAA9dYaUgXdvTcs"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 82c580541807f0cb-CDG
alt-svc: h3=":443"; ma=86400

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
479 B 140ms
139ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_auto_interstitial_desktop&sn=1&ific=true&e=iar2&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854794
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c58053eb99f180-CDG

GET
H2 200 ob.js Show response
cdn-ima.33across.com/ 11 KB
5 KB 75ms
24ms Script
application/javascript 172.64.152.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-ima.33across.com/ob.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.152.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6cfe89b284e6a2100a86b8d6b0e52b76b85cc62622a40d63e929f328d883a6a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 30 Oct 2023 20:31:13 GMT
server: cloudflare
age: 412040
etag: W/"65401291-2b7d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 82c580545f230208-ZRH
expires: Wed, 29 Nov 2023 22:17:23 GMT

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 54ms
16ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 15:01:28 GMT
content-encoding: gzip
age: 1408555
x-guploader-uploadid: ABPtcPrkeBTNnr7iwEOQsOO1crWmoZ9iqL2ey0CP8aUBoDmjemJ9aPIOtU-feRiw5Wy2dKUFws4yGGOQFv5l4BNB7C1_dbA4tPMg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Sat, 09 Nov 2024 15:01:28 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 103ms
49ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx
etag: W/"653b5c0e-a9a7"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 27 Nov 2023 22:17:23 GMT

GET
H2 200 connectId-gpt.js Show response
connectid.analytics.yahoo.com/ 9 KB
9 KB 120ms
30ms Script
application/javascript 2600:9000:2090:7800:10:dd8:5e40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://connectid.analytics.yahoo.com/connectId-gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2090:7800:10:dd8:5e40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c7f6468c8ac1542980b2d5f637fa933d7d00d2c6ff6690e34505d2aed0c0e23a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 21:30:08 GMT
via: 1.1 d120748dba94009201c8a9c5c612c7fc.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'
x-amz-cf-pop: AMS58-P1
age: 2836
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 8730
x-amz-expiration: expiry-date="Tue, 17 Oct 2028 00:00:00 GMT", rule-id="webapp-standard-lifecycle"
last-modified: Tue, 17 Oct 2023 13:17:45 GMT
server: AmazonS3
etag: "c46e30de24d0f12167e302e9e32ff4a5"
content-type: application/javascript
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: OlLhQDBeY6fmPMsRIA4a_VyKW0lTvKbcgYJaJZUT5tjqVRoYdJk8WA==

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 92ms
31ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 12732
x-jsd-version: master
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230096-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0OzWwMiQwA8leY47i6CaAXAOogtTiDdN%2BwFPs%2FAgpHMkAVFaeHyWREr2lTyEej%2FLYxuqs4I%2F7hB%2FlMKbyHLtbwxXodWOXzjEIWyrBkuBh6f%2F8Jl3LgfmB5Y7WMjCbgVbwytBPYIkiXedCUUo3DE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 82c580546def228e-CDG

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 156 KB
34 KB 76ms
34ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22a1257891d7523261ed7426751d43a5dfeb83e2211aed3b71f085b5a45149ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Nov 2023 08:19:05 GMT
server: cloudflare
x-amz-request-id: 97756S9ZVTA8XC5E
age: 436
etag: W/"6d1031a5affe091aafc4dbcf111418ee"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 82c5805448374c52-MXP
x-amz-id-2: kRKypARnF4eDtg8wodvhgblXCF3kaTKwsbE/SdngeRLkFGotO2zCkS7sjgu18tyVjfzEla1j/wIfy1VMvzvFzQ==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 75ms
35ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:23 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 0a0e61b0cf5017f4fc940eb7b62b5556
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
3 KB 108ms
29ms Script
text/javascript 2600:9000:2447:e200:a:e047:753:a221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2447:e200:a:e047:753:a221 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: KP_OVZMS6roEW_XJdOd.KnSEmM8GWiP3
Date: Sun, 26 Nov 2023 10:03:28 GMT
Via: 1.1 c0f1616474eb5ab66a150ca4467bd724.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS58-P5
Age: 44036
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 2776
Last-Modified: Thu, 19 Oct 2023 06:40:11 GMT
Server: AmazonS3
ETag: "a3a9a9ee8e72db69d54e805f0586c651"
Content-Type: text/javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: jbjGuX12waqjSF-xujX6ERjzXvinm4STlT-GthzEoy7ToE4cwpxjCA==

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 121ms
38ms Script
text/javascript 18.239.18.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.18.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-18-33.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 07:38:20 GMT
content-encoding: gzip
via: 1.1 65c7ccdbbbb8463f3d45d2d76098350e.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P6
age: 52744
x-amz-server-side-encryption: AES256
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: 3-_dktHNham7hPaTonFsts4EBbuJvdDFobXng7NXdc9gGd4ARbJ1Hw==

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 KB
729 B 448ms
448ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2159637305221331&correlator=700870041921573&eid=31079660%2C31079310%2C31079694%2C31079527&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2Cd0c94ace-e46e-49b4-ad33-00ec0766b4be&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=1&sfv=1-0-40&ists=1&fas=8&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701037043829&lmt=1701037043&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1496652062.1701037044&ga_sid=1701037044&ga_hid=911668722&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRjy4NXtwDFIAFICCGQSHAoNY3J3ZGNudHJsLm5ldBjy4NXtwDFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGPLg1e3AMUgAUgIIZBIZCgpwdWJjaWQub3JnGPLg1e3AMUgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRjy4NXtwDFIAFICCGQSFwoIcnRiaG91c2UY8uDV7cAxSABSAghkEhQKBW9wZW54GPLg1e3AMUgAUgIIZBIZCgp1aWRhcGkuY29tGPLg1e3AMUgAUgIIZBIbCgxpZDUtc3luYy5jb20Y8uDV7cAxSABSAghk&dlt=1701037043326&idt=465&prev_scp=ti%3Db0213ff6-e76f-493a-8d30-08c2cb104f80%26interstitials-bid%3D5%26bid-p%3Dgoogle%26bsc%3D94&adks=79733870&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad18f76134091d6a4ea14854c9b7f8ec60ddcaf78b06e9e2c3ffa6bd22920ccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 698
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 39C3 6 KB
3 KB 131ms
55ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:23 GMT
expires: Mon, 25 Nov 2024 22:17:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 824 B
424 B 457ms
456ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2159637305221331&correlator=480959560285931&eid=31079660%2C31079310%2C31079694%2C31079527&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2Cbeac2f13-96f1-49f2-bb26-529dae41904b&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=2&sfv=1-0-40&ists=1&fas=1&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701037043839&lmt=1701037043&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1496652062.1701037044&ga_sid=1701037044&ga_hid=911668722&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRjy4NXtwDFIAFICCGQSHAoNY3J3ZGNudHJsLm5ldBjy4NXtwDFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGPLg1e3AMUgAUgIIZBIZCgpwdWJjaWQub3JnGPLg1e3AMUgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRjy4NXtwDFIAFICCGQSFwoIcnRiaG91c2UY8uDV7cAxSABSAghkEhQKBW9wZW54GPLg1e3AMUgAUgIIZBIZCgp1aWRhcGkuY29tGPLg1e3AMUgAUgIIZBIbCgxpZDUtc3luYy5jb20Y8uDV7cAxSABSAghk&dlt=1701037043326&idt=465&prev_scp=ti%3Db0213ff6-e76f-493a-8d30-08c2cb104f80%26interstitials-bid%3D0.4%26bid-p%3Dgoogle%26stt%3Dbhs%26bsc%3D94&adks=2440838110&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

969ba10559cd16c1029a7fee37ea9e664b5ab8d306ad1ee5dc7bf8012e3f8b8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 393
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/ 39 KB
13 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl_page_level_ads.js?cb=31079694

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8934c75d7b6faf5e681a0d3fc7854a70876feebd7f613f792ffe35345486b16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 21:33:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2658
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13740
x-xss-protection: 0
server: cafe
etag: 13319621592303420164
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 25 Nov 2024 21:33:05 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
479 B 34ms
34ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_fluid_sq_fluidsquare&pdc=0.4551178336143493&ucv=null&e=tcp&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854794
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c580541bd3f180-CDG

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
481 B 35ms
35ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/x/e.js?ce=da&r=file-upload.in_fluid_sq_fluidsquare&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEWE8MB1SX911MVYFBP7671S
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854794
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "901b70ae40b5b064aef6259e869a717e-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c580541bd5f180-CDG

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 484ms
484ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2159637305221331&correlator=2055847529293739&eid=31079660%2C31079310%2C31079694%2C31079527&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2Cb6d4a9d1-0710-4eee-90c9-3acb530eed97&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1024x280%7C750x300%7C750x200%7C930x180%7C970x250&ifi=3&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701037043854&lmt=1701037043&adxs=245&adys=1730&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=3&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=1110x296&msz=1110x296&fws=0&ohw=0&ga_vid=1496652062.1701037044&ga_sid=1701037044&ga_hid=911668722&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRjy4NXtwDFIAFICCGQSHAoNY3J3ZGNudHJsLm5ldBjy4NXtwDFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGPLg1e3AMUgAUgIIZBIZCgpwdWJjaWQub3JnGPLg1e3AMUgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRjy4NXtwDFIAFICCGQSFwoIcnRiaG91c2UY8uDV7cAxSABSAghkEhQKBW9wZW54GPLg1e3AMUgAUgIIZBIZCgp1aWRhcGkuY29tGPLg1e3AMUgAUgIIZBIbCgxpZDUtc3luYy5jb20Y8uDV7cAxSABSAghk&dlt=1701037043326&idt=465&prev_scp=ti%3Db0213ff6-e76f-493a-8d30-08c2cb104f80%26chrand%3Dy%26pof%3D0%26bid%3D0.29%26bid-p%3Dgoogle%26bsc%3D94&adks=1176527146&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

91e90be8d5ed5bb9b3bc712826811913fc616afb7bdeb4633bbdcb343b2b6e2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12731
x-xss-protection: 0
google-lineitem-id: 5563951594
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138332681208
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
479 B 31ms
31ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/x/e.js?ce=da&r=file-upload.in_fluid_sq_fluidsquare&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEWE8MB1SX911MVYFBP7671S
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854794
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "901b70ae40b5b064aef6259e869a717e-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c580544c05f180-CDG

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 91 KB
42 KB 375ms
375ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2159637305221331&correlator=2143923837001935&eid=31079660%2C31079310%2C31079694%2C31079527&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2Cb6d4a9d1-0710-4eee-90c9-3acb530eed97&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1024x280%7C750x300%7C750x200%7C930x180%7C970x250&ifi=4&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701037043888&lmt=1701037043&adxs=245&adys=611&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=1110x296&msz=1110x296&fws=0&ohw=0&ga_vid=1496652062.1701037044&ga_sid=1701037044&ga_hid=911668722&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRjy4NXtwDFIAFICCGQSHAoNY3J3ZGNudHJsLm5ldBjy4NXtwDFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGPLg1e3AMUgAUgIIZBIZCgpwdWJjaWQub3JnGPLg1e3AMUgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRjy4NXtwDFIAFICCGQSFwoIcnRiaG91c2UY8uDV7cAxSABSAghkEhQKBW9wZW54GPLg1e3AMUgAUgIIZBIZCgp1aWRhcGkuY29tGPLg1e3AMUgAUgIIZBIbCgxpZDUtc3luYy5jb20Y8uDV7cAxSABSAghk&dlt=1701037043326&idt=465&prev_scp=ti%3Db0213ff6-e76f-493a-8d30-08c2cb104f80%26chrand%3Dy%26pof%3D0%26bid%3D0.29%26bid-p%3Dgoogle%26bsc%3D94&adks=554408032&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02a6d10f5b01a3f642b7d51769938003a6df66d74219f4670412465b0337fab0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43322
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.file-upload.in%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.file-upload.in%2F&rid=esp&cc=1

85 B
194 B

132ms
131ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.file-upload.in%2F&rid=esp&cc=1
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 115a766c8d4ecfcbb6928f450c44fcb86861255bec819faae054c61b3c9a2e5b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-n5FnXz8uUHNoQBgHy+O0oL0P8K8"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.file-upload.in
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Sun, 26 Nov 2023 22:17:23 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://www.file-upload.in
location: /esp?url=https%3A%2F%2Fwww.file-upload.in%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
234 B 70ms
21ms XHR
text/plain 162.19.138.116
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.116 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533567.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.file-upload.in/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.file-upload.in
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame EE50 15 KB
6 KB 82ms
28ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.file-upload.in

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:23 GMT
server: Kestrel
server-processing-duration-in-ticks: 247524
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
480 B 35ms
34ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/x/e.js?ce=da&r=file-upload.in_fluid_sq_fluidsquare&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEWE8MB1SX911MVYFBP7671S
date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854795
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "901b70ae40b5b064aef6259e869a717e-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c580550cacf180-CDG

GET
H2 400 fed Show response
ups.analytics.yahoo.com/ups/58813/ 0
366 B 98ms
25ms XHR
application/json 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ups.analytics.yahoo.com/ups/58813/fed?gpp_sid=-1&v=1&url=https%3A%2F%2Fwww.file-upload.in%2F

Requested by

Host: connectid.analytics.yahoo.com
URL: https://connectid.analytics.yahoo.com/connectId-gpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.87 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.87
age: 0
vary: Origin
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
access-control-allow-origin: https://www.file-upload.in
content-type: application/json
access-control-allow-credentials: true
content-length: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 91 KB
42 KB 367ms
366ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2159637305221331&correlator=1568097782178002&eid=31079660%2C31079310%2C31079694%2C31079527&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2Cb6d4a9d1-0710-4eee-90c9-3acb530eed97&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1024x280%7C750x300%7C750x200%7C930x180%7C970x250&ifi=5&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701037044007&lmt=1701037044&adxs=245&adys=231&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=1110x296&msz=1110x296&fws=0&ohw=0&ga_vid=1496652062.1701037044&ga_sid=1701037044&ga_hid=911668722&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRij4tXtwDFIAFICCG8SHAoNY3J3ZGNudHJsLm5ldBjy4NXtwDFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGPLg1e3AMUgAUgIIZBIZCgpwdWJjaWQub3JnGNzh1e3AMUgAUgIIahIdCg5lc3AuY3JpdGVvLmNvbRjy4NXtwDFIAFICCGQSFwoIcnRiaG91c2UYy-HV7cAxSABSAghqEhQKBW9wZW54GPLg1e3AMUgAUgIIZBIZCgp1aWRhcGkuY29tGPLg1e3AMUgAUgIIZBIbCgxpZDUtc3luYy5jb20YnuLV7cAxSABSAghq&dlt=1701037043326&idt=465&prev_scp=ti%3Db0213ff6-e76f-493a-8d30-08c2cb104f80%26chrand%3Dy%26pof%3D0%26bid%3D0.29%26bid-p%3Dgoogle%26bsc%3D94&adks=2746787995&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f45ea48d1d58008b497bce74122e6b1dce39045f558732a28209d4dea948046f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43049
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 91 KB
42 KB 455ms
455ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2159637305221331&correlator=2924406462006491&eid=31079660%2C31079310%2C31079694%2C31079527&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2Ce5d6a113-1897-44a9-a217-a640317b4e22&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=550x600%7C480x320%7C160x600%7C300x250%7C300x600%7C320x480&ifi=6&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701037044010&lmt=1701037044&adxs=245&adys=1074&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=1110x616&msz=1110x616&fws=0&ohw=0&ga_vid=1496652062.1701037044&ga_sid=1701037044&ga_hid=911668722&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRij4tXtwDFIAFICCG8SHAoNY3J3ZGNudHJsLm5ldBjy4NXtwDFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGPLg1e3AMUgAUgIIZBIZCgpwdWJjaWQub3JnGNzh1e3AMUgAUgIIahIdCg5lc3AuY3JpdGVvLmNvbRjy4NXtwDFIAFICCGQSFwoIcnRiaG91c2UYy-HV7cAxSABSAghqEhQKBW9wZW54GPLg1e3AMUgAUgIIZBIZCgp1aWRhcGkuY29tGPLg1e3AMUgAUgIIZBIbCgxpZDUtc3luYy5jb20YnuLV7cAxSABSAghq&dlt=1701037043326&idt=465&prev_scp=ti%3Db0213ff6-e76f-493a-8d30-08c2cb104f80%26chrand%3Dy%26pof%3D0%26bid%3D0.1%26bid-p%3Dgoogle%26bsc%3D94&adks=2135243791&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

848617181f078424393ded0015ce45584ac7d6835880e2441cbd17437914f602

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42995
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 235 B
694 B 193ms
98ms XHR
application/json 52.215.24.0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.24.0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-24-0.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2be4cdff5155a116e925e6bd091b8d4ad142c2c594b2dde80f7fe6b038929207

Request headers

Referer: https://www.file-upload.in/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache
x-server: 10.45.3.66
access-control-allow-credentials: true
content-length: 235
expires: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame EE50
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=file-upload.in&sn=ChromeSyncframe&so=0&topUrl=www.file-upload.in&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=_xmDGnw2Qml5bUY0c0luc2RuTGNRaEpHeVFob1FURGdEaStoZjlZN2tQVFdtWlhncGs4bkdpbXJCUlpZS3FSeWxRRGg5SHhab0dHcGs2ZGtSNzhMbUpEY0VJRGs5K2kyMlpOYVdTWlVNMk1MMElCZDlwaUhKSVRLRGFzdD...

441 B
658 B

31ms
31ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=_xmDGnw2Qml5bUY0c0luc2RuTGNRaEpHeVFob1FURGdEaStoZjlZN2tQVFdtWlhncGs4bkdpbXJCUlpZS3FSeWxRRGg5SHhab0dHcGs2ZGtSNzhMbUpEY0VJRGs5K2kyMlpOYVdTWlVNMk1MMElCZDlwaUhKSVRLRGFzdDRuMDRKN21PWWZNWi96bmhocE1FcWZJMzFzalR0OCtkRURXQWxtMlg1U2NvV0dKVm1UR2FLeU1WeGlIYmc5YlJueFpDNC80Y2tORmU0S21nSjYrM2hmb3owWlVyYVlRaml1eC9yQm1wRTcwTXBkeDh3NG9kaWhJR3VLY3UrZDRNbGJjLzNLR0IyYkZmOHJTYVBST1QwVmVuWUt3bmQwQT09fA&cppv=2

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

73d8b7246d74c24a4b7bdaf3df7576fe4d356cdda42c4e3db6a1acf1fade5560

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4464794
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:23 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=_xmDGnw2Qml5bUY0c0luc2RuTGNRaEpHeVFob1FURGdEaStoZjlZN2tQVFdtWlhncGs4bkdpbXJCUlpZS3FSeWxRRGg5SHhab0dHcGs2ZGtSNzhMbUpEY0VJRGs5K2kyMlpOYVdTWlVNMk1MMElCZDlwaUhKSVRLRGFzdDRuMDRKN21PWWZNWi96bmhocE1FcWZJMzFzalR0OCtkRURXQWxtMlg1U2NvV0dKVm1UR2FLeU1WeGlIYmc5YlJueFpDNC80Y2tORmU0S21nSjYrM2hmb3owWlVyYVlRaml1eC9yQm1wRTcwTXBkeDh3NG9kaWhJR3VLY3UrZDRNbGJjLzNLR0IyYkZmOHJTYVBST1QwVmVuWUt3bmQwQT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 271940
content-length: 0
expires: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 120ms
70ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202311130101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9e0ceb1f95a005893308cd11cf0f53eeb5c563649062bf9f30a87752cc8e773

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12306
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 113ms
50ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 26 Nov 2023 22:17:24 GMT

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 6DAF 572 B
800 B 67ms
30ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: c3a581d187fa5f6096ca8df10de081cd9048467f30b11c168856a3bba7479aca

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 375
content-type: text/html
date: Sun, 26 Nov 2023 22:17:24 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 6DAF
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3135072572220521421

43 B
106 B

34ms
28ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3135072572220521421
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3135072572220521421
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame 6DAF
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=9d46e52c-6446-c612-1118-74d0e9c35fd8
https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=9d46e52c-6446-c612-1118-74d0e9c35fd8&dcc=t

43 B
855 B

198ms
198ms

Image
image/gif

67.220.226.234
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=9d46e52c-6446-c612-1118-74d0e9c35fd8&dcc=t

Requested by

Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5

Protocol

HTTP/1.1

Server

67.220.226.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 26 Nov 2023 22:17:24 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 0ZT0X9A0CT9SKVJH70JW
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 26 Nov 2023 22:17:24 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: XF93YKX602T1SZNT207S
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=9d46e52c-6446-c612-1118-74d0e9c35fd8&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 6DAF 70 B
149 B 134ms
43ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=c5909951-78ec-7de8-d116-f64781f09438&gdpr=0
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 6DAF 170 B
409 B 93ms
30ms Image
image/png 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTlmZjRhOWItYjE5Yi0yMzRjLWM0ZjYtYWNmZTRiMTI1YTU4

Requested by

Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 6DAF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBYeIfjf8h-xhznHD2-lyDA&google_cver=1

43 B
180 B

34ms
28ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBYeIfjf8h-xhznHD2-lyDA&google_cver=1
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBYeIfjf8h-xhznHD2-lyDA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0D02 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:23 GMT
expires: Mon, 25 Nov 2024 22:17:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
478 B 34ms
34ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=0.29&b=1&r=file-upload.in_fluid_sq_fluidsquare&sy=022f0434-6c41-47f8-bb82-499f529219bc&ts=94&cd=2&pud=241&pus=c&pue=529&pid=42&pis=c&pie=571&ppd=220&pps=a&ppe=749&pcl=432&ttc=839&tti=1252&ttif=0&lca=749&lcak=ppe&lct=749&lctk=ppe&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.file-upload.in&mlre=www.file-upload.org&mlin=0&mlsi=1024x280&mlbw=4g&mlcs=NaN&mltp=b0213ff6-e76f-493a-8d30-08c2cb104f80&e=lm&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854795
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c58056de67f180-CDG

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5B14 13 KB
5 KB 22ms
21ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 11264
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 19:09:40 GMT
expires: Mon, 25 Nov 2024 19:09:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 23B2 829 B
1 KB 79ms
30ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

54453b4fbefcca3dca79bc9a64b29e36e9b6b06b043a81a3c5c49d7cd8132629

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-omSdYyIv39HPzo-VNGlJcw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-omSdYyIv39HPzo-VNGlJcw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:24 GMT
expires: Sun, 26 Nov 2023 22:17:24 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
480 B 113ms
113ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_auto_interstitial_desktop&e=nai&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854795
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c58056ee78f180-CDG

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
480 B 111ms
111ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_auto_interstitial_desktop&sn=2&ific=false&e=iar2&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854795
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c58056ee79f180-CDG

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 134 KB
50 KB 442ms
442ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2159637305221331&correlator=1279498087103010&eid=31079660%2C31079310%2C31079694%2C31079527&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2C35c3e781-1e45-4079-92a7-84ee84a2671a&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=7&sfv=1-0-40&ists=1&fas=8&eri=1&sc=1&cookie=ID%3D543bcc6eae8df510%3AT%3D1701037043%3ART%3D1701037043%3AS%3DALNI_MYzYwX5CkeCifLpLh4ioG_PJuZmkw&gpic=UID%3D00000cdccb6abf27%3AT%3D1701037043%3ART%3D1701037043%3AS%3DALNI_MaFTESYPO2-gvcxdyMRrM1pcwky9w&abxe=1&dt=1701037044299&lmt=1701037044&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=7&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1496652062.1701037044&ga_sid=1701037044&ga_hid=911668722&ga_fc=true&a3p=EloKDWNyd2RjbnRybC5uZXQSQDcxODJiOGNhYTg2ZGY3OWZjMDM2MzM0NGU4MzU0OTQ1YTcwMmQ1NDUzNzc3YjIzNDkzMmMzOGU2YzQyZjcyYzUY7-PV7cAxSAASGwoMMzNhY3Jvc3MuY29tGPLg1e3AMUgAUgIIZBIZCgpwdWJjaWQub3JnGNzh1e3AMUgAUgIIahIYCgl5YWhvby5jb20Yo-LV7cAxSABSAghvEh0KDmVzcC5jcml0ZW8uY29tGPLg1e3AMUgAUgIIZBIXCghydGJob3VzZRjL4dXtwDFIAFICCGoSPgoFb3BlbngSLGV5SnBJam9pUm1wNWJVTk9SbkpSYUN0TWQwUTJkalZrWlc1NFVUMDlJbjA9GOjj1e3AMUgAEhkKCnVpZGFwaS5jb20Y8uDV7cAxSABSAghkEhsKDGlkNS1zeW5jLmNvbRie4tXtwDFIAFICCGo.&dlt=1701037043326&idt=465&prev_scp=ti%3Db0213ff6-e76f-493a-8d30-08c2cb104f80%26interstitials-bid%3D1%26bid-p%3Dgoogle%26bsc%3D94&adks=3111070440&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba00e199882f3b24cddfdb1d0f3ecb36fa93fb4e6e75015dcb9035af38513852

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51432
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 115 KB
46 KB 353ms
353ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2159637305221331&correlator=253839004713673&eid=31079660%2C31079310%2C31079694%2C31079527&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2Cbcf1b191-0990-4fe0-90e5-a2e0b1483964&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=8&sfv=1-0-40&ists=1&fas=1&eri=1&sc=1&cookie=ID%3D66617d9176cb4212%3AT%3D1701037043%3ART%3D1701037043%3AS%3DALNI_MaaYAKn0gbndHbOsil1vgvUSDCiXQ&gpic=UID%3D00000cdccbfff855%3AT%3D1701037043%3ART%3D1701037043%3AS%3DALNI_MZQlXXOQEJSrcbo7_aCmsZJqW4yig&abxe=1&dt=1701037044304&lmt=1701037044&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=8&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1496652062.1701037044&ga_sid=1701037044&ga_hid=911668722&ga_fc=true&a3p=EloKDWNyd2RjbnRybC5uZXQSQDcxODJiOGNhYTg2ZGY3OWZjMDM2MzM0NGU4MzU0OTQ1YTcwMmQ1NDUzNzc3YjIzNDkzMmMzOGU2YzQyZjcyYzUY7-PV7cAxSAASGwoMMzNhY3Jvc3MuY29tGPLg1e3AMUgAUgIIZBIZCgpwdWJjaWQub3JnGNzh1e3AMUgAUgIIahIYCgl5YWhvby5jb20Yo-LV7cAxSABSAghvEh0KDmVzcC5jcml0ZW8uY29tGPLg1e3AMUgAUgIIZBIXCghydGJob3VzZRjL4dXtwDFIAFICCGoSPgoFb3BlbngSLGV5SnBJam9pUm1wNWJVTk9SbkpSYUN0TWQwUTJkalZrWlc1NFVUMDlJbjA9GOjj1e3AMUgAEhkKCnVpZGFwaS5jb20Y8uDV7cAxSABSAghkEhsKDGlkNS1zeW5jLmNvbRie4tXtwDFIAFICCGo.&dlt=1701037043326&idt=465&prev_scp=ti%3Db0213ff6-e76f-493a-8d30-08c2cb104f80%26interstitials-bid%3D0.1%26bid-p%3Dgoogle%26stt%3Dbhs%26bsc%3D94&adks=920899659&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ad16ab974fb75864d97282d6532ca45539337abcc4bec86fb1d3e93d0495580

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47428
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2304 478 B
779 B 110ms
62ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiv8tz-ATAB&v=APEucNXeA8JnZfDFjU0U31DPCtYajwRSrPVUvYxcJsSzEbTWaij9XQ8gPDKpN8poc6L5kEwFxWTN0ejacKj_XCKgw7K7fiWKgg

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:24 GMT
expires: Sun, 26 Nov 2023 22:17:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 0D02 23 KB
9 KB 73ms
30ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 15:58:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22717
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 15:58:47 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 0D02 7 KB
3 KB 70ms
27ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 14:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27160
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 14:44:44 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0D02 0
0 130ms
67ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssXKQC9XvKcM3FuM837GtR3WkGm63g1Ph-JnIT-9Xs2qdlhE2FDgWGnfAPlVZ7vZOjyNIMRm3iJBnDwug5wh4t11M1OYmJE1clrpH0YIEUU8ypWXwLQokdECYNyWyE1BWdDs9FLguUk3q0RqpKswdeDkWufI9g9wBtBoFlwI1EwrLMi-IjmOWOH8gIwh2LFf0ZKTnc5wtlnX4NURuH1OiPyMYRpBnj2IexINvXVL0ruvflrWpzQfX-jy_OiRlKybUSFsBeyAEBz_i8wMR7uljNHg6HkwtTO_09yu5TUg5DxMeluVMwvTrzVfk2NZDGfiKi31qEoKPgfPoHNzW47mafaPQDEVb_Wd5InMpLlq92wXFCbJks_UgfW39WzwDPa0QwxtIxmkYzcMoZ76CNHETHbhjvsyT0hf86p_qthdm0aKBGMMaVOrAPEtY1mWTagWOFzRDqgsaNtfy0Kz_vXMephQL1-6qZX3bLlTPFJ9ZpDtpzllBShEjgKT_Pt1YlHO1gXk_PX9KlOiZXGeUaQxFdzIe-GfOuDsj_FwKdtbIalUgf8S4j3pQ1bTeQh7FcauV8EF2RmR9sKKHyRwz2Y_QIkL5Fitz28CT1s6bAUyW4rZohYRMAwqZEn_B1lMde9ASSJP9WkrIkYElkdguFyBxp26Yjbw_dOgoVT6cIghAIvjo3_n8x5Y2KiISeqXlfO-IdV0JUklszYY9T4IF8NE40UfJZqV1OWyenqDTnJNpDKioeLHuQ7NyvcCg3jEDtCWOL96ZaNCwma-_3wJbMq6pLLOW4_HXRs0xBFTW5OKrwtlUNFrvBIOxulgNXXyH_u15L9gBo16_TQtF-r2jt64uPdIDd0ukRFj46RwzBQ5TL_6db5WNGTs2pXQ4cCh_8xXMHRAqlilB9Z9oLNydH0ONh-YF3eB9V9aeUzl8BrYG9zwlosmndn6qCAc_ntfKIAFAutB5c6ZpBI4ZT_ps3bKvfOediIwzvGsnq6pvJlzHmX36Sp_f9byZx0n_ntIf8YsBQCNHL8LIC1r1Dl9O_CWKFTkXC6DTTKWwkOqE82udyBWXq4Z04pDMnLec1PDljjNPkxMkgJbORqfWq4quAQdvKYKLFjde79BGKeBkYI8O-QKOtcqjcW2Uu-6pbFIfK-_5miY7toYO30fbKxdXg-L0RJMSCWkI97xX40q8zYYdvdzGPT44jxLYdVQ0Ez9UCBtkaCCqx_s1mqwtaXN84XRD1DCR2uHY-uVaI7hV_uthCNR7dtuklLCTPo1R6P6KAhCwByxyqavu5Ql60OAuUhv3DuLFynAt9ScyDrfBz-hLdvXPzeLCy4p39bZPQo1tq5m8gQQMwNuQrWgZ86OdbZj0HPE84Q0ydO6N51mEAFJv1KTMnqanlCeyyoBYwYnkKH3qRhFr2zmPYD37GE0F7isRg&sai=AMfl-YSZdtg2FfNIozWNbCUVJcebbuI8aPTlDHjyFLSE-Dr9bTNVaSLntySXTHxNLiljmbZWt292n6Ipp40byCvc31JBUEgLpvdA3iCsN9tWJ6HCZp05BSnA2ajhEFgRFKyCkiGDp-uu1MIuUycDdO2yJT8Tllju7-pTQSkQvWmRosj5wr1yyU1QdgNhDH27Roqlq2qAt92Lrq28Zq9E1ogP0SZkWeUPcdDvpK8QKsWR9wxDZ_K6zHrEjFtk7FpExmwNv0qzLPVsdb85WvO-lI6hQEyrEWFPMOECjn5SGSBUe7Je-efS4nrWtUk_ZUTz8MdLcS3sBBzw5aryIBTGLjErC7kQ1iINkULADoPAfniM2ctfjPTHvsZr93LzIlrgzcg31Ss-GN_PHfRe71jbt1dqo8tPEaDJ67c5j4F331QGe_166NEnqU3GxMrKlFhwZhWQdGoveiQgwhhICivyC3FLLZP3n-cLulrs6LB4yNDMuh-07zxCPkJA8FU&sig=Cg0ArKJSzAq7qNPfw8SzEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231109.50151&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sun, 26 Nov 2023 22:17:24 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 0D02 41 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108002
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 0D02 3 KB
1 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43241
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 0D02 20 KB
9 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21605
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0D02 42 B
63 B 95ms
54ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DosWXbVti1klkzucteBuSH-GOMqgbuJd77U6-x_0zxmbcUxexGToZ3osd2r1aVnGjMxdkE91rUHM0WrEmcRM-LrsJzIegsoZlfnbnT9YsU9nE6r8s

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0D02 202 KB
64 KB 84ms
35ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Nov 2023 22:17:24 GMT

GET
H2 200 7261931612027400495
s0.2mdn.net/simgad/ Frame 0D02 112 KB
113 KB 85ms
21ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7261931612027400495

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af6f439b4493ea95140ee9297524fe889477890db7a8609fe8d4a00ccb9a3b69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 20 Nov 2023 06:54:06 GMT
x-content-type-options: nosniff
age: 573798
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 114888
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 14:44:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 19 Nov 2024 06:54:06 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 5B14 39 KB
15 KB 53ms
21ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43236
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET view
securepubads.g.doubleclick.net/pcs/ Frame D102 0
0

GET ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame D102 0
0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 26 KB
12 KB 305ms
304ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2159637305221331&correlator=1731052238053460&eid=31079660%2C31079310%2C31079694%2C31079527&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=44890869%3A22720847994%2Cca-pub-3831894559014614-tag%2C3cc840b3-083d-48a5-9a39-279da3eea261&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1024x280%7C750x300%7C750x200%7C930x180%7C970x250&ifi=9&sfv=1-0-40&eri=1&sc=1&cookie=ID%3D3c21191c1f7f910a%3AT%3D1701037043%3ART%3D1701037043%3AS%3DALNI_MamJPJhRH6AUaKXl-Qa1GMB3BmxyA&gpic=UID%3D00000cdccb43adc0%3AT%3D1701037043%3ART%3D1701037043%3AS%3DALNI_MY90X7OA8PLsDyoMid1vtvtiMtAZw&abxe=1&dt=1701037044350&lmt=1701037044&adxs=245&adys=1730&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=9&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.file-upload.in%2F&ref=https%3A%2F%2Fwww.file-upload.org%2F&vis=1&psz=1110x296&msz=1110x296&fws=0&ohw=0&ga_vid=1496652062.1701037044&ga_sid=1701037044&ga_hid=911668722&ga_fc=true&a3p=EloKDWNyd2RjbnRybC5uZXQSQDcxODJiOGNhYTg2ZGY3OWZjMDM2MzM0NGU4MzU0OTQ1YTcwMmQ1NDUzNzc3YjIzNDkzMmMzOGU2YzQyZjcyYzUY7-PV7cAxSAASGwoMMzNhY3Jvc3MuY29tGPLg1e3AMUgAUgIIZBIZCgpwdWJjaWQub3JnGNzh1e3AMUgAUgIIahIYCgl5YWhvby5jb20Yo-LV7cAxSABSAghvEh0KDmVzcC5jcml0ZW8uY29tGPLg1e3AMUgAUgIIZBIXCghydGJob3VzZRjL4dXtwDFIAFICCGoSPgoFb3BlbngSLGV5SnBJam9pUm1wNWJVTk9SbkpSYUN0TWQwUTJkalZrWlc1NFVUMDlJbjA9GOjj1e3AMUgAEhkKCnVpZGFwaS5jb20Y8uDV7cAxSABSAghkEhsKDGlkNS1zeW5jLmNvbRie4tXtwDFIAFICCGo.&dlt=1701037043326&idt=465&prev_scp=ti%3Db0213ff6-e76f-493a-8d30-08c2cb104f80%26chrand%3Dy%26pof%3D0%26bid%3D0.08%26bid-p%3Dgoogle%26bsc%3D94&adks=147677241&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18ffb4f8da527c8e8e63f197c2b06df360ab4e1b02bce32df5337ce9b2e3ee33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12455
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.file-upload.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame E77C 38 KB
13 KB 20ms
20ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 107953
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 16:18:11 GMT
expires: Sun, 24 Nov 2024 16:18:11 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0D02 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5b9283fe4995e6ca3e3cc470f3dd93dcd51848921bf7dd7fdc0c23aa2d0342e

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 23B2 0
0 55ms
55ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202311130101&jk=2159637305221331&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 container.html Show response
2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 77C5 6 KB
3 KB 22ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:23 GMT
expires: Mon, 25 Nov 2024 22:17:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
481 B 31ms
31ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=0.29&b=1&r=file-upload.in_fluid_sq_fluidsquare&sy=022f0434-6c41-47f8-bb82-499f529219bc&ts=94&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.file-upload.in&mlre=www.file-upload.org&mlin=0&mlsi=1024x280&mlbw=4g&mlcs=NaN&mltp=b0213ff6-e76f-493a-8d30-08c2cb104f80&e=lm&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854795
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c580578f11f180-CDG

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame E77C 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43236
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E50E 478 B
238 B 68ms
66ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiv8tz-ATAB&v=APEucNWazZPWpiyA2l6d8tcrg5zxpGcOZygTgCrs03mDrXh4tk-c-j8FE2lOziW_TCs7WuknSzyk84G8XU9xmrrTqzFY64VWCw

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 7261931612027400495
s0.2mdn.net/simgad/ Frame 77C5 112 KB
112 KB 29ms
28ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7261931612027400495

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af6f439b4493ea95140ee9297524fe889477890db7a8609fe8d4a00ccb9a3b69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 20 Nov 2023 06:54:06 GMT
x-content-type-options: nosniff
age: 573798
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 114888
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 14:44:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 19 Nov 2024 06:54:06 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 77C5 23 KB
9 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 15:58:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22717
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 15:58:47 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 77C5 7 KB
3 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 14:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27160
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 14:44:44 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 77C5 0
0 67ms
67ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvJEwXIIiATu8rrhXdbEaYnKDJMBnxpRZxzgmSU85xiW9VrkdkK0nvE6fgo-wbQLFynreu56xULCpI1zB3esS5rSneh7SNpaXA0J5aX3dWEaSMsrfvdCaJdsJ_7aU3MDjB8c0ttL5iDipv7qD8jntzprMrISGyhSlclwDVjQ7OUGwSZfdwSMj2ynqfQwDCVZFHYvfNpkcc7NuvFHuVZX1k--QdFrNRrAOZEyTXLQt2xs1tFulSIUrSpws7igE3VQG3w2m2C79t5M_7rE85iqUmiXKXRYuRieAlNYt2LZPuAW-qDzm8i2DlsfWsj4_g3KEyYsO32FlyDaSqMIMKBN5O8-9fdPcga114kxtwDTAlUuKs8_GbYoGLtlhT9U24MpcBv2C46JSMzKODe5xinUdJjNU9tY8FdKRssqJEuJXxeChl1vcll4Fe2Krv2StlFBlrkNIdK0LP6uF5sD5rtcdmNZRi5sCemsiNV9QTan0C14DF0UIBz_Z5JBxGpX41LTNwLlP5z5HP4UlkvdjE8m_7FX7kOA7vAAJzrHK6w0HStuT04nn57SR6NbInd4ReFRXx-3v8eRWpJrpKZpJm05K0h1tpX7yZB__5E4HXNEVhebRkls67uKJDPcF5JGScmsEmSnZy9osY1WjGVd28ZVTixTS0ZeYJ_q0DoacJpoIB7lD_9uB1Sv2GYRTHw2yxZDY34ZS3nW7IL69axDb6fE2_H-2zH9_4VMxy73ktgjRnbfPK4MlPH_KLfy3e5W3zR4eawQ3Syn-hiGtd2HHzIgZVVH4lIIDtfcYZtmopvULYxTbgEQvgYFWnsiYZBbq_90KWPz-3Gyv12-IlmzyqrXWER7Bm9D0k3isbHesd2inGoN46lXKOsWj7fxugDFSXQidu0iCS3ikK7qxvpTfg1O5LPwwL0neD6GiVa-qeMLO8A3fvwIysFBygnKl0K7qQeB_6kKSbagpfbxYByne11tzlh998H1Fdl2Q4-GElH3_2OebWEM2FXklOkPTvEUwGmEacDSNh8l1-JU0RLQ2U5Mhzjy7PXe6vXoP9Nj1GVwd-sqgVWgVPvNMSEMt12GgWv0gDd6bqYZwVBW7vDPNE7MIgEPxriTHj0YeG3s-vUmiLk0SciuJkAorwdgornLTUhxTopBPXB3ERuG8ily_vkUxAnuYIQ-DXljvDrrEPiZYeTjRbuDY6tkMt4RxwYy-PLKvCVgXklLp7LEvfkZI7T9fdFvImzyQcIOCmsccmU95zKkgr5vbf1fHZ7r-3QFl_7M_VQnTaT9n9n6B0oscc2bxpOB92mAfBxLewzLyjGpzH78MigZSMOcWvjyFtVsRKar8BQ7qqsBftYOkrI6IrM3FwlOpK3M2gIvlInkdtuQ0hdbzO8-uKfM0OIGqBH1uWfa5-GQpkEaalAQQ&sai=AMfl-YTS3AIIhnK8X6yh9fu9dyDDDy8E_mY7maFbMiMWnoph15DPJnjmW6i4zcz1iI1r3NgztPSd93fYgdhMKaC_wIv-EVKyDVTWjKTySn6YQIpQSg1UmLNSWLlbMd6PvvE8X29kcoh_RH8YWEZ6xnQKbSAdxpVkSoQ--n6P3wtRDe8J9AmV1Qu_LYp9d3VWq8h8bkLFRWVQynpEZ5ZVkc8_uzdMOdsmgoFFx923ACLrPXQnwOTxjaDX6Q5bd-ADdlKMh936zs3-3BgNJrWZela97-J_zD6s5jaW1B749sAHLn5YNkaF_fBlFqqvqwztPBRsPC5otHydWerchdXh_dvde5rxS_XBdsRYZFcwUo40eV25qz_2RQCLoHkEdc1cJqvrEzIpxpB_AdtOVOycBgRPAxBqGfH1QG2ay8E0dfUZqny586isMOqpYTbMVSKHunGFTi7FRbPjr3i41w7Rud3gQ7pwm6KFkomljnYDUyNPoQq93vfptV0YNsE&sig=Cg0ArKJSzIQQsBJ8AmyHEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231109.72724&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 77C5 41 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108002
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 77C5 3 KB
1 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43241
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 77C5 20 KB
8 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21605
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 77C5 42 B
63 B 55ms
54ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DTZ5j6pTd4_dj51IYFW_JQeB8yYRvtxPB8Q6il5uGl9rBVjGTzQP8m7cf1zS_03FwUjr5ZYJ8rUH7kaDuHIOgA_HXX5gKW0mVnHYrRYHXuwFaAaWc

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 77C5 202 KB
64 KB 85ms
85ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Nov 2023 22:17:24 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 2304 170 B
232 B 30ms
30ms Image
image/png 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiv8tz-ATAB&v=APEucNXeA8JnZfDFjU0U31DPCtYajwRSrPVUvYxcJsSzEbTWaij9XQ8gPDKpN8poc6L5kEwFxWTN0ejacKj_XCKgw7K7fiWKgg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 2304
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELMH8dyBRkPz6IMgMm8bC8s&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELMH8dyBRkPz6IMgMm8bC8s&google_cver=1&C=1

43 B
341 B

39ms
39ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELMH8dyBRkPz6IMgMm8bC8s&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiv8tz-ATAB&v=APEucNXeA8JnZfDFjU0U31DPCtYajwRSrPVUvYxcJsSzEbTWaij9XQ8gPDKpN8poc6L5kEwFxWTN0ejacKj_XCKgw7K7fiWKgg
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OSWT8omi7QB0uoFI1ivpZQ9iKSAUvoD18Kze50p5EuvAQNw%2FqExo%2BcTXkD1xJV%2BlX3HW%2FxkBx3uUtrh6DEN3Jm8JcFT4vDIe9xyJfHMOgNNuhzWBjBDvMEJxNfWfPJ8rFeZVOi%2F6TCrthA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c580585c2301fc-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=12uSeVWWc%2FtLFRmYyT38eudue5eedsneEuZFdEeErwdEELIaYp500yh%2BLf6U%2FikgJxWb6frCu0F3lpJOFjW3lowU5ZJkcdtOHUqrMikyc262v1OqAAFbD9rxdbMsnNvTODo6KjJD6uDEnw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESELMH8dyBRkPz6IMgMm8bC8s&google_cver=1&C=1
cache-control: no-cache
cf-ray: 82c580581baa01fc-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2304
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPD9KpF53dgncSndS1amwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1

43 B
735 B

36ms
34ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiv8tz-ATAB&v=APEucNXeA8JnZfDFjU0U31DPCtYajwRSrPVUvYxcJsSzEbTWaij9XQ8gPDKpN8poc6L5kEwFxWTN0ejacKj_XCKgw7K7fiWKgg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WDT9V0zSoYwUn%2FeD9BYgrT62L53RXtejsez45GKG7tq8ydA7yfap%2FBieBVIB03unVBmT7xVnfNmbm%2BAYh1%2BNLezaXReA6jN2EAmK0Gu2KH7WBH1S4eN6%2F2oKDVKm82ayyixH11%2BE9I15Hg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c58058de1201e3-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0D02 0
0 58ms
58ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssXKQC9XvKcM3FuM837GtR3WkGm63g1Ph-JnIT-9Xs2qdlhE2FDgWGnfAPlVZ7vZOjyNIMRm3iJBnDwug5wh4t11M1OYmJE1clrpH0YIEUU8ypWXwLQokdECYNyWyE1BWdDs9FLguUk3q0RqpKswdeDkWufI9g9wBtBoFlwI1EwrLMi-IjmOWOH8gIwh2LFf0ZKTnc5wtlnX4NURuH1OiPyMYRpBnj2IexINvXVL0ruvflrWpzQfX-jy_OiRlKybUSFsBeyAEBz_i8wMR7uljNHg6HkwtTO_09yu5TUg5DxMeluVMwvTrzVfk2NZDGfiKi31qEoKPgfPoHNzW47mafaPQDEVb_Wd5InMpLlq92wXFCbJks_UgfW39WzwDPa0QwxtIxmkYzcMoZ76CNHETHbhjvsyT0hf86p_qthdm0aKBGMMaVOrAPEtY1mWTagWOFzRDqgsaNtfy0Kz_vXMephQL1-6qZX3bLlTPFJ9ZpDtpzllBShEjgKT_Pt1YlHO1gXk_PX9KlOiZXGeUaQxFdzIe-GfOuDsj_FwKdtbIalUgf8S4j3pQ1bTeQh7FcauV8EF2RmR9sKKHyRwz2Y_QIkL5Fitz28CT1s6bAUyW4rZohYRMAwqZEn_B1lMde9ASSJP9WkrIkYElkdguFyBxp26Yjbw_dOgoVT6cIghAIvjo3_n8x5Y2KiISeqXlfO-IdV0JUklszYY9T4IF8NE40UfJZqV1OWyenqDTnJNpDKioeLHuQ7NyvcCg3jEDtCWOL96ZaNCwma-_3wJbMq6pLLOW4_HXRs0xBFTW5OKrwtlUNFrvBIOxulgNXXyH_u15L9gBo16_TQtF-r2jt64uPdIDd0ukRFj46RwzBQ5TL_6db5WNGTs2pXQ4cCh_8xXMHRAqlilB9Z9oLNydH0ONh-YF3eB9V9aeUzl8BrYG9zwlosmndn6qCAc_ntfKIAFAutB5c6ZpBI4ZT_ps3bKvfOediIwzvGsnq6pvJlzHmX36Sp_f9byZx0n_ntIf8YsBQCNHL8LIC1r1Dl9O_CWKFTkXC6DTTKWwkOqE82udyBWXq4Z04pDMnLec1PDljjNPkxMkgJbORqfWq4quAQdvKYKLFjde79BGKeBkYI8O-QKOtcqjcW2Uu-6pbFIfK-_5miY7toYO30fbKxdXg-L0RJMSCWkI97xX40q8zYYdvdzGPT44jxLYdVQ0Ez9UCBtkaCCqx_s1mqwtaXN84XRD1DCR2uHY-uVaI7hV_uthCNR7dtuklLCTPo1R6P6KAhCwByxyqavu5Ql60OAuUhv3DuLFynAt9ScyDrfBz-hLdvXPzeLCy4p39bZPQo1tq5m8gQQMwNuQrWgZ86OdbZj0HPE84Q0ydO6N51mEAFJv1KTMnqanlCeyyoBYwYnkKH3qRhFr2zmPYD37GE0F7isRg&sai=AMfl-YSZdtg2FfNIozWNbCUVJcebbuI8aPTlDHjyFLSE-Dr9bTNVaSLntySXTHxNLiljmbZWt292n6Ipp40byCvc31JBUEgLpvdA3iCsN9tWJ6HCZp05BSnA2ajhEFgRFKyCkiGDp-uu1MIuUycDdO2yJT8Tllju7-pTQSkQvWmRosj5wr1yyU1QdgNhDH27Roqlq2qAt92Lrq28Zq9E1ogP0SZkWeUPcdDvpK8QKsWR9wxDZ_K6zHrEjFtk7FpExmwNv0qzLPVsdb85WvO-lI6hQEyrEWFPMOECjn5SGSBUe7Je-efS4nrWtUk_ZUTz8MdLcS3sBBzw5aryIBTGLjErC7kQ1iINkULADoPAfniM2ctfjPTHvsZr93LzIlrgzcg31Ss-GN_PHfRe71jbt1dqo8tPEaDJ67c5j4F331QGe_166NEnqU3GxMrKlFhwZhWQdGoveiQgwhhICivyC3FLLZP3n-cLulrs6LB4yNDMuh-07zxCPkJA8FU&sig=Cg0ArKJSzAq7qNPfw8SzEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=170&vt=11&dtpt=169&dett=2&cstd=0&cisv=r20231109.50151&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 77C5 0
0 59ms
58ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvJEwXIIiATu8rrhXdbEaYnKDJMBnxpRZxzgmSU85xiW9VrkdkK0nvE6fgo-wbQLFynreu56xULCpI1zB3esS5rSneh7SNpaXA0J5aX3dWEaSMsrfvdCaJdsJ_7aU3MDjB8c0ttL5iDipv7qD8jntzprMrISGyhSlclwDVjQ7OUGwSZfdwSMj2ynqfQwDCVZFHYvfNpkcc7NuvFHuVZX1k--QdFrNRrAOZEyTXLQt2xs1tFulSIUrSpws7igE3VQG3w2m2C79t5M_7rE85iqUmiXKXRYuRieAlNYt2LZPuAW-qDzm8i2DlsfWsj4_g3KEyYsO32FlyDaSqMIMKBN5O8-9fdPcga114kxtwDTAlUuKs8_GbYoGLtlhT9U24MpcBv2C46JSMzKODe5xinUdJjNU9tY8FdKRssqJEuJXxeChl1vcll4Fe2Krv2StlFBlrkNIdK0LP6uF5sD5rtcdmNZRi5sCemsiNV9QTan0C14DF0UIBz_Z5JBxGpX41LTNwLlP5z5HP4UlkvdjE8m_7FX7kOA7vAAJzrHK6w0HStuT04nn57SR6NbInd4ReFRXx-3v8eRWpJrpKZpJm05K0h1tpX7yZB__5E4HXNEVhebRkls67uKJDPcF5JGScmsEmSnZy9osY1WjGVd28ZVTixTS0ZeYJ_q0DoacJpoIB7lD_9uB1Sv2GYRTHw2yxZDY34ZS3nW7IL69axDb6fE2_H-2zH9_4VMxy73ktgjRnbfPK4MlPH_KLfy3e5W3zR4eawQ3Syn-hiGtd2HHzIgZVVH4lIIDtfcYZtmopvULYxTbgEQvgYFWnsiYZBbq_90KWPz-3Gyv12-IlmzyqrXWER7Bm9D0k3isbHesd2inGoN46lXKOsWj7fxugDFSXQidu0iCS3ikK7qxvpTfg1O5LPwwL0neD6GiVa-qeMLO8A3fvwIysFBygnKl0K7qQeB_6kKSbagpfbxYByne11tzlh998H1Fdl2Q4-GElH3_2OebWEM2FXklOkPTvEUwGmEacDSNh8l1-JU0RLQ2U5Mhzjy7PXe6vXoP9Nj1GVwd-sqgVWgVPvNMSEMt12GgWv0gDd6bqYZwVBW7vDPNE7MIgEPxriTHj0YeG3s-vUmiLk0SciuJkAorwdgornLTUhxTopBPXB3ERuG8ily_vkUxAnuYIQ-DXljvDrrEPiZYeTjRbuDY6tkMt4RxwYy-PLKvCVgXklLp7LEvfkZI7T9fdFvImzyQcIOCmsccmU95zKkgr5vbf1fHZ7r-3QFl_7M_VQnTaT9n9n6B0oscc2bxpOB92mAfBxLewzLyjGpzH78MigZSMOcWvjyFtVsRKar8BQ7qqsBftYOkrI6IrM3FwlOpK3M2gIvlInkdtuQ0hdbzO8-uKfM0OIGqBH1uWfa5-GQpkEaalAQQ&sai=AMfl-YTS3AIIhnK8X6yh9fu9dyDDDy8E_mY7maFbMiMWnoph15DPJnjmW6i4zcz1iI1r3NgztPSd93fYgdhMKaC_wIv-EVKyDVTWjKTySn6YQIpQSg1UmLNSWLlbMd6PvvE8X29kcoh_RH8YWEZ6xnQKbSAdxpVkSoQ--n6P3wtRDe8J9AmV1Qu_LYp9d3VWq8h8bkLFRWVQynpEZ5ZVkc8_uzdMOdsmgoFFx923ACLrPXQnwOTxjaDX6Q5bd-ADdlKMh936zs3-3BgNJrWZela97-J_zD6s5jaW1B749sAHLn5YNkaF_fBlFqqvqwztPBRsPC5otHydWerchdXh_dvde5rxS_XBdsRYZFcwUo40eV25qz_2RQCLoHkEdc1cJqvrEzIpxpB_AdtOVOycBgRPAxBqGfH1QG2ay8E0dfUZqny586isMOqpYTbMVSKHunGFTi7FRbPjr3i41w7Rud3gQ7pwm6KFkomljnYDUyNPoQq93vfptV0YNsE&sig=Cg0ArKJSzIQQsBJ8AmyHEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=63&vt=11&dtpt=62&dett=2&cstd=0&cisv=r20231109.72724&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 container.html Show response
2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DB0D 6 KB
3 KB 23ms
22ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:23 GMT
expires: Mon, 25 Nov 2024 22:17:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
483 B 58ms
58ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=0.1&b=2&r=file-upload.in_fluid_all_fluidallshapes&sy=022f0434-6c41-47f8-bb82-499f529219bc&ts=94&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.file-upload.in&mlre=www.file-upload.org&mlin=0&mlsi=1024x600&mlbw=4g&mlcs=NaN&mltp=b0213ff6-e76f-493a-8d30-08c2cb104f80&e=lm&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854795
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c580585fecf180-CDG

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame E50E 170 B
188 B 32ms
31ms Image
image/png 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiv8tz-ATAB&v=APEucNWazZPWpiyA2l6d8tcrg5zxpGcOZygTgCrs03mDrXh4tk-c-j8FE2lOziW_TCs7WuknSzyk84G8XU9xmrrTqzFY64VWCw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame E50E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1

43 B
768 B

35ms
35ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiv8tz-ATAB&v=APEucNWazZPWpiyA2l6d8tcrg5zxpGcOZygTgCrs03mDrXh4tk-c-j8FE2lOziW_TCs7WuknSzyk84G8XU9xmrrTqzFY64VWCw
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mPVDLJ9qqp2syFW5sC7OitTrt1UHAASH7cHzjg0cUefAuHCzgk3%2FXYpFHDmQJ2uvbtmIleAZ6FRyTdKJEC9Bfin08Tu46Dp8SYKuLfZghKSYXjwJIQoaUmBzIGfqLIKu%2FnWxS7eTjVeFmA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c580586d8801e3-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame E50E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPD9ETev8Uj7gTlATAFZwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1

43 B
733 B

36ms
36ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiv8tz-ATAB&v=APEucNWazZPWpiyA2l6d8tcrg5zxpGcOZygTgCrs03mDrXh4tk-c-j8FE2lOziW_TCs7WuknSzyk84G8XU9xmrrTqzFY64VWCw
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0xSl%2BMftVTwuOkD59wapXRSfBXWVqQNi9Bkp27MWcic1uB2D%2BH6o0cqOZVfwSH50SaxBWglwaU4D7AJkaZAvPBVG7dBm6YdKrpEAvtCK8xb7Xhc6x84mZFiF9iW6YQNYp%2FCaL9pxIwAlQg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c580590e6601e3-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5B14 0
10 B 20ms
20ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?jLXZDQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 9E2F 38 KB
13 KB 21ms
21ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 107953
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 16:18:11 GMT
expires: Sun, 24 Nov 2024 16:18:11 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 77C5 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d20bc2981cfbe01518dd798a69612d60b92b407a47491172e803b734338f671

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D717 478 B
198 B 62ms
62ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRi7-tz-ATAB&v=APEucNW3rG3gapAYkOjWWXd4Knkjxw-aWC6fsOsB75_z3h35BykAD0A65txNYNPsohxynQ81cd12TsQr-Z10Hhznx9kXrujcbg

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:24 GMT
expires: Sun, 26 Nov 2023 22:17:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame DB0D 23 KB
9 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 15:58:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22717
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 15:58:47 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame DB0D 7 KB
3 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 14:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27160
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 14:44:44 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame DB0D 0
0 71ms
69ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssMDS7BnBIu97LnP33dbjoZeeTfknPkYiU7QqAbRuPt2NAPWBH02OgM4Beb1GMY9B1HcQO8LMw_HxMA4qtRg5LOw39PFl-wFuO6iViUNc0pY6qj8G3lukpKQrREeaprQZRGLawGb_uNCW1bteUhnFde2tzGBGXcvYZ1F_-w_C8KxEvTvFwfhjpXgHdxvKCjZQbcZOMqYF05gKhUCbhT3zMvZPdWp86hwW5LSiwTeLcshSBuJpwwKwNunLxXtg8hH7v3y8yQHBUuDuhSI6q_E75D2Sc9-DFjV-uGfd5QE2W-qXNYy9zmX39F3Yf9FeLYkl9gGlG0_-g95h-T19MlHxj1PfBkFV01Nga13Hh7SghgYP4QdcEtyCGfDlW8gl3ltxOsbRysvTAJ66ycuzOfpDQrdewEvOgBhTTvKlkYpJcnC7pF1v5miuKXoWmDrM30BK0XNfzu70mBLoGcKWNRAUNadlnXHu0ocqsh3IuyydEts3TAKLfKMdW-Var3ZT81mI9t2QW7kSwsUcsWn1bKjo2D-YGv49GrGkmskiDJQjeiZQgnWkBR714ierNDsExfxf3twaIsKrrQFLh692EgeFZ2hVTSfzsH5RH8TAp320ESNZanUKNuj0W1wH1ONbCYledbSkdsFELmdeSf-NmYXwERHLDppCBJk8Rnp24Vdjap2MLkGckoucaTyihxdX5UEu-URRc9kdVGMN1H_bIWomFdZOnqSfHJUrDJZU6NOPZyxGC4A7AjP-BkwWcKwOqyP-0dVMxLjw-b8OB_gydxnRNkoF5wjef3l9CCkG3PE00VlnXo9CV541NPTRbvZEtTwoLLC9ZKRn3lOB5ykjtQLOFBQ5mW4A7hJfSyI298oW23IqReIGDT4m8O7Qfkee0qjb0bMrSW1oa93KOaeUTmsbHS3D2XmwtzprRgInhb4fbqu28brKjYwS4_O6vpKn8z8hqGvFg1ljJNRx4lrXTjayE2cnZDS69NJl0uPw7pB1ASTkrT9oRnWZx4d-MRJIDjpF8Mr8Sd3S9idhOJZy0If1506n2Vf_QkGNRV_TdRtlEVhjJGqflcFQSx1GoIBh19eRyAlao6u6t2Dtgry1fD3o5giJeAfRaBuAwecrV-EuqhQ18JJUC3UvYiMQYkUWDBuXkSC_jmJtJKBgHpuL2uw-UFhgcRBZmcEJSbJMz8BB5K1yJkS_VbnMUP5mNO4SYUXJN1mbhv5--smc-AQLdA2WZx73vYZ64tqfqlwVHXTwQVHoDvhKOmjyqQ7in8DPJGNOyKraD5XSaiYkAumIwVjS_UXzdUHlMnMUKQmyn2Fi38V_D3E4C4iZne1IbClLDAn_8pbRJben_BiP-lgBdDKNAjLNPJEquyQe_Vv3H3WH0nzNAI3UUqqpQN1bUCFtu9b6Il-92kQg8&sai=AMfl-YT4b4p1xOpXmc5DJ1M6173LXdDKOUkSAFKoQAUNRXk11N6UJtAfAyB4abGFNrGkdygly2oQrFkvOEM78Sr8dtmlzE2SvA8ChTXojYJFzwylasaA_fAORxn_YHVM-if-Pe5VS_qFd-PbSBm40XWAVBTl3dYVjqDvVcFsw5im3HODV_ysxS3AX8YzRg9C86BU1dcNlmZyHxFSXWoeneEy0LJdru3DEp2EkqUxXbfEjmTxRP617xEYi0rOd7foDakR1iyOfJP9sG4zAjAzEjt1IhVV7uq8oKNmjDXNEgobk4jmubFd8GwGtJw9FCO38fQX_7n6ShZBsPjwzC3m5WoXyTwps7PVsW_pyfSaV7Mnt1Q_cPKe4bY4Jp44o66P8xGFhzj3EEU-Ljd_bsg0baxZ5HUHR6jwqKtyOkR9rRNwotDePESF24fuMNfbDWKBhUg4RPeH-RwHB61_bpxh9NdWXVkj9XiM-7zPxGTMqt6Na_4vXRyR_w8djk4&sig=Cg0ArKJSzCEZyGOkMcZyEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20231109.89346&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame DB0D 41 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108002
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame DB0D 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43241
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame DB0D 20 KB
8 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21605
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame DB0D 42 B
63 B 57ms
56ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AhG5jiiI3nrZ_3IQDmHA8jBfDTIgV66Lwxhc5srzr5atMSUQLVjwFcEloVRiY88pM9BlhYHSd6Jd40Ff5Kv4Z6mdIMiwfpWG6nj63xNC6-te5k9Zk

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame DB0D 202 KB
64 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Nov 2023 22:17:24 GMT

GET
H3 200 16443024057201933705
s0.2mdn.net/simgad/ Frame DB0D 90 KB
90 KB 23ms
22ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/16443024057201933705

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0b70a0f342b8f3eb5ba7787ecc51ff651e3b70114d07c96bb77270956a7a470

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 20 Nov 2023 07:59:41 GMT
x-content-type-options: nosniff
age: 569863
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92365
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 14:44:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 19 Nov 2024 07:59:41 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 9E2F 39 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43236
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 06B1 38 KB
13 KB 22ms
21ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 107953
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 16:18:11 GMT
expires: Sun, 24 Nov 2024 16:18:11 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame DB0D 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 795208ac6fba539ef1e50ad17ef822be89d2a043186493b3b3ed91f22bb15c41

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E77C 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BaI-d88NjZcPYONGg9u8P8e63gAQAAAAAOAHgBAI&bg=!iIuli8TNAAZxrfrxUa07ADQBe5WfODU_Np1iFjW5S0wKDMPo6LTTKvKCdTNAaeq2CP9Br19E5K4vtdqy-v2-Y0dHXEZDAgAAAI5SAAAAAWgBBwoAhjdU4MBdd0CwGQMhrlRaE4-Kk_pOB62t0YV3JohJavYtuh6Mx35RG0YbWzJZVELLnjQmWw29ze9sK16xq1F6M-rWCmCy3A0MqqSyTl5VdwS3M7iVlq7aGlSts1PlsU65bzhYJb1VoLvLeYTCKlUd5qi7CO-lGdF-gwYGgXV-KsBwjWJN6VOJmQMG8435QvIAnF-qFktEHZGnCFBl7OSYY_T0HjLt8lD-gVO5WrpwHLO86wJHtGgGPfsLIyqhwJZIB62-qylJWUuFcjiHYLXx3Hux81qot77_WY3HbkWuTZ0qVeO0RDX6wy0PsAFlb53ofoh38XDMn6xtfumK9c1awZFCnQuCGnf7N36LcjiT8-PKUTC3oLpCMQbaZa3y1iZFvKTou1ef_90NFL6XXOWe9c93RAM22nVk0uQObm-tsBRaOxyd9-4j9E5f2g5X_nkBcv4OLpfyvPV5aEgq3d2PVszGrUDKCBDB1yxyZyS31JohpgBfIrjyGqbCjQKkSORUIM5AVvVffg1Y6a1VdEobpgRQ8yZLZitQccdUBRYJrATcUShTzJ9QSOwrg6ooTnmXnrg_irROBOLC9MDfyC-qOk8K_EX4SnZ_yFKb_Vwv3ivNSwOqtR6C8Ojgho5RPlLp1OdE6RBcNUXzqVj7AEtveWfgfX0q22boq_GnQVRxEL06IRDwHOwAKNX6nYSEQXEMkt1-9KNx2HM9qcBl36seX42uLAEb3DFil14mSpxGgNTMePil20IahKjHi6Y2PhQVAtfjpAydPYEAucVMNMpL_rRSRWJGOUZf07NnL65KHF748FS0wqMAd1Gmh9DoVkvSGvK8a3H03fawsthT9Qn9Rt2tf0JFQjjWYnd6GyLIuPtO3VW2QyI-RdWhG9mGzL3YDR3wF9l3_vyyfha551TPdWfOpCSF2hr1KjLj895Rz2sYiSU2WDTAyVhaX0YPU3tv45R8X7zqHv2NWALSyoghBMpYNxWJoW5_8GHXLZUCexK_OgvTOeXhijJDkLpBIJQ5rx0bl6enXqQKwuGNxMbzNwuNaEo1G7LUgSPYN5wp7dT-IIJ7SyPOgz606GPGVzNrqNgGvIejghXq9LvmXQx_U4lhtM2636ZC7fvvhy-AqWnvUIdtJDEnua9s9YHyUP2510o9ajwmCH7_RTMa9bjYjWCSYwKiS56unRhIScFtv4TCj83a254m7n2Na63MH3ai

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame DB0D 0
0 61ms
58ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssMDS7BnBIu97LnP33dbjoZeeTfknPkYiU7QqAbRuPt2NAPWBH02OgM4Beb1GMY9B1HcQO8LMw_HxMA4qtRg5LOw39PFl-wFuO6iViUNc0pY6qj8G3lukpKQrREeaprQZRGLawGb_uNCW1bteUhnFde2tzGBGXcvYZ1F_-w_C8KxEvTvFwfhjpXgHdxvKCjZQbcZOMqYF05gKhUCbhT3zMvZPdWp86hwW5LSiwTeLcshSBuJpwwKwNunLxXtg8hH7v3y8yQHBUuDuhSI6q_E75D2Sc9-DFjV-uGfd5QE2W-qXNYy9zmX39F3Yf9FeLYkl9gGlG0_-g95h-T19MlHxj1PfBkFV01Nga13Hh7SghgYP4QdcEtyCGfDlW8gl3ltxOsbRysvTAJ66ycuzOfpDQrdewEvOgBhTTvKlkYpJcnC7pF1v5miuKXoWmDrM30BK0XNfzu70mBLoGcKWNRAUNadlnXHu0ocqsh3IuyydEts3TAKLfKMdW-Var3ZT81mI9t2QW7kSwsUcsWn1bKjo2D-YGv49GrGkmskiDJQjeiZQgnWkBR714ierNDsExfxf3twaIsKrrQFLh692EgeFZ2hVTSfzsH5RH8TAp320ESNZanUKNuj0W1wH1ONbCYledbSkdsFELmdeSf-NmYXwERHLDppCBJk8Rnp24Vdjap2MLkGckoucaTyihxdX5UEu-URRc9kdVGMN1H_bIWomFdZOnqSfHJUrDJZU6NOPZyxGC4A7AjP-BkwWcKwOqyP-0dVMxLjw-b8OB_gydxnRNkoF5wjef3l9CCkG3PE00VlnXo9CV541NPTRbvZEtTwoLLC9ZKRn3lOB5ykjtQLOFBQ5mW4A7hJfSyI298oW23IqReIGDT4m8O7Qfkee0qjb0bMrSW1oa93KOaeUTmsbHS3D2XmwtzprRgInhb4fbqu28brKjYwS4_O6vpKn8z8hqGvFg1ljJNRx4lrXTjayE2cnZDS69NJl0uPw7pB1ASTkrT9oRnWZx4d-MRJIDjpF8Mr8Sd3S9idhOJZy0If1506n2Vf_QkGNRV_TdRtlEVhjJGqflcFQSx1GoIBh19eRyAlao6u6t2Dtgry1fD3o5giJeAfRaBuAwecrV-EuqhQ18JJUC3UvYiMQYkUWDBuXkSC_jmJtJKBgHpuL2uw-UFhgcRBZmcEJSbJMz8BB5K1yJkS_VbnMUP5mNO4SYUXJN1mbhv5--smc-AQLdA2WZx73vYZ64tqfqlwVHXTwQVHoDvhKOmjyqQ7in8DPJGNOyKraD5XSaiYkAumIwVjS_UXzdUHlMnMUKQmyn2Fi38V_D3E4C4iZne1IbClLDAn_8pbRJben_BiP-lgBdDKNAjLNPJEquyQe_Vv3H3WH0nzNAI3UUqqpQN1bUCFtu9b6Il-92kQg8&sai=AMfl-YT4b4p1xOpXmc5DJ1M6173LXdDKOUkSAFKoQAUNRXk11N6UJtAfAyB4abGFNrGkdygly2oQrFkvOEM78Sr8dtmlzE2SvA8ChTXojYJFzwylasaA_fAORxn_YHVM-if-Pe5VS_qFd-PbSBm40XWAVBTl3dYVjqDvVcFsw5im3HODV_ysxS3AX8YzRg9C86BU1dcNlmZyHxFSXWoeneEy0LJdru3DEp2EkqUxXbfEjmTxRP617xEYi0rOd7foDakR1iyOfJP9sG4zAjAzEjt1IhVV7uq8oKNmjDXNEgobk4jmubFd8GwGtJw9FCO38fQX_7n6ShZBsPjwzC3m5WoXyTwps7PVsW_pyfSaV7Mnt1Q_cPKe4bY4Jp44o66P8xGFhzj3EEU-Ljd_bsg0baxZ5HUHR6jwqKtyOkR9rRNwotDePESF24fuMNfbDWKBhUg4RPeH-RwHB61_bpxh9NdWXVkj9XiM-7zPxGTMqt6Na_4vXRyR_w8djk4&sig=Cg0ArKJSzCEZyGOkMcZyEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=57&vt=11&dtpt=57&dett=2&cstd=0&cisv=r20231109.89346&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame D717 170 B
188 B 33ms
30ms Image
image/png 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRi7-tz-ATAB&v=APEucNW3rG3gapAYkOjWWXd4Knkjxw-aWC6fsOsB75_z3h35BykAD0A65txNYNPsohxynQ81cd12TsQr-Z10Hhznx9kXrujcbg

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame D717
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1

43 B
733 B

37ms
37ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRi7-tz-ATAB&v=APEucNW3rG3gapAYkOjWWXd4Knkjxw-aWC6fsOsB75_z3h35BykAD0A65txNYNPsohxynQ81cd12TsQr-Z10Hhznx9kXrujcbg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bjYVepeBvpnJWxDdEIC4yWOQZ2jNNrvC5TVF5z%2BkAVHnaikxbqxKHkEgDeRFFpzr6qf9J8QG6hanorHFcbuxtv0jsaai910M9BjTOHikT3%2FpeVML4aXl73H9THO%2FlvyMMoeBJXHQgT0Vyg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c580590e6501e3-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame D717
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPD9DRlFH6LfiPoDuCalwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1

43 B
742 B

34ms
34ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRi7-tz-ATAB&v=APEucNW3rG3gapAYkOjWWXd4Knkjxw-aWC6fsOsB75_z3h35BykAD0A65txNYNPsohxynQ81cd12TsQr-Z10Hhznx9kXrujcbg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qk95sU%2BrCjhRL%2Bwgn3b77iB%2FbSeZbLYkGrTMScYyYtrEWRBBCEZx%2Fe8cLyT305GvDXPviPVbU8zZYW%2FXB3DxPjzY5n%2F3VGrcv6Mas7T1%2BIGPHojABCpXoQ3P8%2B2wkxwYFf3IKrofGuBHFw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c580594ec601e3-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKLauyhIStn_gdEc6vMRQk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 06B1 39 KB
15 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43236
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H3 200 container.html Show response
2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0402 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:23 GMT
expires: Mon, 25 Nov 2024 22:17:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
479 B 31ms
31ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=file-upload.in_fluid_sq_fluidsquare&pn=1&sn=2&pc=0.4551178336143493&ds=true&e=wdp&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854795
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c5805948c5f180-CDG

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
481 B 31ms
31ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=0.08&b=2&r=file-upload.in_fluid_sq_fluidsquare&sy=022f0434-6c41-47f8-bb82-499f529219bc&ts=94&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.file-upload.in&mlre=www.file-upload.org&mlin=0&mlsi=1024x280&mlbw=4g&mlcs=NaN&mltp=b0213ff6-e76f-493a-8d30-08c2cb104f80&e=lm&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854795
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c5805948c6f180-CDG

GET
H3 200 container.html Show response
2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 67E2 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:23 GMT
expires: Mon, 25 Nov 2024 22:17:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
479 B 30ms
30ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=0.12&b=2&r=file-upload.in_auto_728x90_sticky_display_bottom&sy=022f0434-6c41-47f8-bb82-499f529219bc&ts=94&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.file-upload.in&mlre=www.file-upload.org&mlin=0&mlsi=728x90&mlbw=4g&mlcs=NaN&mltp=b0213ff6-e76f-493a-8d30-08c2cb104f80&e=lm&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854795
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c5805958dbf180-CDG

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 36BA 478 B
195 B 63ms
62ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CICSjpAFEL_Xk7MFGJ2mn_oBMAE&v=APEucNU6Xl9y2EALA-NuBm-T3jZQFf-SZGyu06ln0FQVwV_lD_HSD30013LY9CBNA7JUW0QFeY8YZkNd7Socu-sCtV5S8Xqw5w

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0402 92 KB
32 KB 85ms
83ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f40994eab15b92af5183f9acf338e0354771054c65024e0aa679b6506f9eb87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32789
x-xss-protection: 0
server: cafe
etag: 17194431578830737671
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 22:17:24 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0402 42 B
63 B 57ms
55ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BfXf_NBcIFO6mzRDc3s_MYLvJBGcbuyR44eQasnvpUPL0z4YLgwFeYrIsoDRpyrLirYTbUM_u60CDDBqXQiiSU5E-7Mu8HdvnS4fQjsAPKJoht0Os

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0402 0
20 B 58ms
56ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10255656881810229070&x=1&ct=76

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 0402 3 KB
1 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43241
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 0402 20 KB
8 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21605
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0402 0
0 30ms
28ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT8oliHpUu5fkyxBimwYk-KIPdqOJcgDi7a4DJCZTLxOOx8frJ3DIUVXO32O9X3IrgAzENFdRk6hhe0vRd92g1wp_4xXw
Requested by: Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0402 202 KB
64 KB 77ms
76ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Nov 2023 22:17:24 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E52F 611 B
263 B 61ms
61ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGLHmtPEBMAE&v=APEucNWWk-XbN25TiNsJap2Oc4gEY9I8taiDIU7zQAhsaFu_PUmb6KIQNO5qmk0LHmPig9zCefzXt0KLjkslC82wcr3aBOGSmw

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 243
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 67E2 172 KB
60 KB 64ms
20ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Origin: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 16:17:22 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 67E2 7 KB
3 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 14:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27160
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 14:44:44 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 67E2 23 KB
9 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 15:58:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22717
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 15:58:47 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 67E2 41 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108002
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 67E2 3 KB
1 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43241
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8007 1 KB
643 B 25ms
23ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 46329
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 09:25:15 GMT
etag: 48472445140208031
expires: Mon, 27 Nov 2023 09:25:15 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 67E2 20 KB
8 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21605
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 67E2 42 B
63 B 56ms
54ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BSlWAszRUAstJkH3JWXZr_VMfEDFG-TLvCVWCRFhAOR4HGNGpWomKsqddnE2_qdrxBnN8BNVC73_otlppPc1IhJ5FwNB5Ka3WEV-HtDx4A3u4eTqw

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 67E2 0
0 32ms
29ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSSQsDVzttHN_QDjCv-fGeCvWgWDtkeRY2Nd1PMeGetvhjrcgwYQTb1A3FZ0eYO3QfxfZsaqHRv8-QTN3H0T0nClLAkLA
Requested by: Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 67E2 202 KB
64 KB 91ms
88ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Nov 2023 22:17:24 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E2F 0
20 B 59ms
59ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BcqQt9MNjZY-vA92S7_UP9e25wAMAAAAAOAHgBAI&bg=!kZKlkt3NAAZxrfrxUa07ADQBe5WfOMEXgYmxnJaAiuAHy9ujrQmXc6e5rGUZuTV7xKn7kxZ-b3b1rY3CpyVoxghVxw48AgAAAHZSAAAAAmgBB5kDA6uFTJ5beCTHlqO5PiMBYQWn9qqMDzLJ-gewrVzY_lB_f_Jspdzk7N4dF3WHnMFYcxBsrcHehEX4d0hft0rKeArIfSuooabxBtupP_D33vWjtdzllvAcSJbXHzZnCUhDUdB0lNkB6AWeJ1YqpcTRj1h-xVdB1goxmulCEzIsdzrItm6aMCxeAV8ynVwI_uzWMBRgjLh0PLRSPRWEAd3f-DR05WWI6GLK3iL8nSJK1iXmc0gUaTzJJz8dYfbA3waewFZUrM5uPa8xwfMGz7lYSnIe7ZD25sbhdJ6JpNepDrVQuyyiQwlCVZMrahWkE0M7ANf8ipFYd0F3Z2eaDacvo6BATU6P9Qzf3R4MkefA-TGu4PiQSjSisAI277y1QODflk-ym88pcKTYGbxWLWpQKp_TWvLvPXqzkotRXZHNibf3D4toXZjymbqIFP6LobQ6hn0ZwrWyzAAKK0DvBSwbVL6chgiFSmrEhOklZmRFhiB_rlmzrji9nlz_tRbOwo6LqQPZbTaV3HlSUtshdlc9czQPCqMvBFvcIVsLWHA7M3EeQT0rbS6grqNGjKZ2wrlcxRALBD2-4gbSSIl9TPY7otKJCrua_n6uHnx4lFY48QHv5F1j52DhZ5gWQ-UUXW9LuCZAdSQkkhaxvamorHHOdNxrtfUce2-Tn9ItUbRvPU4sG8ZrtZ0yldhUKvdulUu5oqJfuZYyyB41MyvyboYhx93SK3SG8ky7Q3LhjHs61QONam4c0pjmxV6dsduMtYVuY2ItxWFaZJ-L4bvH91Yc3adjhbeQBHE3utIr5Uaj8ONME0YUYO_QVNhFEWxc9xoKQwV4A6PRrwCJiKTqvaLthiOXDAMp8krPMVUlVc7Y-QEDyMIk6Skp1JHHgdgKhzyIRp95Oz6csqcG8vXAgKdGdlLIsmvIBu9DIzaumjUI2xa4ogwiuSb6r81Xh5SgvFwKIvNNIjqDumNdDRU5F3Vg1BmyUEkNq4tjibtc3ua7Cikz6AY0VvBwjOGNC7JPis-f9ROuLA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F637 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.file-upload.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:23 GMT
expires: Mon, 25 Nov 2024 22:17:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
480 B 30ms
30ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=1.5&b=2&r=file-upload.in_auto_interstitial_desktop&sy=022f0434-6c41-47f8-bb82-499f529219bc&ts=94&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=www.file-upload.in&mlre=www.file-upload.org&mlin=1&mlsi=undefinedxundefined&mlbw=4g&mlcs=NaN&mltp=b0213ff6-e76f-493a-8d30-08c2cb104f80&e=lm&dsReferer=ZmlsZS11cGxvYWQuaW4v

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.21.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01HEQ2314B95TB4R9WBQ00WDV2
date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 854795
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "4de2110991f3807e8b4a19c48c14f2d1-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 82c58059f968f180-CDG

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 8007 70 B
148 B 44ms
42ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEGdCFksEW3_TY7hgtJSORZc&google_cver=1&google_push=AXcoOmSAH633kjul6ET5_EWnxbJaCVXuHnMO-oNVMoci87SZUDO-S636wbpf6DalAtQf2tUp54nbiyiCDEfLVwE8TuY5oarxbvk
Requested by: Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8007
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEAXTauXLwsdV1gnTuvAW0bI&google_cver=1&google_push=AXcoOmRM74eqgiQ07QU6XKvcaTHICAlgziU9_RK6uWgruV5I3Gi_ej2jLhYzhV-Vy88l5iS8sodAzPue...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzEzNTA3MjU3MjIyMDUyMTQyMQ&google_push=AXcoOmRM74eqgiQ07QU6XKvcaTHICAlgziU9_RK6uWgruV5I3Gi_ej2jLhYzhV-Vy88l5iS8sodAzP...

170 B
188 B

31ms
31ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzEzNTA3MjU3MjIyMDUyMTQyMQ&google_push=AXcoOmRM74eqgiQ07QU6XKvcaTHICAlgziU9_RK6uWgruV5I3Gi_ej2jLhYzhV-Vy88l5iS8sodAzPueFpXbhYe5SZfDYrZut-k

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzEzNTA3MjU3MjIyMDUyMTQyMQ&google_push=AXcoOmRM74eqgiQ07QU6XKvcaTHICAlgziU9_RK6uWgruV5I3Gi_ej2jLhYzhV-Vy88l5iS8sodAzPueFpXbhYe5SZfDYrZut-k
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8007
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEIyEM6ZYftsfQuQDjp_yOao&google_cver=1&google_push=AXcoOmSN0OGPnyz6O21dLetX-uhTACCNakiVNye4IFly72SzRwZshhJavp5wgT-KdTzTZWMsvphcKCk_kmu1-cTiNZ_x5iZxwMk
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmSN0OGPnyz6O21dLetX-uhTACCNakiVNye4IFly72SzRwZshhJavp5wgT-KdTzTZWMsvphcKCk_kmu1-cTiNZ_x5iZxwMk&google_hm=GsYTbdFqxMY3YrrwUumugg==

170 B
188 B

31ms
31ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmSN0OGPnyz6O21dLetX-uhTACCNakiVNye4IFly72SzRwZshhJavp5wgT-KdTzTZWMsvphcKCk_kmu1-cTiNZ_x5iZxwMk&google_hm=GsYTbdFqxMY3YrrwUumugg==

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmSN0OGPnyz6O21dLetX-uhTACCNakiVNye4IFly72SzRwZshhJavp5wgT-KdTzTZWMsvphcKCk_kmu1-cTiNZ_x5iZxwMk&google_hm=GsYTbdFqxMY3YrrwUumugg==
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 228

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8007
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPMQeRLUKPoggYNJFuBsP0g&google_cver=1&google_push=AXcoOmQEaF51WFMKe4uRUoSEkSYhSlPvLm7XYce7hiravwvcnd6LeWgUKGkb0Khv2Al-Y90Axwh...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBHMUpDMFItRS1INktU&google_push=AXcoOmQEaF51WFMKe4uRUoSEkSYhSlPvLm7XYce7hiravwvcnd6LeWgUKGkb0Khv2Al-Y90Axwh7mXRqtNuGdxHBQXpyw8RKuok

170 B
188 B

31ms
31ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBHMUpDMFItRS1INktU&google_push=AXcoOmQEaF51WFMKe4uRUoSEkSYhSlPvLm7XYce7hiravwvcnd6LeWgUKGkb0Khv2Al-Y90Axwh7mXRqtNuGdxHBQXpyw8RKuok

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBHMUpDMFItRS1INktU&google_push=AXcoOmQEaF51WFMKe4uRUoSEkSYhSlPvLm7XYce7hiravwvcnd6LeWgUKGkb0Khv2Al-Y90Axwh7mXRqtNuGdxHBQXpyw8RKuok
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8007
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAXcoOmT7r-sDqSzBwP5bHug6iPX_rEEH-lu8oa2TyMJ0180sBC1J1ouTe8x7p-qsFHHAg6cfctzhqudb3q...
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmT7r-sDqSzBwP5bHug6iPX_rEEH-lu8oa2TyMJ0180sBC1J1ouTe8x7p-qsFHHAg6cfctzhqudb3q-2alOujLEVKNJgJw&google_hm=5477c103-d59d-4289-b31e...

170 B
188 B

32ms
31ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmT7r-sDqSzBwP5bHug6iPX_rEEH-lu8oa2TyMJ0180sBC1J1ouTe8x7p-qsFHHAg6cfctzhqudb3q-2alOujLEVKNJgJw&google_hm=5477c103-d59d-4289-b31e-887a91b84a7a

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: sonobi-go
vary: negotiate,Accept-Encoding
x-go-server: go-iad-2-6-188
content-type: text/plain; charset=utf8
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmT7r-sDqSzBwP5bHug6iPX_rEEH-lu8oa2TyMJ0180sBC1J1ouTe8x7p-qsFHHAg6cfctzhqudb3q-2alOujLEVKNJgJw&google_hm=5477c103-d59d-4289-b31e-887a91b84a7a
cache-control: no-cache, no-store, private
tcn: Choice
content-length: 0
x-xss-protection: 0
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

0.gif
id5-sync.com/i/495/ Frame 8007
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEL24AMVqQjq3-HgihWgFtzU&google_cver=1&google_push=AXcoOmQuxGdkPhV-Oo90ICe5_TAhf4OY7678dPiC3ipJq_NpZjx8g6uN8BWIQnx6B8sC_6LJoUGA6u3sNtqr6i5MMlFbg6nlTNY
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmQuxGdkPhV-Oo90ICe5_TAhf4OY7678dPiC3ipJq_Np...

43 B
921 B

66ms
21ms

Image
image/gif

162.19.138.116
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmQuxGdkPhV-Oo90ICe5_TAhf4OY7678dPiC3ipJq_NpZjx8g6uN8BWIQnx6B8sC_6LJoUGA6u3sNtqr6i5MMlFbg6nlTNY

Protocol

Server

162.19.138.116 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533567.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Sun, 26 Nov 2023 22:17:24 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

Redirect headers

date: Sun, 26 Nov 2023 22:17:25 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmQuxGdkPhV-Oo90ICe5_TAhf4OY7678dPiC3ipJq_NpZjx8g6uN8BWIQnx6B8sC_6LJoUGA6u3sNtqr6i5MMlFbg6nlTNY
x-download-options: noopen
vary: Accept
content-length: 270
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8007
Redirect Chain

https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_...
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=40896480-93f1-4b6f-bc81-02ddb4993f72&google_cver=1&google_gid=CAESEPP-82fLsY_tsXsJdzTOZ-Y&gdpr_consent=${GDPR_CONSENT_109}&google_...

170 B
188 B

32ms
32ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=40896480-93f1-4b6f-bc81-02ddb4993f72&google_cver=1&google_gid=CAESEPP-82fLsY_tsXsJdzTOZ-Y&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmSxWA8nKfw3YKCDxlzlSh1HRx-zO7fjd5UtDBIzaDce5KyTHZ1dgB7UndeP1P3IislvMffhUMrHwF_JKZ6yoDGl1UyfU6nB&gdpr=${GDPR}

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=40896480-93f1-4b6f-bc81-02ddb4993f72&google_cver=1&google_gid=CAESEPP-82fLsY_tsXsJdzTOZ-Y&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmSxWA8nKfw3YKCDxlzlSh1HRx-zO7fjd5UtDBIzaDce5KyTHZ1dgB7UndeP1P3IislvMffhUMrHwF_JKZ6yoDGl1UyfU6nB&gdpr=${GDPR}
date: Sun, 26 Nov 2023 22:17:24 GMT
server: _
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8007 0
12 B 29ms
28ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IllK4MK690U23jsKASTI6eLmSPRQfF1lxxgnwQIGNMco2L-pLRK2hgYVVVvyfJbyhZogQTa0E

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 2913 38 KB
13 KB 21ms
20ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 107953
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 16:18:11 GMT
expires: Sun, 24 Nov 2024 16:18:11 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 36BA 170 B
188 B 30ms
30ms Image
image/png 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICSjpAFEL_Xk7MFGJ2mn_oBMAE&v=APEucNU6Xl9y2EALA-NuBm-T3jZQFf-SZGyu06ln0FQVwV_lD_HSD30013LY9CBNA7JUW0QFeY8YZkNd7Socu-sCtV5S8Xqw5w

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 36BA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1

43 B
734 B

40ms
40ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICSjpAFEL_Xk7MFGJ2mn_oBMAE&v=APEucNU6Xl9y2EALA-NuBm-T3jZQFf-SZGyu06ln0FQVwV_lD_HSD30013LY9CBNA7JUW0QFeY8YZkNd7Socu-sCtV5S8Xqw5w
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6OWE40PX%2FYnNuygs2TKz%2F5E5Lk9j6q1DujKjwks7kt5FiC6FIZBTUnpdKAPk9RRoHM1KIAKtHPguSIgznu%2B5Qjdzt9AOPGFrvGOCtJWgdKpFnqF7udn%2BJ8k62Kh4Yw00063o6ZgnUyzAow%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c5805a384e01e3-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 36BA
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPD9ETev8Uj7gTlATAFZwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1

43 B
738 B

46ms
45ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICSjpAFEL_Xk7MFGJ2mn_oBMAE&v=APEucNU6Xl9y2EALA-NuBm-T3jZQFf-SZGyu06ln0FQVwV_lD_HSD30013LY9CBNA7JUW0QFeY8YZkNd7Socu-sCtV5S8Xqw5w
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V2MlFoYz35oLxuWQgBY9dzxAuVUJQaQF3oUMxm%2Bf%2BaL0Xq9DPvhQbJyhUU5yeQIGH4F0qiBICczClp5QHIGiKx%2FSsJYU9qB0OH%2Fz3pY3c7KbplSPlSC3%2BmrNQGdR0DNHBwuisEv%2B2KfULA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c5805a98bc01e3-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 67E2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7cfca0792a500a8f7ea890afcfbce2b1ed8c3a87fa2218e9c25dba9ba29d218f

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

bounce
ib.adnxs.com/ Frame E52F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELgwC28vwtEMegwyvusf2h4&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELgwC28vwtEMegwyvusf2h4%26google_cver%3D1

43 B
895 B

36ms
35ms

Image
image/gif

185.89.210.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELgwC28vwtEMegwyvusf2h4%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGLHmtPEBMAE&v=APEucNWWk-XbN25TiNsJap2Oc4gEY9I8taiDIU7zQAhsaFu_PUmb6KIQNO5qmk0LHmPig9zCefzXt0KLjkslC82wcr3aBOGSmw

Protocol

Server

185.89.210.90 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
an-x-request-uuid: 203897ef-28e9-483c-af56-c321fde383e0
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 176.10.107.237; 176.10.107.237; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
an-x-request-uuid: 3c685373-0c83-440b-bb76-290b33dbaff5
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELgwC28vwtEMegwyvusf2h4%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 176.10.107.237; 176.10.107.237; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E52F
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE3OTMxOTg5MjIyODUyMzY0OA%3D%3D

170 B
188 B

30ms
30ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE3OTMxOTg5MjIyODUyMzY0OA%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
an-x-request-uuid: 4f1edbd7-4461-4315-a8a4-ebcaf79decc8
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE3OTMxOTg5MjIyODUyMzY0OA%3D%3D
x-proxy-origin: 176.10.107.237; 176.10.107.237; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame E52F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPTAmP-DBlYmyBlvYorm9_o&google_cver=1

43 B
61 B

30ms
29ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPTAmP-DBlYmyBlvYorm9_o&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGLHmtPEBMAE&v=APEucNWWk-XbN25TiNsJap2Oc4gEY9I8taiDIU7zQAhsaFu_PUmb6KIQNO5qmk0LHmPig9zCefzXt0KLjkslC82wcr3aBOGSmw
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPTAmP-DBlYmyBlvYorm9_o&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E52F
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTlmZjRhOWItYjE5Yi0yMzRjLWM0ZjYtYWNmZTRiMTI1YTU4

170 B
188 B

31ms
31ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTlmZjRhOWItYjE5Yi0yMzRjLWM0ZjYtYWNmZTRiMTI1YTU4

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTlmZjRhOWItYjE5Yi0yMzRjLWM0ZjYtYWNmZTRiMTI1YTU4
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06B1 0
20 B 57ms
57ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B5bvz9MNjZZG6A8vP9u8P2KqxqAUAAAAAOAHgBAI&bg=!dHeldzjNAAZxrfrxUa07ADQBe5WfOIvKftvPKGwQKvOk7FzBEWrpxSJaAyOmY24UVkaOD8NlMbm7c9VaPBvb9RQTdcHoAgAAAGJSAAAAAWgBB5kDExFpjS6QQAvjRencre4czOGGM1V3CaDqIhY36MR4dGVZo6B__QKKsXLmL1K5IBCOTwE2d34MkVcbhh3NIE-w2rywrnHmRXa9HF8fwd52wqrBNCr59EBZyOQlpPOKG5WkwuLGAOlBODTPP3gdoOEAPQ221r99Jck0ulC0Zzd1bHXJHl5zHwQB2fQb6J8xOutB6tqI66FeQ9T1k6u_pv8rIaggL1lUws9ApdvkCE-qJGkTtqIFnp_gLVtOHy2OiFpyZhzvT6PWk9raIw6ty1QPkGkMgd0XItR_dSnzC0B3uGSPyXsHDikfukb7nqXhyU3zX0aAPDS8ee0WkhLSzsjRslODEiFJ6-XVyqdtUcXAbaKYWZZIyHCyrhTS2IDUDu-e4wawbIe_tG7hkaf_w3trH2eaA2UsIPDnZ7xXkcmc9apUVFekP2euAf1xovVy3U140LRlhh6FeGJD5e6WIS-isqWG8JDHj8e1NzgZ-QafTsQ7QvPi_pAJCIy7wwMKJNefiCo8CJZAlNAxlgaWVnRqtsK_WCq6PzYyz2rdhFa6CUHG1Qomyl4o_xHMNxoJO1m_lEOANdRtdGhmD5tdzuB0O4FZpEinuGzYmRhLjMyAZIoFywoWEdmTh9U-xvypJQfZTpKxWShwklLpbEt5WxJa539LlUBJtbW_ZfBMo4ByCi-ezanSyzBvYfTidhpSoyOOh5QUeK20fHA-mkrB-oxuqa_luLvrolNEg7aHIAGAu1UR3Yu7lmWBbBqFmo035IqPJw4TFF5qN4ealYIczdLp0wfG5vlyRw98wrdN5Oyo8B7GzxOukR7enZcpuo7wTIJpoZBJfFZbLhsFiVzZhYkN0jtYj7otOTU0XK--V9hBDXVR3s6kWGof1zNfEAiSJ2lKFR22fRN8A3Noo_7QBEyug9IgYz24DP8dq-7aORNoXQHpflGX_HV6iKgID7b0ZXep7MZONjWXGGJh-bfBE9UUpNCaMrXlN29YCa3ECXsRx9kXqiLPjtqcCIqSOgsegySP_Jk5RNuSIxffSk-SJFPW-3o4xNg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0402 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5898839963235&version=m202311060101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0402 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5898839963235&version=m202311060101&ct=76&x=1&cor=10255656881810230000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0402 91 KB
38 KB 79ms
79ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAtLNqrxKkdfQnPTFr1cPnTLyzZpzf3uZVEUoyr_UJ8ZZG9Ssz9PIVRgKlwKP_oAb6Pcen734N3XzE5BzcZ0gqqAMIdqnmDz0BK87mtFa4XPlO-CQVA2b6PqDmfLDuUzj2W9_q23CFDDYZkDihZve9P2do0oCLWl3ozw6Gf0r8eXygT6A&dbm_d=AKAmf-DZ5UbdB1xNrFCbiQ8XVO5gUOU3M8RCutD0t4lgwe0ZmAB7QRvh776YkUcsljzQ-aA8lHPHrfuvEmzuYnE5aGk2FM-CEkCNhwu5FyOUw5mrckDB9zsVoRtPfuARuTVXiTkFI_5smRiFK2QZv1R0jAQourDMyk5HP74MUHXdP2XjzuFfIpilPN0aSnm_vM3wBys5APv2U97TS1n6f7WFw3Er4p87TUCV4GQqmisxT_CJruIyo5Ccp1RFlo1MTAcmpLZr9peTFII4Qa_2OgkRpaEiwazPDlJ4AApgQlAYfxGV2Esnoeg5ip0UMLX9L9kd0NOlzaEQRxo3ya2JNFXxzabG54d1tvXAFQucIJsKq0N3fY8avrfuSzwM_L8xUYpcAV7ImI4Uxhk-qvwKxitxR7UoK6iqHNMyd2lGBy3i05SihvQhb31k6ol4Z2ABVaQS0xCUTIZaiH2rxGk7XIoOnWQk4LAOtitYo3Gz-rbYfWCQ3mimbbs6xF24RCgdahqeGh347ERSLkV-nxQ0I5YZKN2YOyZFbJRxP3akAae0fgk1MytUj_zE1TbGDOT-R8MVM5W3vMttYdn7-NJzDsZTXZpn-MDXrFSTeEz6wkWk3wR2Sx_vQ2peK3Lm_RvPdrwz4cYL2gIMqdOzY0HTDb9uiakQ5Qz_6HCgkwtJsz2TFOUIB24o7lZHHzYP4yRiDWWtd-7Vm1Xvfj0UBIKSFWXH61GyUiKALRA6hXCK1nLY5J_2-u97H6PRONE0hfz5QlH5HtDdy0jk-la-PWK6DXToBXsk5BPVVQ6lzoM3V8z-uaxyqwPnmZVmg1uV4FIYzgXJESqNB7FY5ix2Oge_MCMQZx8qxkyDJogJtOyBjyC5kZSMm7H0HEvhKNTjZw5O0WH8ReNgE9nc_XETtGV2WUsLX3St6gtpWqNg9aXdAWOkYNSkgDS9Ys4mVoGWwR56YVnCFb1CdYagn7NaL4OxQKUYwi1F8DlyLl57tbBpP6YBh_O2fr1oTG7mkXF64jpqlU9GcL_PkjBhF0ZjZsWLrfN3AENm0_NAkMznBMYjjoz5emHWTI3mHT8ulnIPWyHZSm2JQDfGGb3hCevYwiNtlb_Xxs_8lt01NuAZpJ5C4woW3i9L3sOrFO5VfVwFYiJhFFelHaEDnvUiLvCebSxPZ01qFCB4wVWDd0ljXOwvrIB0MHZxA0eD0A7QrUhRhkI_cuLLGu_IhXLkDTTBzA66BN3BqXyceXKJooWFMafuGf-UUAV3To_-M3s1itseHC9g2wyhrWNiB9nEDiiG1P_uFVkLByWWuXYXB4LRjcibauoXd0D2cLmjI9lXF9WMb6Bie-QwRKxlEBWFczuUnbi3ag8LPQkmlqTkDDRXex375dbD7cOD9_L89K1ia9qSDji60c47Vg6IHiZ3p7awobq0j3Axnp-G49bXtgWpFN1EKKJCF61Rto3b9JpykA-7YRzXD5d7hjTmjAt6Hw7bjWc6tjc_ZKVaskIh68j_g4t79sL19GC5X_WtgW5SVldoKOaJMWG9qGfTZue5Y-EPAEuXWFzR6AOWJ7d7pyCo6cLDqR7WTy4lUY_rFqFGwaIl0p-jDnSPAzY-jOkLMcEPzht0LbCUZd3jXmgHHpVYKH9ARqEdd_WSk_9Kd4o1wF7DCg95iz6h3KVSv9BfzMPZr3aohvtDg-PDVqEovha4Sh3Heps-j76_qzSCBrdEhuXjsGeIznpege1gXLA_dkqnqWpINS8TVREYzS9jFyolTzaR8faVCWrXMxEbml5Odt677pf2GdM8_CZvqNtkjUcyGnJMHAPjbMUivdeUMA84SKoZgy8JEd6LclFwrQJj-igSd8i49K8ciDaOl0OKHzqzwB5whI4XXc1WU1SxI_xz0bne6-NS2aAByevcm300SNHeUlzVLruzX6kyogDogGfKnV4fADFBR_xvura_1J41wZFj0vYBmD7HYrhHeCq2FxdgWZ40vT552QKXiPrIFgMAFKBAXUcHufblNXfipUBITsIx1fEQMSfBglZcgh9NgxyyAIXWmB78Sks2wvoScuIJ0yQ4IbTn2ZWJv0Ooc0kITSMMm4sDd0Vb8m_igolgBaFUDdcyH-wiI8X0TWRfSa_92P9FPfoUF6qNsfd69oP6gZAd_H42-OkY_ZNw1T4hBGMu_JC2DBVaHEj5tG2NnESfI-oT54YpetMGWpJ00-rOhwXdkcknOaKCz7dknd9ntJLQPEXQAjCfIjg5BaRXg-n3Cv2gElYEptk3Fs5uN6EJWvyw7461OlO1RbK9MmLWIVkLkEqDDysq9HQrJ9jjxAIEKMa4PFL4gJs5svOgGPxyiciuuWSiEUenTO7WkqZ3sx6DTb5ULQSjrjj_5CTDnSRC_gxKlNEZaPsxLVdYGek2hRiiMXhWTENL8TWKlrDAJe_RuJLYVDQ_t3L7Z78v8_52Wnad22oz2x2SXQqY0htj80FKK5qxBtczMeY9eEdpHjMblIbr1WKA8qFYU54QXEI8oygfNf96j4AR965TkbGC44HgROLsUlhwEYKEZ9JI1aezoKqyOCfzLTe5apcemff0rFVp5mLzYv7uT40EBJKZ0rz2KvL4q6tNXNt0e5kRoyfnZZVSzLcBtKOvaOehokHZZNq0BPeN16lgLg2eVJQc6rhpUHd4rGnVwCu2rppDGnxcl1f-kZWRhORkVTG3CpT89K0aBnc-UnZbN4C5s-BUbGI-innnIfz-iL4ni7d-RI_lGoW_d45dr9kXZKgiy02jUR7YIN8uONc7yLcGFdPRJLI-VqPUpD-7QnCJp5-C7k0SXrmBmB5nuHYAzsevs10Oqj4h68vTobXgR0Hz2v24QcDadyUg0lPiwdyQ55lFBlt1nMYGaH95sAS6F_f9wj0p-G3JvJYJuP2gsOXL6deQWxA05rdOW9rsOgnfuCiq9HW0nYBfKe-yW6Mhgtshud926CZrFQFJTAwLyeqTJMGFlBxFhcDc2bY68wpeYqxbjiqWb7lFhrcx-a2rE3OGdWyMbwN8ETinVjzvaS70_M8vKGFMsFUWuNqqIRp-eBMJkGRIfjQwjaJ7GocUC38hRlv9sq0QEyZczcP4skteHpgUhTV9yjJ6IotJOxlq_GGqaDatD7sIXi7ktrxNxk-CqM1eGD_cMXBKd85KNwWsnucwHGKzScXov77fcb9xzAlh6TlRK5NsvwnGBNt3kjRRKlbmZwvMxD7uAWKYhIyGoeHg7W7ymc9L9Pc-AhNAJqoiP1ra6AXhnHI0mptAcdyXdfjfOfgv98SXa26QetCcU2BI_inOBKeHmY6KugLN2QQIXWDkaTwxjDcwFzczd9hZFvAEH-ox6ZiaPDoVFLuPOT3XJeKSBoMeBh1l_jQdPDjTP1TtnPzxzHMBJ37u_TlrUfxxetrhRYbSGyNpkJR9hTxz0XilpKBi4RG2N0gdDY6Kh7_ZJQkyA0uU1GZ7o4vWp51ZpN5idljBT54DSuEnqEOVLQoDqKr3Gm03e_Oslnba9o4hp780kraI78Jc92xoOj2Dw2wwqjV2M6O6o8vHXSf2tQ_BUhj1IW-sTF35mlwil9nuptW96XkxTOe7_k6kw_WniI72ogGazw9SnS7Pi3hnAVDKbSCQgTkvPF47wv6wTbiww3c4tVOlQWsCJ9daEQEIsWZ1dvk8zRU1WUwORtZVjNdfj9iMZPlTrkpZkJG2weKoCuvlzF-twq_p02EMvEADYuj2p5dzSFBiX-hhW3w-bvy23R0QqFbay2HmzVb3Ea_CGMpB6Fp-bdUM6kxIfqzKp4_xlJUOZkRt9joch7DZEoWpFy2YlCM9r8AvHHfSyAk_bIM53ulfivcqJlmj02GWRp6tmqfwrJNsoXEx0Jxfs4l-EmurpuaxE_keNTkosG6Hjyjt0f98TbHkU3oeV9OFSXYe9atiBmj38JqB470_y73xuo0nbPSorUhfC45VpLQ4ScM5Cv0-bo2ZKIMKbTAUL-upa2Nadcww62y5ffKdtkuP0Yf9Nxq1wvqRQSFLYwvQHWPjdkaEeWWQVCvs&cid=CAQSOwDICaaNeof70AQcl73ibYkC43PKWTkvIEsW-t_YwdLzSwNhUZ7AiG3y1GpEAZW5CwvV4t01FylB-N_LGAE&dc_eid=31079496&dv3_ver=m202311060101&rfl=https%3A%2F%2Fwww.file-upload.in%2F&ds=l&xdt=1&iif=1&cor=10255656881810230000&adk=2086295851&idt=98&cac=0&dtd=11

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a1f8553f39d7c12ec667389da1ec8348c86d656f5f9e5ea647b405e650d71f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38810
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame F637 4 KB
1 KB 79ms
29ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 26 Nov 2023 20:30:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 26 Nov 2023 22:17:24 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D300 478 B
195 B 61ms
61ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiH-9z-ATAB&v=APEucNUdDaIwoBDhi9vV9m99iG-mOk-znZ-hYPtybDKSQfhNPMjSNi71qbADEFG_gYnFlifNPhRht2Qt71nIa6fWXPT7hVShtw

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame AD02 23 KB
9 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 15:58:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22717
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 15:58:47 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame AD02 7 KB
3 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 14:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27160
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 14:44:44 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame AD02 41 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108002
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame AD02 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43241
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:16:43 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6A29 1 KB
643 B 22ms
22ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 46329
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 09:25:15 GMT
etag: 48472445140208031
expires: Mon, 27 Nov 2023 09:25:15 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame AD02 20 KB
8 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21605
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame AD02 0
0 28ms
28ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQL9qusmsEwBuJFFj4x8SXPBjHe9fhdpJuS7EnsSvh-etoieefZFLzJzjZuztOl2ovHzcBneFE9coPq5ElRAeSX2pqiYQ
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame AD02 202 KB
64 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Nov 2023 22:17:24 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame AD02 42 B
63 B 54ms
53ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ckm9MzkSgYo_Pdu8a5PaWfk1pO4RRs3qSDkZBPiZ2Lw-IMggrTOZ5DOWUoT29ZO46tuqa1E3U4plvH8PC-e5D8sQeZy2p7vgrV0v-__NnEBjDeeoY

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame F637 21 KB
9 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43689
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8781
x-xss-protection: 0
server: cafe
etag: 9666818975682992898
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:09:15 GMT

GET
H3 200 13657615235342447775
s0.2mdn.net/simgad/ Frame AD02 66 KB
66 KB 23ms
23ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/13657615235342447775

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

881c34f9478aebd3b0de210be3a711ca7591e13997bf637335c23e4f39815c6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 20 Nov 2023 09:27:36 GMT
x-content-type-options: nosniff
age: 564588
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67590
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 14:44:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 19 Nov 2024 09:27:36 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/3296175846435323904/ Frame F350 12 KB
3 KB 56ms
55ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f7215216c84123c42d98e15f1f0242b81bb8c669335f0238c9a63415ccfa7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2818
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 22:17:24 GMT
expires: Mon, 25 Nov 2024 22:17:24 GMT
last-modified: Wed, 30 Aug 2023 14:57:53 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 67E2 0
0 71ms
69ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvxoWK-IERd4iqTDLwUzkQzK5fGphiPb45z7SJpTJIRfg2H0U2Fvuet764rBXMlvva9u5GBSevCNi_62kGKnX750ZQUw061SIoe0VbEBzSjZplwuMABZViO1tf7MceyYhH59WcSp5t8znc_EzmEShrz2nJgEdpOjFQusErbhpdIIvtwGMqSFxhbKw_ECQQZwlqLnD4NhusCNam_GXe-yrbjv7n-zEcZAU7uGwYIjrAaP6SmzGa7-zhM5urC5Dt8wNKmHEoR6PTG3pmE7OgFkYPtOa0KTdh-N6MVqhbr1DY34chw09VS5mIzKnLG3LbG_XTQGg7YZA9KVQzBZqrxljV2ZA7ro5R0Nhv38M9sU3sv7l1Zolu-XvzBvJf_Iyp9-Wra8KQMK-bhP-k58n3-FYNXfxxxRZxLrEMbRuKvgdbC-8aFzmB_r2MMs5f4eUQChyAICRGeV-FMN5Z3bOLAQVOtzP_xnCln6AnH5HT234a4_t9TSwTVslgmpUGTRsVnuirKSaC4mjt5vdW2Mdh99l9_1xHBPCz4lxXsbGmxJGwTWY2OUUKTDSbBvbxvCGHsqNyLAyAsFDpn8B4dcHBAwIGk-JZdBoyuDaNJFgXfc93subbfPgoVelvyzfosv4W_Mbc_-ee4WK1edNBr7g6LEr2ePS6pO54TalfPPNw2WLtyTbf6w79Ve93fQkSmDCdCYINDTiirtwB0CvWDTkcBtjUHyeTif3S0nnmUlaBmk7Bsneb_xlOx4TqTcb31g-CUK2mcdQkMDE0PJma7S0Mc_LN_OQX4WnMG2xlSLLCvvWMa_91KitDbtTzUMP0o0_I_73jpJ8aZtO26-mYaVrv0lP8QYkfWye_F27vS24NFeaZ2uBINs6mwCR9CaglPwK6ob6T76yljDe8_zAREw1jfcQpk5ahA_2AabMomriYYbuA7WkjSoQd0pwfqACkHrOQU5X2qz0g6injizMrYiz9OiLIJCZd1XHvL4caqdSuPkZjhN6H3spLdVs7LVQ7PG2W1lK7tSgrbhHUOS2lxglsaxs9xP8Hwc46kzVAxSEX0QIz393VwJxC_u78arzbcFhgfMlIGTqIbRcxADjPT-GJhGokTZLeqrU-DYZUwxovBTeKyUD3eWqoKf2hnt0uBFJZSlLCXHlzDNUkJgqrXFwz-uHaUVF5BSJ_aBoyzDf6C1dOyEpibI8znmGGubvXuahmRrjIHQnBcq88TqQ3FnPE-kGqLFZs6RiKunMwqWZ9CnK33rgN73OxDjjYcltOl47iHTuRlqZacd9R_KB1jDQ3bV0K-z5gyD4ii45gzIfoZlvqhuIkEBKasGvxir2NKqObfz1wnG4mziCUq4R445z1b2fTjJeOaYb0q1M2iX7w0ldex5vpw5JZLQa1WIB6kn5YiY-RoZhnolE4LIWNME8qPxX9B7QQEz6zIuxXp-PF4PB9kjjm5dMHfpU7M87xVQD2UehIvfv-fnETprf3Odqdvg9WZ_dnAv9VEaLulICSi&sai=AMfl-YQDxGEMXqU2OsDmZVCtgxupSMHsvRTDAHSkrRjMWph0SaX5hsHFAjPD10xOdGQQztCxbn-vukMBydDVy1jQguzFn0EUf1E1eKPOYsztAZiXU-BsFiQyor60Cdp8Jh6lvRKEkx3fugXUWTZ9S5hymea24rH2mVFHbMbEYDbpSARhFIN-017kVdBDtJDbzXOq5jvby461E9Oh3uFlnN4clchr1EMqVwgLVFSzCTGLYB0LskKv3n2tbqRo5jp4Htshu7yP-d05RxpH_HAuj4i2LcfHId9IIunq-z7wedVsr8oZI6g-MAv9ownPg5zWB033Mr-FfwjuBgfcyF2_PUqlp0E51sn_WZmKbkKwpbUZy52SXPv_C1P3E_b3FVqcjAA_HeWnG6_52pgdOKCggqHPEOI9x4conyIUfqBS-aGJqqB3xZvaNg&sig=Cg0ArKJSzDREHJRjECb1EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=151&cbvp=1&cstd=146&cisv=r20231109.03611&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 26 Nov 2023 22:17:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 2913 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43236
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6A29
Redirect Chain

https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEH0UQ1hWwuQSbRVnM5esxTU&google_cver=1&google_push=AXcoOmSANVEIY401i_8KM5ZqTMGbxgKaEVHaMn7VKxUNIc5P8CsNKEj...
https://dclk-match.dotomi.com/match/bounce/current?DotomiTest=770d399eb8ad1615&is_secure=true&networkId=14000&version=1&google_gid=CAESEH0UQ1hWwuQSbRVnM5esxTU&google_cver=1&google_push=AXcoOmSANVEI...
https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAAID8wiuqQguANCPvd1AAAAAAA&expiration=1701123445&google_cver=1&is_secure=true&google_gid=CAESEH0UQ1hWwuQSbRVnM5esx...

170 B
188 B

33ms
32ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAAID8wiuqQguANCPvd1AAAAAAA&expiration=1701123445&google_cver=1&is_secure=true&google_gid=CAESEH0UQ1hWwuQSbRVnM5esxTU&google_push=AXcoOmSANVEIY401i_8KM5ZqTMGbxgKaEVHaMn7VKxUNIc5P8CsNKEjgnaiKcZXKBZYO_Js42ELqqqlnBWy3tgSgU6LFIioc957z

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAAID8wiuqQguANCPvd1AAAAAAA&expiration=1701123445&google_cver=1&is_secure=true&google_gid=CAESEH0UQ1hWwuQSbRVnM5esxTU&google_push=AXcoOmSANVEIY401i_8KM5ZqTMGbxgKaEVHaMn7VKxUNIc5P8CsNKEjgnaiKcZXKBZYO_Js42ELqqqlnBWy3tgSgU6LFIioc957z
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6A29
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIW1HW0ljBJmHfDjvIfGSP8&google_cver=1&google_push=AXcoOmQAUruppQ1_cnvJ2YNbv9nJ-9jOcDzrfZtPd02SjWf4XyEP3xcnbD6gtpK4zO3nUhGPZ0ghwUQeJb_li2TZEv6V...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEIW1HW0ljBJmHfDjvIfGSP8&google_cver=1&google_push=AXcoOmQAUruppQ1_cnvJ2YNbv9nJ-9jOcDzrfZtPd02SjWf4XyEP3xcnbD6gtpK4zO3nUhGPZ0ghwUQeJb_li2...
https://p.rfihub.com/cm?in=1&pub=20513&ssp=google&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=119&user_id=5108559731117933768&expires=30&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AXcoOmQAUruppQ1_cnvJ2YNbv9nJ-9jOcDzrfZtPd02SjWf4XyEP3xcnbD6gtpK4zO3nUhGPZ0ghwUQeJb_li2TZEv6VlFrHBJ2a&google_hm=YR6DxOmiSvmtHMHSXjFN2g==

170 B
188 B

31ms
30ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AXcoOmQAUruppQ1_cnvJ2YNbv9nJ-9jOcDzrfZtPd02SjWf4XyEP3xcnbD6gtpK4zO3nUhGPZ0ghwUQeJb_li2TZEv6VlFrHBJ2a&google_hm=YR6DxOmiSvmtHMHSXjFN2g==

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AXcoOmQAUruppQ1_cnvJ2YNbv9nJ-9jOcDzrfZtPd02SjWf4XyEP3xcnbD6gtpK4zO3nUhGPZ0ghwUQeJb_li2TZEv6VlFrHBJ2a&google_hm=YR6DxOmiSvmtHMHSXjFN2g==
date: Sun, 26 Nov 2023 22:17:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6A29
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEElgq8POngowGbczR6HztcY&google_cver=1&google_push=AXcoOmSwntPKyZMYzuNoYVyJEiPErZ8ozd9wyBpmEHdhlh5I9ndSyA0Pxm8wIKq95CeIBr4JzLQ5i7ChJK6LTWbR8IFqPB4...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSwntPKyZMYzuNoYVyJEiPErZ8ozd9wyBpmEHdhlh5I9ndSyA0Pxm8wIKq95CeIBr4JzLQ5i7ChJK6LTWbR8IFqPB4AXGrt&google_hm=eS1COEVhWXJoRTJwSDJaaV...

170 B
188 B

31ms
31ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSwntPKyZMYzuNoYVyJEiPErZ8ozd9wyBpmEHdhlh5I9ndSyA0Pxm8wIKq95CeIBr4JzLQ5i7ChJK6LTWbR8IFqPB4AXGrt&google_hm=eS1COEVhWXJoRTJwSDJaaVg1bUVEOHYzR3VDbGQ0YWd2eX5B

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 26 Nov 2023 22:17:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSwntPKyZMYzuNoYVyJEiPErZ8ozd9wyBpmEHdhlh5I9ndSyA0Pxm8wIKq95CeIBr4JzLQ5i7ChJK6LTWbR8IFqPB4AXGrt&google_hm=eS1COEVhWXJoRTJwSDJaaVg1bUVEOHYzR3VDbGQ0YWd2eX5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6A29
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENhNLf1aJikQqNy9DyGa5_U&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESENhNLf1aJikQqNy9DyGa5_U&google_hm=ZWPD9ETev8Uj7gTlATAFZwAADJsAAAIB&google_nid=index&google_push=AXcoOmSHYJjIco00c-K6slS3IiWLatULwrgrf...

170 B
188 B

33ms
31ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESENhNLf1aJikQqNy9DyGa5_U&google_hm=ZWPD9ETev8Uj7gTlATAFZwAADJsAAAIB&google_nid=index&google_push=AXcoOmSHYJjIco00c-K6slS3IiWLatULwrgrfSfV0j8Nbh3eLPPeob46LFWlKt6WXcLj87KYmefLKvSpB-B86hHPzQCe-CtaNUk6

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wg781dHlLTzRiC80bGh0bf6B4JJ4wRUv6yKodDFs33dUjT2PJkWktxmiPlIzH42uxL3AwkSlWlvQfW9yr2vV5otzsiHlm7O9wPW0Ymt9ISKg9xpPtcYlaDduDjYVBYsoCkVrzhDBKh%2F5Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESENhNLf1aJikQqNy9DyGa5_U&google_hm=ZWPD9ETev8Uj7gTlATAFZwAADJsAAAIB&google_nid=index&google_push=AXcoOmSHYJjIco00c-K6slS3IiWLatULwrgrfSfV0j8Nbh3eLPPeob46LFWlKt6WXcLj87KYmefLKvSpB-B86hHPzQCe-CtaNUk6
cache-control: no-cache
cf-ray: 82c5805abfde01fc-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6A29
Redirect Chain

https://tg.socdm.com/rtb/sync_before?proto=google_ebda&google_gid=CAESEMIVVKGKOnahbOrvGHfX91c&google_cver=1&google_push=AXcoOmR2KQCBbHiG6ls1DMf9Fr2APRiKwdCFuNfOoDPjGBP5AeNyd79ueLTxJzuw42lUxJcxstaxL...
https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AXcoOmR2KQCBbHiG6ls1DMf9Fr2APRiKwdCFuNfOoDPjGBP5AeNyd79ueLTxJzuw42lUxJcxstaxL-N9msJxJ74W-irhZ40ENESy&google_hm=WldQRDljQ28...

170 B
188 B

32ms
32ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AXcoOmR2KQCBbHiG6ls1DMf9Fr2APRiKwdCFuNfOoDPjGBP5AeNyd79ueLTxJzuw42lUxJcxstaxL-N9msJxJ74W-irhZ40ENESy&google_hm=WldQRDljQ284WGtBQUNGR3ktWUFBQUFB

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

X-SO-Cluster-ID: 0
Date: Sun, 26 Nov 2023 22:17:25 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/rtb\/sync_before?proto=google_ebda&google_gid=CAESEMIVVKGKOnahbOrvGHfX91c&google_cver=1&google_push=AXcoOmR2KQCBbHiG6ls1DMf9Fr2APRiKwdCFuNfOoDPjGBP5AeNyd79ueLTxJzuw42lUxJcxstaxL-N9msJxJ74W-irhZ40ENESy","cluster_id":0,"gdpr":false,"ipv4":"176.10.107.237","key":"ZWPD9cCo8XkAACFGy-YAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad225"}
X-SO-Key: ZWPD9cCo8XkAACFGy-YAAAAA
Server: nginx
X-SO-Upstream-ID: m-ad225
P3P: CP="See also http://www.scaleout.jp/privacy/"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AXcoOmR2KQCBbHiG6ls1DMf9Fr2APRiKwdCFuNfOoDPjGBP5AeNyd79ueLTxJzuw42lUxJcxstaxL-N9msJxJ74W-irhZ40ENESy&google_hm=WldQRDljQ284WGtBQUNGR3ktWUFBQUFB
Cache-Control: private
X-SO-HostName: m-ad225.dc4p.scaleout.jp
Connection: keep-alive
X-SO-Ads-Time: 3
Content-Length: 0
X-SO-LB-Hostname: m-tgng21.dc4p.scaleout.jp
X-SO-IP: 176.10.107.237

GET
H2

200

/
onetag-sys.com/match/ Frame 6A29
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEL0E-EHj-4pnrBf9LX6waPE&google_cver=1&google_push=AXcoOmTQjiaMd2WI97uM9T3fU0sfQV2yxSA7YPBgND69OdNeyIOnDD_g4zs1FoV4tZ5T5F79E8uCJN0X3d1...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTQjiaMd2WI97uM9T3fU0sfQV2yxSA7YPBgND69OdNeyIOnDD_g4zs1FoV4tZ5T5F79E8uCJN0X3d1Djp8muYAnu8TOGDBRwA
https://onetag-sys.com/match/?int_id=19&google_error=5

0
200 B

21ms
21ms

Image
text/plain

51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6A29
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEA7yDWOj72598T46U-DhmNE&google_cver=1&google_push=AXcoOmSQErcQJZoiZ...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NDE3OTMxOTg5MjIyODUyMzY0OA%3D%3D&google_gid=CAESEA7yDWOj72598T46U-DhmNE&google_cver=1&google_push=AXcoOmSQErcQJZoiZrpEtyWuYpvdWBD4Mp...

170 B
188 B

31ms
31ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NDE3OTMxOTg5MjIyODUyMzY0OA%3D%3D&google_gid=CAESEA7yDWOj72598T46U-DhmNE&google_cver=1&google_push=AXcoOmSQErcQJZoiZrpEtyWuYpvdWBD4Mp3GRHzOzjfw28rDXWn3wautXnxWAF-A4dk4uC7e2KDLX38AVdcd1T-KQzJfhzFkxsWbxg

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
an-x-request-uuid: 53c6e8fc-8b70-4caa-8a13-d7b3c770566b
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NDE3OTMxOTg5MjIyODUyMzY0OA%3D%3D&google_gid=CAESEA7yDWOj72598T46U-DhmNE&google_cver=1&google_push=AXcoOmSQErcQJZoiZrpEtyWuYpvdWBD4Mp3GRHzOzjfw28rDXWn3wautXnxWAF-A4dk4uC7e2KDLX38AVdcd1T-KQzJfhzFkxsWbxg
x-proxy-origin: 176.10.107.237; 176.10.107.237; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6A29 0
12 B 29ms
29ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I72sx7b9zd71QlFp5EHQcQI6-_PVwl1PdHTgNknmRueUIWJeIiKN1_b86JKFTLQfN1_1z2vGs

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame B1DA 38 KB
13 KB 20ms
20ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 107953
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 16:18:11 GMT
expires: Sun, 24 Nov 2024 16:18:11 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame D300 170 B
188 B 32ms
31ms Image
image/png 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiH-9z-ATAB&v=APEucNUdDaIwoBDhi9vV9m99iG-mOk-znZ-hYPtybDKSQfhNPMjSNi71qbADEFG_gYnFlifNPhRht2Qt71nIa6fWXPT7hVShtw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame D300
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1

43 B
737 B

38ms
36ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiH-9z-ATAB&v=APEucNUdDaIwoBDhi9vV9m99iG-mOk-znZ-hYPtybDKSQfhNPMjSNi71qbADEFG_gYnFlifNPhRht2Qt71nIa6fWXPT7hVShtw
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rFK9auezK3wQAKrtClXRA%2BpWYXduk6%2FXaJkdPdDNcwcor4BRw8V9BGl1w1obgdGCK42rTNdlyKJCy5ZQpIXwHH1z2UJ%2Fy0h%2BOEcgKryHI2z%2BUxRTe2n3gDYK7QtbcfcCKvkT8UWI38m%2FmA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c5805b197701e3-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame D300
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWPD9ETev8Uj7gTlATAFZwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1

43 B
743 B

40ms
40ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDQgJixBRiH-9z-ATAB&v=APEucNUdDaIwoBDhi9vV9m99iG-mOk-znZ-hYPtybDKSQfhNPMjSNi71qbADEFG_gYnFlifNPhRht2Qt71nIa6fWXPT7hVShtw
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jg2CScXoaXjwC0raHGzUoj37zWIx%2F3QeQDjVoDfaRIPPoTI9xWfbF4U1jrtD0ZBPXRkrrUgySH%2FGXCBMCwsIXnZnX%2FH4ls4s%2B%2BA%2BTODqB%2BUnJeKqOuyKk4LbyvMha%2BXQuYU7KBiSYYrMWw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82c5805b59fe01e3-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIRde6A8UQjIsMmEelt6ago&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/3296175846435323904/ Frame F350 7 KB
2 KB 23ms
22ms Stylesheet
text/css 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3296175846435323904/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

edabf809b301dba76a2b332f0a5a412f764061119b991ec36a72778306178897

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 19:42:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182067
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1724
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 14:57:53 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 23 Nov 2024 19:42:57 GMT

GET
H3 200 MuseoSans_300-webfont.woff
s0.2mdn.net/creatives/assets/4466103/ Frame F350 22 KB
22 KB 30ms
29ms Font
font/woff 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_300-webfont.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

602a48d8418dc75bc51795b3f33e2e49ee38d40c4a658723b0878f1c64a68265

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:07:21 GMT
x-content-type-options: nosniff
age: 603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22016
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:01:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 22:22:21 GMT

GET
H3 200 MuseoSans_100-webfont.woff
s0.2mdn.net/creatives/assets/4466103/ Frame F350 21 KB
21 KB 34ms
33ms Font
font/woff 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_100-webfont.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4da56999476a0550c62f0a269cda43474aaa0f7ba5c461cee58ac2af893bab90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:07:35 GMT
x-content-type-options: nosniff
age: 589
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21880
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:00:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 22:22:35 GMT

GET
H3 200 MuseoSans_700-webfont.woff
s0.2mdn.net/creatives/assets/4466103/ Frame F350 22 KB
22 KB 32ms
31ms Font
font/woff 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_700-webfont.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ccc354572f46ed4b26ffec17c24264cce720c1ebab7693af8e88032e46b6544

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:07:06 GMT
x-content-type-options: nosniff
age: 618
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22640
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:03:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 22:22:06 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame F350 120 KB
41 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21599
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 16:17:25 GMT

GET
H3 200 gsap_3.11.5_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame F350 70 KB
27 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.11.5_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5118140a15e5dbb471f19c06816bcfa44170878bd8fe0ade80c24b7a988d8ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27946
x-xss-protection: 0
last-modified: Fri, 12 May 2023 16:06:19 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 22:17:24 GMT

GET
H3 200 SplitText.min.js Show response
s0.2mdn.net/creatives/assets/4895796/ Frame F350 15 KB
5 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4895796/SplitText.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc1627bb5a3f6f3c3cf51ab01bc67a74a851bd203c51fa9210fe41ab096f56ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:06:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 649
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5285
x-xss-protection: 0
last-modified: Mon, 22 May 2023 12:46:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 22:21:35 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/3296175846435323904/ Frame F350 13 KB
3 KB 31ms
31ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3296175846435323904/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80ffb3eec028765433299e385701c253fc5024465f40ff92e64d8a671946ac3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 04:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 235647
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3487
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 14:57:53 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 23 Nov 2024 04:49:57 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 0402 111 KB
39 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Origin: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 07:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52616
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 07:40:28 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 0402 11 KB
4 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAtLNqrxKkdfQnPTFr1cPnTLyzZpzf3uZVEUoyr_UJ8ZZG9Ssz9PIVRgKlwKP_oAb6Pcen734N3XzE5BzcZ0gqqAMIdqnmDz0BK87mtFa4XPlO-CQVA2b6PqDmfLDuUzj2W9_q23CFDDYZkDihZve9P2do0oCLWl3ozw6Gf0r8eXygT6A&dbm_d=AKAmf-DZ5UbdB1xNrFCbiQ8XVO5gUOU3M8RCutD0t4lgwe0ZmAB7QRvh776YkUcsljzQ-aA8lHPHrfuvEmzuYnE5aGk2FM-CEkCNhwu5FyOUw5mrckDB9zsVoRtPfuARuTVXiTkFI_5smRiFK2QZv1R0jAQourDMyk5HP74MUHXdP2XjzuFfIpilPN0aSnm_vM3wBys5APv2U97TS1n6f7WFw3Er4p87TUCV4GQqmisxT_CJruIyo5Ccp1RFlo1MTAcmpLZr9peTFII4Qa_2OgkRpaEiwazPDlJ4AApgQlAYfxGV2Esnoeg5ip0UMLX9L9kd0NOlzaEQRxo3ya2JNFXxzabG54d1tvXAFQucIJsKq0N3fY8avrfuSzwM_L8xUYpcAV7ImI4Uxhk-qvwKxitxR7UoK6iqHNMyd2lGBy3i05SihvQhb31k6ol4Z2ABVaQS0xCUTIZaiH2rxGk7XIoOnWQk4LAOtitYo3Gz-rbYfWCQ3mimbbs6xF24RCgdahqeGh347ERSLkV-nxQ0I5YZKN2YOyZFbJRxP3akAae0fgk1MytUj_zE1TbGDOT-R8MVM5W3vMttYdn7-NJzDsZTXZpn-MDXrFSTeEz6wkWk3wR2Sx_vQ2peK3Lm_RvPdrwz4cYL2gIMqdOzY0HTDb9uiakQ5Qz_6HCgkwtJsz2TFOUIB24o7lZHHzYP4yRiDWWtd-7Vm1Xvfj0UBIKSFWXH61GyUiKALRA6hXCK1nLY5J_2-u97H6PRONE0hfz5QlH5HtDdy0jk-la-PWK6DXToBXsk5BPVVQ6lzoM3V8z-uaxyqwPnmZVmg1uV4FIYzgXJESqNB7FY5ix2Oge_MCMQZx8qxkyDJogJtOyBjyC5kZSMm7H0HEvhKNTjZw5O0WH8ReNgE9nc_XETtGV2WUsLX3St6gtpWqNg9aXdAWOkYNSkgDS9Ys4mVoGWwR56YVnCFb1CdYagn7NaL4OxQKUYwi1F8DlyLl57tbBpP6YBh_O2fr1oTG7mkXF64jpqlU9GcL_PkjBhF0ZjZsWLrfN3AENm0_NAkMznBMYjjoz5emHWTI3mHT8ulnIPWyHZSm2JQDfGGb3hCevYwiNtlb_Xxs_8lt01NuAZpJ5C4woW3i9L3sOrFO5VfVwFYiJhFFelHaEDnvUiLvCebSxPZ01qFCB4wVWDd0ljXOwvrIB0MHZxA0eD0A7QrUhRhkI_cuLLGu_IhXLkDTTBzA66BN3BqXyceXKJooWFMafuGf-UUAV3To_-M3s1itseHC9g2wyhrWNiB9nEDiiG1P_uFVkLByWWuXYXB4LRjcibauoXd0D2cLmjI9lXF9WMb6Bie-QwRKxlEBWFczuUnbi3ag8LPQkmlqTkDDRXex375dbD7cOD9_L89K1ia9qSDji60c47Vg6IHiZ3p7awobq0j3Axnp-G49bXtgWpFN1EKKJCF61Rto3b9JpykA-7YRzXD5d7hjTmjAt6Hw7bjWc6tjc_ZKVaskIh68j_g4t79sL19GC5X_WtgW5SVldoKOaJMWG9qGfTZue5Y-EPAEuXWFzR6AOWJ7d7pyCo6cLDqR7WTy4lUY_rFqFGwaIl0p-jDnSPAzY-jOkLMcEPzht0LbCUZd3jXmgHHpVYKH9ARqEdd_WSk_9Kd4o1wF7DCg95iz6h3KVSv9BfzMPZr3aohvtDg-PDVqEovha4Sh3Heps-j76_qzSCBrdEhuXjsGeIznpege1gXLA_dkqnqWpINS8TVREYzS9jFyolTzaR8faVCWrXMxEbml5Odt677pf2GdM8_CZvqNtkjUcyGnJMHAPjbMUivdeUMA84SKoZgy8JEd6LclFwrQJj-igSd8i49K8ciDaOl0OKHzqzwB5whI4XXc1WU1SxI_xz0bne6-NS2aAByevcm300SNHeUlzVLruzX6kyogDogGfKnV4fADFBR_xvura_1J41wZFj0vYBmD7HYrhHeCq2FxdgWZ40vT552QKXiPrIFgMAFKBAXUcHufblNXfipUBITsIx1fEQMSfBglZcgh9NgxyyAIXWmB78Sks2wvoScuIJ0yQ4IbTn2ZWJv0Ooc0kITSMMm4sDd0Vb8m_igolgBaFUDdcyH-wiI8X0TWRfSa_92P9FPfoUF6qNsfd69oP6gZAd_H42-OkY_ZNw1T4hBGMu_JC2DBVaHEj5tG2NnESfI-oT54YpetMGWpJ00-rOhwXdkcknOaKCz7dknd9ntJLQPEXQAjCfIjg5BaRXg-n3Cv2gElYEptk3Fs5uN6EJWvyw7461OlO1RbK9MmLWIVkLkEqDDysq9HQrJ9jjxAIEKMa4PFL4gJs5svOgGPxyiciuuWSiEUenTO7WkqZ3sx6DTb5ULQSjrjj_5CTDnSRC_gxKlNEZaPsxLVdYGek2hRiiMXhWTENL8TWKlrDAJe_RuJLYVDQ_t3L7Z78v8_52Wnad22oz2x2SXQqY0htj80FKK5qxBtczMeY9eEdpHjMblIbr1WKA8qFYU54QXEI8oygfNf96j4AR965TkbGC44HgROLsUlhwEYKEZ9JI1aezoKqyOCfzLTe5apcemff0rFVp5mLzYv7uT40EBJKZ0rz2KvL4q6tNXNt0e5kRoyfnZZVSzLcBtKOvaOehokHZZNq0BPeN16lgLg2eVJQc6rhpUHd4rGnVwCu2rppDGnxcl1f-kZWRhORkVTG3CpT89K0aBnc-UnZbN4C5s-BUbGI-innnIfz-iL4ni7d-RI_lGoW_d45dr9kXZKgiy02jUR7YIN8uONc7yLcGFdPRJLI-VqPUpD-7QnCJp5-C7k0SXrmBmB5nuHYAzsevs10Oqj4h68vTobXgR0Hz2v24QcDadyUg0lPiwdyQ55lFBlt1nMYGaH95sAS6F_f9wj0p-G3JvJYJuP2gsOXL6deQWxA05rdOW9rsOgnfuCiq9HW0nYBfKe-yW6Mhgtshud926CZrFQFJTAwLyeqTJMGFlBxFhcDc2bY68wpeYqxbjiqWb7lFhrcx-a2rE3OGdWyMbwN8ETinVjzvaS70_M8vKGFMsFUWuNqqIRp-eBMJkGRIfjQwjaJ7GocUC38hRlv9sq0QEyZczcP4skteHpgUhTV9yjJ6IotJOxlq_GGqaDatD7sIXi7ktrxNxk-CqM1eGD_cMXBKd85KNwWsnucwHGKzScXov77fcb9xzAlh6TlRK5NsvwnGBNt3kjRRKlbmZwvMxD7uAWKYhIyGoeHg7W7ymc9L9Pc-AhNAJqoiP1ra6AXhnHI0mptAcdyXdfjfOfgv98SXa26QetCcU2BI_inOBKeHmY6KugLN2QQIXWDkaTwxjDcwFzczd9hZFvAEH-ox6ZiaPDoVFLuPOT3XJeKSBoMeBh1l_jQdPDjTP1TtnPzxzHMBJ37u_TlrUfxxetrhRYbSGyNpkJR9hTxz0XilpKBi4RG2N0gdDY6Kh7_ZJQkyA0uU1GZ7o4vWp51ZpN5idljBT54DSuEnqEOVLQoDqKr3Gm03e_Oslnba9o4hp780kraI78Jc92xoOj2Dw2wwqjV2M6O6o8vHXSf2tQ_BUhj1IW-sTF35mlwil9nuptW96XkxTOe7_k6kw_WniI72ogGazw9SnS7Pi3hnAVDKbSCQgTkvPF47wv6wTbiww3c4tVOlQWsCJ9daEQEIsWZ1dvk8zRU1WUwORtZVjNdfj9iMZPlTrkpZkJG2weKoCuvlzF-twq_p02EMvEADYuj2p5dzSFBiX-hhW3w-bvy23R0QqFbay2HmzVb3Ea_CGMpB6Fp-bdUM6kxIfqzKp4_xlJUOZkRt9joch7DZEoWpFy2YlCM9r8AvHHfSyAk_bIM53ulfivcqJlmj02GWRp6tmqfwrJNsoXEx0Jxfs4l-EmurpuaxE_keNTkosG6Hjyjt0f98TbHkU3oeV9OFSXYe9atiBmj38JqB470_y73xuo0nbPSorUhfC45VpLQ4ScM5Cv0-bo2ZKIMKbTAUL-upa2Nadcww62y5ffKdtkuP0Yf9Nxq1wvqRQSFLYwvQHWPjdkaEeWWQVCvs&cid=CAQSOwDICaaNeof70AQcl73ibYkC43PKWTkvIEsW-t_YwdLzSwNhUZ7AiG3y1GpEAZW5CwvV4t01FylB-N_LGAE&dc_eid=31079496&dv3_ver=m202311060101&rfl=https%3A%2F%2Fwww.file-upload.in%2F&ds=l&xdt=1&iif=1&cor=10255656881810230000&adk=2086295851&idt=98&cac=0&dtd=11

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 02:35:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70943
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 02:35:01 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 0402 31 KB
12 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 04:49:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62855
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 04:49:49 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 0402 41 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108002
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B382 1 KB
643 B 20ms
20ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 46329
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 09:25:15 GMT
etag: 48472445140208031
expires: Mon, 27 Nov 2023 09:25:15 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0402 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0c51686c0461b0c32fff93aef93f9514af8703575739796fd988c12b90e8d1b

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame B1DA 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43237
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B382
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEAQPlgEu0SxSspl4GUJ-hMc&google_cver=1&google_push=AXcoOmQ7sez5fzK7oM0WoE1nTD2AApNorw0fV2DozfAokuonq8YLLhq2wlmbhcrYBszkF0UVn31HGzpke2yTPtnFFzWpqwJITOAQ
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00605976505246628E2E921ABF3188EF&google_push=AXcoOmQ7sez5fzK7oM0WoE1nTD2AApNorw0fV2DozfAokuonq8YLLhq2wlmbhcrYBszkF0UVn31HGzpke2yTPtn...

170 B
188 B

31ms
31ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00605976505246628E2E921ABF3188EF&google_push=AXcoOmQ7sez5fzK7oM0WoE1nTD2AApNorw0fV2DozfAokuonq8YLLhq2wlmbhcrYBszkF0UVn31HGzpke2yTPtnFFzWpqwJITOAQ

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 26 Nov 2023 22:17:25 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00605976505246628E2E921ABF3188EF&google_push=AXcoOmQ7sez5fzK7oM0WoE1nTD2AApNorw0fV2DozfAokuonq8YLLhq2wlmbhcrYBszkF0UVn31HGzpke2yTPtnFFzWpqwJITOAQ
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sat, 25 Nov 2023 22:17:25 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B382
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEHMZV78erCQvKYGlqz7_-FY&google_cver=1&google_push=AXcoOmTQp4iCAwJjupDNVs06xFJZiYs1d93VgzTycg_S1vaRfVPdx-0EKOzl2wW5orlsG7K6IiZDZ...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmTQp4iCAwJjupDNVs06xFJZiYs1d93VgzTycg_S1vaRfVPdx-0EKOzl2wW5orlsG7K6IiZDZLd5XH2JmTRnnil0hW0G8OlVRg

170 B
188 B

31ms
31ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmTQp4iCAwJjupDNVs06xFJZiYs1d93VgzTycg_S1vaRfVPdx-0EKOzl2wW5orlsG7K6IiZDZLd5XH2JmTRnnil0hW0G8OlVRg

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 26 Nov 2023 22:17:25 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 1801A750D09A4773B701F08C5134F629 Ref B: ZRHEDGE1213 Ref C: 2023-11-26T22:17:25Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmTQp4iCAwJjupDNVs06xFJZiYs1d93VgzTycg_S1vaRfVPdx-0EKOzl2wW5orlsG7K6IiZDZLd5XH2JmTRnnil0hW0G8OlVRg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYLFYzTF4ljODQqpNTeCA==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B382
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEJhonjUtyAwUmDvmxMPua8k&google_cver=1&google_push=AXcoOmQkN-M52pnKi-9cBXdyVpRiStptB_sYjxY25AJHV5Ilcs8SL7y8xG7MCOizGpazogERvFJRQNw0lB2cCWLVWsKmXhq...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEJhonjUtyAwUmDvmxMPua8k&google_cver=1&google_push=AXcoOmQkN-M52pnKi-9cBXdyVpRiStptB_sYjxY25AJHV5Ilcs8SL7y8xG7MCOizGpazogERvFJRQNw0lB2cCWLVWsKmX...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQkN-M52pnKi-9cBXdyVpRiStptB_sYjxY25AJHV5Ilcs8SL7y8xG7MCOizGpazogERvFJRQNw0lB2cCWLVWsKmXhqgAJmFNQ

170 B
188 B

31ms
31ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQkN-M52pnKi-9cBXdyVpRiStptB_sYjxY25AJHV5Ilcs8SL7y8xG7MCOizGpazogERvFJRQNw0lB2cCWLVWsKmXhqgAJmFNQ

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQkN-M52pnKi-9cBXdyVpRiStptB_sYjxY25AJHV5Ilcs8SL7y8xG7MCOizGpazogERvFJRQNw0lB2cCWLVWsKmXhqgAJmFNQ
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B382
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ysqLSgAoRSy0716MqRD9Sg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

30ms
30ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ysqLSgAoRSy0716MqRD9Sg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmTYpekjQz4LsRfvqGs-w6s-Q5ZDs7r0Nf4zEETYIpMp7bnvEyd23rguN-6dJuTKXCEG0rMSAPpfgi-rPYfPMjaCzbeSo-iZ

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ysqLSgAoRSy0716MqRD9Sg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmTYpekjQz4LsRfvqGs-w6s-Q5ZDs7r0Nf4zEETYIpMp7bnvEyd23rguN-6dJuTKXCEG0rMSAPpfgi-rPYfPMjaCzbeSo-iZ
date: Sun, 26 Nov 2023 22:17:24 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B382
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEH0vyDFaw45p_9bJ-9k1MBc&google_cver=1&google_push=AXcoOmRFDUEl9lV4KP9zAEf9m-pOewzA1_fDAgAf7zr3A-LjsK9OA8NMgn1oziNEgQx6mSSz6l-3StkJMDTOaUVQBSi8wN...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEH0vyDFaw45p_9bJ-9k1MBc&google_cver=1&google_push=AXcoOmRFDUEl9lV4KP9zAEf9m-pOewzA1_fDAgAf7zr3A-LjsK9OA8NMgn1oziNEgQx6mSSz6l-3StkJMDTOaUVQ...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=3FbQfG4nT42xRSIjeoZ-Yg&google_push=AXcoOmRFDUEl9lV4KP9zAEf9m-pOewzA1_fDAgAf7zr3A-LjsK9OA8NMgn1oziNEgQx6mSSz6l-3StkJMDTOaUV...

170 B
188 B

33ms
32ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=3FbQfG4nT42xRSIjeoZ-Yg&google_push=AXcoOmRFDUEl9lV4KP9zAEf9m-pOewzA1_fDAgAf7zr3A-LjsK9OA8NMgn1oziNEgQx6mSSz6l-3StkJMDTOaUVQBSi8wN6K0FWkhg

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=3FbQfG4nT42xRSIjeoZ-Yg&google_push=AXcoOmRFDUEl9lV4KP9zAEf9m-pOewzA1_fDAgAf7zr3A-LjsK9OA8NMgn1oziNEgQx6mSSz6l-3StkJMDTOaUVQBSi8wN6K0FWkhg
access-control-allow-origin: *
date: Sun, 26 Nov 2023 22:17:25 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

report
sync.teads.tv/um/ Frame B382
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEOeLXtwTUKCk...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=N2Y2NDYxMDktZjk2OS00ZjBlLTgzYWQtNjkwNjA0ZDI0MGMw&google_push=AXcoOmTEipqJoUfXt2cHZa-KDTkCo0Zc_SOMPjdkp3NwfDgYxXaprr7SSPAUDBNlkpPtV...
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

49ms
48ms

Image
image/gif

23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Protocol: H2
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Sun, 26 Nov 2023 22:17:25 GMT
pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B382
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEHYIWHagD...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=611e83c4-e9a2-4af9-ad1c-c1d25e314dda&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

31ms
31ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=611e83c4-e9a2-4af9-ad1c-c1d25e314dda&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=611e83c4-e9a2-4af9-ad1c-c1d25e314dda&%%GOOGLE_PUSH_PAIR%%
date: Sun, 26 Nov 2023 22:17:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B382 0
12 B 29ms
29ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jz8Oh4tOgUjLuC83XwgAulcQ1XCv0WZx6Lgpm1n713IrxlMY1f9uF0xbwf-L3kEQw75uMJZU4

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame D982 38 KB
13 KB 20ms
20ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 107954
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 16:18:11 GMT
expires: Sun, 24 Nov 2024 16:18:11 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0402 0
0 64ms
64ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssqaTZXrA6odwbJnjnbjlPVKDVMDnntxL8MGJ32IyebdkX0OT-RWdxp90ZgvwxVB_4_tLsfXjRYofE8bd0MxEXThrX72rSdcHy6AuTkRzRuORL7NuIaI9Xu7SaPmE2oqTwKkTqA8-tMU6zXmOuFuXk2htE1kp3dHExTpEiLdP2w7amJNwowMcwIhazDVqoHcdBlre0dqdf0L-nz5qlNAVED_wl-Vbol3WGAnRJHcpZIv09FgcEMuZZ6b-NoPhG5tSIhxVya9oekzhkxjEUUyggPAMxYv6DlYWsj4NGqzNKkPsFox1tTWsBI_Rr4x--22lGvUKW5PwXnn47N42ogiC6YAiu4177TXFIp6WphRUtteDAhjLD89a_nO9BXAL_RN9gDm0zVfLU6MgWiYzVEQiNMyyVLxUHh4KWKxazSzGmgSSEeJEKW2_3XBmmiDvTqq2SGcTk77jDixzmF4wZozXtjSnnllL3hyS3LsjrmxmxSlOJ8ZSJIpY8MO5fcVHgRN4wyzl2AgtG4avJXi4ZrSOl5o6TPL9ZgHrt-gKBcPzJLH_dnJETjGb11W3nU9VJX0zOfsiDkKMrpJQrhojWNShrsNPB81dpunXdXtjg4lWEfaOUd8uzDxMhE-MM6G5j1V5so6VCbc9MmlSZZPj_6LFzmW6XtUmQ3kNWy62vyUNjdi7FV8F-E8XABmxZgpGkiiqMJJwCnn-b1csf2RleD5p_FIZwIwVLHb4kFUHf-Nr08xgNQ54hY0YvjIIH7oLhjH1dMXwcJ5u9A1PrHx6xzNt9PK6sOM5NXPSOurZXByAcPG0AW1ldSOpLiTe33G4hpmTUBSoDssVF7GdfSJBD90wcuiAIbxiHxwLbV2gcChve_MAt-gFp9zrrYlKjtj8xH9hm51A5v8V32IlijvjOp1v9Yp8MknWoSAoGm87gJ_WR5YQ3cJ3a_M_1aOVvxpc2z2SzsALgqIP2PxlzlznS3nYtYCgscTfZ4Q7WtxJwPLCE2LR38SeHv26CVXD0SK8GzA1m5-iHBxTuUYjTWMjXaonZbdw9lplKYUOauYzwO6TPhk6QdD9fi5hnsrWsKSlID3pe7jckESIC_U7OLVfelM90sSmZykOwAWKcZwtVJB3k2iozNoNilHbx4eyz5BAYTeOIeluXNgsbmghFWQtHZ2ukWJmWvAL-M2-UTrmC8F7dYAmpCQO-tLfyn2QSR9pmz_M6AsXQXb5iXQIj2a8LQxK_QyRGVzI-deFITz4PpyyKPTz9SPbYqbuMde4Z6TIq7WQPM9RoptdyaGlaW22nzPGGYrjcx-X_rHf32pNKFunHoLfcuEfDjQeAHUvB7PpaY_qRea-NNtJCib00ehnZSCQVAyjvQFudnXORgK6g8R78uNOaco4xE4JtwI-k1bnHDjVngaTeAjbZ9cYpUBeliHhhX4bl8dvo4k04eEr9qvrJVGljAAbrhzFKAT1NUy0C1OUQup7y0zEFZpzmiwA&sai=AMfl-YQC5mCwE9IU28217dppzwDrYNBwsJxGy3BOGYQEJNi7jyxiGSzAn9T_sQsPyYDUUGrKKYFNgXumcMdiyZBYcJFQGYmV93-d3nR1ezWN9C6sPWQ0jdkO9XgjXKnoxPvfPhk0GMrSBghbnxFtD-iAA4no5Ve_bPKKxzu6e-WnQsoLAOiUgMBds6w-Xhz9sX-8tYPTg8-1P6nSrqHlVITnSorpgaVadvT47BjiyzJCK9UJ9nhUepvLs_bfN202ihdkLuIhoT-MSjF6EVLz6iGMFONTsvnH3D4&sig=Cg0ArKJSzELAyy03RnhBEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=72&cbvp=1&cisv=r20231109.16465&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 26 Nov 2023 22:17:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 1694420722340959135
s0.2mdn.net/simgad/ Frame 0402 31 KB
31 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/1694420722340959135

Requested by

Host: 2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
URL: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e11d0b5063c0889aea44c26cff42e0db870e02e303fca38299c2f1cb4675e463

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 23 Nov 2023 01:08:58 GMT
x-content-type-options: nosniff
age: 335307
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31678
x-xss-protection: 0
last-modified: Wed, 11 Oct 2023 09:02:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 22 Nov 2024 01:08:58 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 67E2 0
0 59ms
57ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvxoWK-IERd4iqTDLwUzkQzK5fGphiPb45z7SJpTJIRfg2H0U2Fvuet764rBXMlvva9u5GBSevCNi_62kGKnX750ZQUw061SIoe0VbEBzSjZplwuMABZViO1tf7MceyYhH59WcSp5t8znc_EzmEShrz2nJgEdpOjFQusErbhpdIIvtwGMqSFxhbKw_ECQQZwlqLnD4NhusCNam_GXe-yrbjv7n-zEcZAU7uGwYIjrAaP6SmzGa7-zhM5urC5Dt8wNKmHEoR6PTG3pmE7OgFkYPtOa0KTdh-N6MVqhbr1DY34chw09VS5mIzKnLG3LbG_XTQGg7YZA9KVQzBZqrxljV2ZA7ro5R0Nhv38M9sU3sv7l1Zolu-XvzBvJf_Iyp9-Wra8KQMK-bhP-k58n3-FYNXfxxxRZxLrEMbRuKvgdbC-8aFzmB_r2MMs5f4eUQChyAICRGeV-FMN5Z3bOLAQVOtzP_xnCln6AnH5HT234a4_t9TSwTVslgmpUGTRsVnuirKSaC4mjt5vdW2Mdh99l9_1xHBPCz4lxXsbGmxJGwTWY2OUUKTDSbBvbxvCGHsqNyLAyAsFDpn8B4dcHBAwIGk-JZdBoyuDaNJFgXfc93subbfPgoVelvyzfosv4W_Mbc_-ee4WK1edNBr7g6LEr2ePS6pO54TalfPPNw2WLtyTbf6w79Ve93fQkSmDCdCYINDTiirtwB0CvWDTkcBtjUHyeTif3S0nnmUlaBmk7Bsneb_xlOx4TqTcb31g-CUK2mcdQkMDE0PJma7S0Mc_LN_OQX4WnMG2xlSLLCvvWMa_91KitDbtTzUMP0o0_I_73jpJ8aZtO26-mYaVrv0lP8QYkfWye_F27vS24NFeaZ2uBINs6mwCR9CaglPwK6ob6T76yljDe8_zAREw1jfcQpk5ahA_2AabMomriYYbuA7WkjSoQd0pwfqACkHrOQU5X2qz0g6injizMrYiz9OiLIJCZd1XHvL4caqdSuPkZjhN6H3spLdVs7LVQ7PG2W1lK7tSgrbhHUOS2lxglsaxs9xP8Hwc46kzVAxSEX0QIz393VwJxC_u78arzbcFhgfMlIGTqIbRcxADjPT-GJhGokTZLeqrU-DYZUwxovBTeKyUD3eWqoKf2hnt0uBFJZSlLCXHlzDNUkJgqrXFwz-uHaUVF5BSJ_aBoyzDf6C1dOyEpibI8znmGGubvXuahmRrjIHQnBcq88TqQ3FnPE-kGqLFZs6RiKunMwqWZ9CnK33rgN73OxDjjYcltOl47iHTuRlqZacd9R_KB1jDQ3bV0K-z5gyD4ii45gzIfoZlvqhuIkEBKasGvxir2NKqObfz1wnG4mziCUq4R445z1b2fTjJeOaYb0q1M2iX7w0ldex5vpw5JZLQa1WIB6kn5YiY-RoZhnolE4LIWNME8qPxX9B7QQEz6zIuxXp-PF4PB9kjjm5dMHfpU7M87xVQD2UehIvfv-fnETprf3Odqdvg9WZ_dnAv9VEaLulICSi&sai=AMfl-YQDxGEMXqU2OsDmZVCtgxupSMHsvRTDAHSkrRjMWph0SaX5hsHFAjPD10xOdGQQztCxbn-vukMBydDVy1jQguzFn0EUf1E1eKPOYsztAZiXU-BsFiQyor60Cdp8Jh6lvRKEkx3fugXUWTZ9S5hymea24rH2mVFHbMbEYDbpSARhFIN-017kVdBDtJDbzXOq5jvby461E9Oh3uFlnN4clchr1EMqVwgLVFSzCTGLYB0LskKv3n2tbqRo5jp4Htshu7yP-d05RxpH_HAuj4i2LcfHId9IIunq-z7wedVsr8oZI6g-MAv9ownPg5zWB033Mr-FfwjuBgfcyF2_PUqlp0E51sn_WZmKbkKwpbUZy52SXPv_C1P3E_b3FVqcjAA_HeWnG6_52pgdOKCggqHPEOI9x4conyIUfqBS-aGJqqB3xZvaNg&sig=Cg0ArKJSzDREHJRjECb1EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=306&vt=11&dtpt=155&dett=3&cstd=146&cisv=r20231109.03611&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0402 0
0 59ms
59ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssqaTZXrA6odwbJnjnbjlPVKDVMDnntxL8MGJ32IyebdkX0OT-RWdxp90ZgvwxVB_4_tLsfXjRYofE8bd0MxEXThrX72rSdcHy6AuTkRzRuORL7NuIaI9Xu7SaPmE2oqTwKkTqA8-tMU6zXmOuFuXk2htE1kp3dHExTpEiLdP2w7amJNwowMcwIhazDVqoHcdBlre0dqdf0L-nz5qlNAVED_wl-Vbol3WGAnRJHcpZIv09FgcEMuZZ6b-NoPhG5tSIhxVya9oekzhkxjEUUyggPAMxYv6DlYWsj4NGqzNKkPsFox1tTWsBI_Rr4x--22lGvUKW5PwXnn47N42ogiC6YAiu4177TXFIp6WphRUtteDAhjLD89a_nO9BXAL_RN9gDm0zVfLU6MgWiYzVEQiNMyyVLxUHh4KWKxazSzGmgSSEeJEKW2_3XBmmiDvTqq2SGcTk77jDixzmF4wZozXtjSnnllL3hyS3LsjrmxmxSlOJ8ZSJIpY8MO5fcVHgRN4wyzl2AgtG4avJXi4ZrSOl5o6TPL9ZgHrt-gKBcPzJLH_dnJETjGb11W3nU9VJX0zOfsiDkKMrpJQrhojWNShrsNPB81dpunXdXtjg4lWEfaOUd8uzDxMhE-MM6G5j1V5so6VCbc9MmlSZZPj_6LFzmW6XtUmQ3kNWy62vyUNjdi7FV8F-E8XABmxZgpGkiiqMJJwCnn-b1csf2RleD5p_FIZwIwVLHb4kFUHf-Nr08xgNQ54hY0YvjIIH7oLhjH1dMXwcJ5u9A1PrHx6xzNt9PK6sOM5NXPSOurZXByAcPG0AW1ldSOpLiTe33G4hpmTUBSoDssVF7GdfSJBD90wcuiAIbxiHxwLbV2gcChve_MAt-gFp9zrrYlKjtj8xH9hm51A5v8V32IlijvjOp1v9Yp8MknWoSAoGm87gJ_WR5YQ3cJ3a_M_1aOVvxpc2z2SzsALgqIP2PxlzlznS3nYtYCgscTfZ4Q7WtxJwPLCE2LR38SeHv26CVXD0SK8GzA1m5-iHBxTuUYjTWMjXaonZbdw9lplKYUOauYzwO6TPhk6QdD9fi5hnsrWsKSlID3pe7jckESIC_U7OLVfelM90sSmZykOwAWKcZwtVJB3k2iozNoNilHbx4eyz5BAYTeOIeluXNgsbmghFWQtHZ2ukWJmWvAL-M2-UTrmC8F7dYAmpCQO-tLfyn2QSR9pmz_M6AsXQXb5iXQIj2a8LQxK_QyRGVzI-deFITz4PpyyKPTz9SPbYqbuMde4Z6TIq7WQPM9RoptdyaGlaW22nzPGGYrjcx-X_rHf32pNKFunHoLfcuEfDjQeAHUvB7PpaY_qRea-NNtJCib00ehnZSCQVAyjvQFudnXORgK6g8R78uNOaco4xE4JtwI-k1bnHDjVngaTeAjbZ9cYpUBeliHhhX4bl8dvo4k04eEr9qvrJVGljAAbrhzFKAT1NUy0C1OUQup7y0zEFZpzmiwA&sai=AMfl-YQC5mCwE9IU28217dppzwDrYNBwsJxGy3BOGYQEJNi7jyxiGSzAn9T_sQsPyYDUUGrKKYFNgXumcMdiyZBYcJFQGYmV93-d3nR1ezWN9C6sPWQ0jdkO9XgjXKnoxPvfPhk0GMrSBghbnxFtD-iAA4no5Ve_bPKKxzu6e-WnQsoLAOiUgMBds6w-Xhz9sX-8tYPTg8-1P6nSrqHlVITnSorpgaVadvT47BjiyzJCK9UJ9nhUepvLs_bfN202ihdkLuIhoT-MSjF6EVLz6iGMFONTsvnH3D4&sig=Cg0ArKJSzELAyy03RnhBEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=124&vt=11&dtpt=52&dett=3&cstd=120&cisv=r20231109.16465&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/7r3r2tuk9h3u

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 CH_EN_Stocks_Track4_Tools-2-ENCH-970x250-638326117443072680-102d336a-dbfe-4e4b-9e38-1fd955ed6d42.html Show response
s0.2mdn.net/sadbundle/15188330174727847936/ Frame D229 4 KB
1 KB 21ms
20ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15188330174727847936/CH_EN_Stocks_Track4_Tools-2-ENCH-970x250-638326117443072680-102d336a-dbfe-4e4b-9e38-1fd955ed6d42.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5d0b366aa5b710a89ead041863e9ba168855c900d342e2a12509f4f84b6f43a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 428084
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1417
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 21 Nov 2023 23:22:41 GMT
expires: Wed, 20 Nov 2024 23:22:41 GMT
last-modified: Wed, 11 Oct 2023 09:02:30 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame D982 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43237
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 56ms
56ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202311130101&jk=2159637305221331&bg=!HR6lHlHNAAZxrfrxUa07ADQBe5WfOFXMl7qDvj3wL2MkImdKuipy5X9OrUOM6_i3fJaK2z7RYxY8eKuBf7tzgGKebd0sAgAAAHtSAAAAAWgBB5kCxUsiQPdf3zghfLA8OhpH3xe4o3HcnE1VczQ7CUnlkpoqSAsrd6x_ioHccXu9JYnbZzltsR9txPWyQaDhtP9P9Xie5rSUaO5U8d5arn0WoSlqchrLtFw00uLgzx3L247kcvD-ULv_FIPl4AKg7NvLBO67-fxmhs--4Tt1MWvjMP1dnr8vzw33zm3R4t7arXiV_x4FuamQslaeJwxk6-WY1wdO3f2gO0pVFVaduyaZyr0oNFxRsrXRvgDvUBVzmL37S0MJ0Z-SOJdbLTkQnw7oGVRjP-Vxs4-AKBaIo2Jg3AJc1USf87KpCbikC95UiGYPD2e41TAQd9663aqP3sTxaXQeM04CbvrPgdRgq_L5kp1BTL-JoLDUZJzBs1tmw8MLgzF3uWF_o-eSDqE8puJwTn_iavighL-T2LMRzxcLf4f_8AXhTuFWMb6pkra4RL_T_l5B2DV96I9-_Fkhtowon3RyVytpWHsrGWITXXJRpcuXlVotaA6CnDl7hSNqQ8r2nWG3ZBXBE-P1Cn7_U1T_mtXKGEyRpv_qxrDEPMzFcR7U65jyFufh_eSuvWCV_b1jktcTPtq-dGvz_xc0NsHeWrn_tsl1DsqrqGHChmlR-BSpX58DT9qt--7JTRqp-5NtOq9F0rkemkLFeJKu6OK0-iBc4GprR30KvqqzIpyY4g7pGFTkajar_i98QI8nzt5L7w_1gumUEJTuyhDQzE_fAoKSeB5B-kaK48bb8ZokCHDRfubAvwU7tc1JppUSBURaXaxLLzrc1BCsQBdTlqwTJJqlz-MPJnkq6WO9eA_ESrXL_oGX18UjOo9wcFWZL23rSN8OIPaJ2jGBfa5kxZTDnpVesAAZepQXZeqHMZ6oItUB6MaB_32jZd4sBXFU09RwZC7g0ql5C_KrW_NsWHn7gZLg_w8j2JKo-F7m5rI6lVkn7-tcVic
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2913 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bbb4g9MNjZfyFFbHK7_UPsZSI0AUAAAAAOAHgBAI&bg=!0NOl05zNAAZxrfrxUa07ADQBe5WfONoIwmg7gGXUDWavSRtm2vJKHP3zNK6LHMPROH8SQvfCrs0HfY9Q4zrhKWKA0BcPAgAAAGdSAAAAAmgBB5kC_tiP5mHHhELcwEp9cugAcdXMxyf1uY8yoFVAFJVnw2BRW0AONFPGaExvZCgfgDmhq-Wj_yvTxFqN6efXEzZsSWSIl5-Fn3LS4EG_jvkwh2P4e2__5_cyN5AZEMtc3G97kXqOGvYgglLnN1wjI6lnySkSuvuCLZ-8cr59gm7Z0mG5RqVxcpAcwbuxOLVQtEBRMaHf78ZiiMyjWEJZewl_vVZ4AAGHQnJOfESNuwAFF4h1BJ7Bwmh_Dz_jVEwVs0msH7V0RNMcZUc-ZTZ6LMILQItzGxX2V_ufsNNXWdp0K1U7yHz6fJ8SSHyM2jgrXfF-eCD2oeCzQF5O_YXVmvOHYPY4i-qpexlYlAJjxUnfTsNNmalgpyv13-u5pcnUFzwStcdKV3OO4fwrNCdAxEVZYBSDZztpEM6meE2wdqiyHw3A2Xscb8unWBrrmD0mcBX27eMbGakQTmfs6SQW053u_DEkFSJoJlQwV321ZYzxY-x8JFf_96V7Bgu6ReiCLz80RhGHvVMavJLBVV6NhRL9tiXdIv9oHFsoyUVzxEIdSTTqMUixpToIRsUYeM5lfUT2ZcrSWVm93mw9UgOViIKPn7j6D__K8bTum7J3D7iLTB8T_RUUo1mmbGwPtQPChvxICSerWPSkJfzUZsCNn_xeSdJ-cbd0NWAr4wOUaRQqBtSawFBGlsmua4N3xtHoST5qj_RPhmu5hsSso96GKitIY9TBb9OX_1cR4EFic8VCvjVywOaY8ic1y75SLFw-cnqmqlkdfKKMCWnRA7tSJsFZ71gfmLyGSoeai-FJIn7niK-cE9GqfwUZUFIWFVS7kZca89ZEoZp_V7awDtsK-ZNkgkqhyyvOYCpwB_R7WqX8yF-DToUw0vr_5SpnTHq3LDGVdKTcY8qMo25EYg5fojvfI_KwEkB8Q4udpt9XsJn66SPUMlJg59oxFakWL7h3Rp5qs_d88fERDsB1NSMn0fk3hFjjvBZj1-fItdNWvYHPMpZF8CPm7BFKKhzhL0lzk3A

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 MuseoSans_100-webfont.woff2
s0.2mdn.net/creatives/assets/4466103/ Frame F350 17 KB
17 KB 20ms
20ms Font
font/woff2 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_100-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3296175846435323904/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80517662352655810cd94d92070d02d75b231c2159cb5b92e6c9b6ceb1bea2d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/style.css
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:15:18 GMT
x-content-type-options: nosniff
age: 127
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17148
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:00:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 22:30:18 GMT

GET
H3 200 MuseoSans_700-webfont.woff2
s0.2mdn.net/creatives/assets/4466103/ Frame F350 17 KB
17 KB 20ms
20ms Font
font/woff2 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_700-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3296175846435323904/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2408e86e87c5df52e8160530980e94acf40b083adb5f330abd9ad21b5b5f65e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/style.css
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:14:39 GMT
x-content-type-options: nosniff
age: 166
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17804
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:03:46 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 22:29:39 GMT

GET
H3 200 MuseoSans_300-webfont.woff2
s0.2mdn.net/creatives/assets/4466103/ Frame F350 17 KB
17 KB 20ms
20ms Font
font/woff2 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4466103/MuseoSans_300-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3296175846435323904/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

184d53ce0e02a39cd434b8dd66e2da3dd45c00bbc386ed2f3eaf4c2527c084ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/style.css
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:09:49 GMT
x-content-type-options: nosniff
age: 456
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17260
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 13:01:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Nov 2023 22:24:49 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F350 8 KB
6 KB 63ms
61ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b69386c30197ae317661d767f77180fede3bfcfcaa6162683eb25c9ed539096

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5930
x-xss-protection: 0

GET
H3 200 bg_Einstein_994x250-1_sprite_loop.jpg_1692717158981_bg_Einstein_994x250-1_sprite_loop.jpg
s0.2mdn.net/dynamic/2/11109586/s0.2mdn.net/creatives/assets/4860974/ Frame F350 621 KB
621 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11109586/s0.2mdn.net/creatives/assets/4860974/bg_Einstein_994x250-1_sprite_loop.jpg_1692717158981_bg_Einstein_994x250-1_sprite_loop.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ca4809bb58dd7abc8fba1b8ec903491c7748a0d116d0cddbb6f7ab6659900eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 21:00:15 GMT
x-content-type-options: nosniff
age: 177430
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 636263
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 15:12:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 23 Nov 2024 21:00:15 GMT

GET
H3 200 bg_Einstein_994x250-2_sprite_loop.jpg_1692717158981_bg_Einstein_994x250-2_sprite_loop.jpg
s0.2mdn.net/dynamic/2/11109586/s0.2mdn.net/creatives/assets/4860974/ Frame F350 618 KB
618 KB 27ms
26ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11109586/s0.2mdn.net/creatives/assets/4860974/bg_Einstein_994x250-2_sprite_loop.jpg_1692717158981_bg_Einstein_994x250-2_sprite_loop.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d26889f45a3c1df4e7d092ff5411f4ec7b16021b7adacb5d4ab9f6bd61f1fe0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 20 Nov 2023 18:13:18 GMT
x-content-type-options: nosniff
age: 533047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 632505
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 15:12:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 19 Nov 2024 18:13:18 GMT

GET
H3 200 bg_Einstein_994x250-3_sprite_loop.jpg_1692717158981_bg_Einstein_994x250-3_sprite_loop.jpg
s0.2mdn.net/dynamic/2/11109586/s0.2mdn.net/creatives/assets/4860974/ Frame F350 613 KB
614 KB 29ms
28ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11109586/s0.2mdn.net/creatives/assets/4860974/bg_Einstein_994x250-3_sprite_loop.jpg_1692717158981_bg_Einstein_994x250-3_sprite_loop.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f124772de384bd55715433695e6d32bb6cfc834eca655d65267ae90fa39b24b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 08:14:25 GMT
x-content-type-options: nosniff
age: 136980
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 628157
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 15:12:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 24 Nov 2024 08:14:25 GMT

GET
H3 200 blank.png_1692717158981_blank.png
s0.2mdn.net/dynamic/2/11109586/s0.2mdn.net/creatives/assets/4860974/ Frame F350 95 B
124 B 26ms
25ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11109586/s0.2mdn.net/creatives/assets/4860974/blank.png_1692717158981_blank.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 19:54:55 GMT
x-content-type-options: nosniff
age: 94950
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 15:12:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 24 Nov 2024 19:54:55 GMT

GET
H3 200 Most_Trusted_DE.png_1692717158981_Most_Trusted_DE.png
s0.2mdn.net/dynamic/2/11109586/s0.2mdn.net/creatives/assets/4860974/ Frame F350 16 KB
16 KB 25ms
25ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11109586/s0.2mdn.net/creatives/assets/4860974/Most_Trusted_DE.png_1692717158981_Most_Trusted_DE.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fabc70c55f40ea2f77fccc894b1b347219b5a8b03d3c9a5d14f49872573d4488

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3296175846435323904/index.html?e=69&leftOffset=0&topOffset=0&c=PPCtslYwuq&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 13:08:22 GMT
x-content-type-options: nosniff
age: 119343
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16628
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 15:12:49 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 24 Nov 2024 13:08:22 GMT

GET
H2 200 6526647e843eb9eeda762f3e Show response
c.bannerflow.net/a/ Frame D229 74 KB
25 KB 117ms
57ms Script
application/javascript 2606:4700::6811:ca6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/a/6526647e843eb9eeda762f3e?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvHXuvKOdpyWjDNYcZzsh7DhDBjHxEBMGoK9NWuUB7-LxJY-Z7dpgrKku6bKk_H6UqiSXqtQqe_W2UOHak7bQkgJATPEjvqHMsnwNSS6eNjUNT51R9DzUvqwyaHF96I4PMctXTfb4l_Q5VgGrNCda4mjLJJbwj1d7w6wlZJgNYbLTI8-Gy_JqsZYcSGsHCmPFACPNPSF4T3Lfp9tnqX5VqKovX-0MbuhZQWYdeh-6W8s5BrjotDNenfv_aTjZtAeVv06Fb__1jN5iS-21pm3DmhqMw-z0QfGp7-2LRdWOuGvv5FMIjKciQAzi9nB9s9p1VmgYEShkxtysrPWjJiXWCI3N_piKVFPPFmDIHiL578l33L6pz7Vsy3R35eyUtnO7nufThLnRIMiWpRrOHEg_Qgnfc1nBeEfdqSgb4am_Cm7O2MMCEzgoDEA2K4RQ8qZBoRVNZ4eWtxzLIMIuOgHDBj8h_56TVEQVkRSOC7WWBetkiakYdaz4PnaD1kvTRsxBloLusxrtjoYSSxe_9ifAq-W6ACkFNgey-mGf8oFJjDdtKy_DPbJRc2eGHRu7NE5A2i3ml3OcJmVOJG_eanVxMOKY_xCToUO77BQ5cNPAZ_EInJM2cLDsWbyKLjsyWe-CEpz5iAQSvLxeqvbVjSkU9gblO8NgsXdxiZrPtZKarMhF2agL6eZEDHFTRNyMg9Fa_Mun8d-2vMtasPeCJtNdOtMPyfA1s0mCtZ_FcpplfRDRezaT4ccZqFBEa9fdoBG28fOYZva-_RfDYv4YpTur_42eo_s-t7umP3X0vcHMRmtVcH-qNV_vJN_RmNO82ewoEbQBy56hDVd9-wwTnDoeg8qRCvSbVs9jZL4im-m_8LLE6A19D_eFiG1Jc9MUQMGLywxlkdBRdDDM47r4P6hyk9veMgPCQmz7sFY46DdEwST8nFsBP816JnrrEmK3WYa2QbMDQ7RgaNDPphTTxyRHnT3l8I6XejbVIEqorCq79ro9doEpiqXRWLYFRlu1H2YHbrV1-D_tQGDcVvl0QbutkZNRcecgsOHE2h8FDZH_2YALZEFtptlZB8CpMHV_aOYfgTo6ohAfO9e-ocXT_sQqLm_5QfEpkfVuV672RqLCZHi7BrTbrdX2S98cBxTmRdLMywd8HKMQGH6l6bm7Wdk6t3NpFk6o9fqHx8nriq0u4pL6deHuPHmawTEE40A-7wQIckfqfwStZSxkX11gv3I6bMtgO87bZCHE8vzxrImSOy_jPYUGJ6j2zUozEm0g0wvg9RYp2G6jt9if13abZ0fbev0bCsFz5MU7YIDngcpCWPQimOOZFFd9MAlEUyPXeRLPURRiknX9ESIwHibvmltyLJv9jabvGPr2N8XX-z_L6JzNiJBXlWnz25m_74l2XguLbbbpazczr1vT-Zd6_u7rc1uluuRWK5YiQOSgT7JS4Jp9xtDlUKIz7234_ojn6A03WnRmwDBbcubgdB%26sai%3DAMfl-YQZvGvqdyeG2sF-c_26Bo_jdXqbIZGqvHFipWdf93kcPo2uL3g9Ksr168XctL8CQbWZmrGN-UaknAWLFLbthbO-EhQFeCPeDymEdDdLZg2dkDqXcp2E4XjqZqycJAr3KOhaEOV0DhlJk2JN_eAyeM6wsPUOqSKi-PHzwke0ANwOVMMym2zdPWy6q34d2LdnFYMlz91NlL-xvIAa2SVT4cYNtktx3y4IIYEi-NS5j-GkWFAgY1EwIQ3KHcg-iZh_EbsceEbUWqtRd-5K5XnvJgO4xKDs7Cxp_vVu3q_IkQ%26sig%3DCg0ArKJSzKau7LaQQtCiEAE%26cry%3D1%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26rm_eid%3D5362262%26adurl%3Dhttps%253A%252F%252Fwww.home.saxo%252Fen-ch%252Fproducts%252Fstocks%253Fdclid%253D%2525edclid!%2526cmpid%253Ddisp_cm_1014735043_20642156636_524800797
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15188330174727847936/CH_EN_Stocks_Track4_Tools-2-ENCH-970x250-638326117443072680-102d336a-dbfe-4e4b-9e38-1fd955ed6d42.html?ev=01_250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ca6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c999659aefeb040a0e03e4ba21e74d444d1a78eb4bd90ae8855866ad4778a628

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:25 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 26 Nov 2023 22:17:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, s-maxage=10
cf-ray: 82c5805caa3a3c77-CDG
request-context: appId=cid-v1:1a5f66bd-0229-467a-a946-b3753e659ecb

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B1DA 0
20 B 57ms
57ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BTl6i9MNjZcr-FLqL7_UPz4y9-AkAAAAAOAHgBAI&bg=!FBelF1jNAAZxrfrxUa07ADQBe5WfOEB_VikcLrFeHqQYf_C58uYtMAAXmTXwzVnAZvHn5E9KbxUday8xQh30ZsstabU9AgAAAGRSAAAAAmgBB5kDaZXL5-kvt0MKsaM6__EQMrThVcS8HbDG9ki5bs20Rqa6B7DV0HOgzycTZRfk-c1-s5fmYVGItnKfCsDiFZ0S80GuEBCT2BLRoY2RmU8jl08cIS_P9Y-S5pM6D2izoi_FemaC-D8julxQAJRH3lS6UWRiP94CaVWVIidJ0Kos1Dqdp2UJshxKwuhBMz2qBWTGVlTqWFHx8zqcLgYkH0uWkiQutlCYNgHNYUVajLixWnFLqdX3TTHWJNkfpEWx681vOgjjXr0VbIMvsRQOQenbqWyLxHxtU0LRV9nt_PCkWoU4v17fRdi3h-pm9oM-LDp0MCDpAX2aNCD-spkdTQEnbUcqZlwQiTTLYkCa3XK2IfbtXMYtZBM9jF9unsUgxq4W2ukd2mHpdUxeXTPElHTiWJAT5-nGfXGpCBjwKo87C-xuuJXthF9ZLxX0orcZ_Lf67K7InkKTDtA4s8yAukvrrFJhxsJ39yf-7qwiNzbGcb0C_aHUFY3kmzXs2geXPoaceZSKokPDH__h8RAGZHormnJfUaWjK-DkO1X5YSxRM2DOUumHUoVOnSoknsZ5RxZzzqgWql6EFYNFKKSj9dTL75YxhmSyamT04hcXjaDfIW6sgvLkZ4on30-adAGdeGnfcfzOTANvTjisWEas90ChCqiHVhiHt2konTbxUCibKeLtd_lc0iLIKtlpDDmxywGHaRv7bxukThPNUUnKBmEVqY5J3ZzRuPcKGWCmkxwYec_IpLJMgrEwt28V8zE280tqRWHmhJKdVQJVXgVL66G4FhNgk6lw_mwjI4XWkYM56JOpeovo1BEjNJuTHO4NjOStFFZTVTvhuOmEcdE1FkF80_GHjqXhoGLJySAM4dcq3WeSjFjo4BHH2TCfRa1rdiknntn3nN-3OBAOY9j_lKWLBSIF1zXgrO7gTeVrcpOXdkDezdijOeDKSoBNvP_PJoj_RSI4wsYqeiDM75g5LZCga23mHEQeadzjguOSRbd-VBn40wMlFrZkc1jO620hyQZsBlpTI31YFHDaSjUFrujlXxNrxg-XlF7t5SoqhND-vEhTkXLPl2d98QCVfZeYzglfNDeFgmyQHyEbirsYE_zB83ZjxV8drCzW40cgfT6z9v0NuNqM8p6zURKS7lILr8vxKLivdwO6ir4_ig

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F350 17 KB
6 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 26 Nov 2023 22:17:25 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D982 0
20 B 57ms
56ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BHGSA9MNjZbnQNJadjuwPyOKTgAkAAAAAOAHgBAI&bg=!_P-l_7DNAAZxrfrxUa07ADQBe5WfOKo1pD3azxIrGELnDLNrkW38IGm2bQfBmgX_bENZf5YYJGwnOESxzhWdcBfd82AGAgAAAD9SAAAAAWgBB5kDD44GwBV_iA9cS0a5YMbCw7z5M26SiUKJipKEoMDRvQQf2hdh901wpGTA8CwvvvuWtHbC8zdO_ckuPbEKg__baOP5twkrXgAq9MDSrps2gSUVBoqq-5yv3BLITMujNoS_8uKhvDtyzjBbveSmLMPXDJZcQ_lkfGAkhm6FqSptTsNeDV_TEvYrCGcfAYUGXms6qut0osgVWshy7M1lgUP-Hsfh16-tsgqFUNn0OX6NZCzwJMuUaZ2mSpLUVz7BP4Kr47vcc4EPMmqkhEHuHWJPe6J69JNIPucoSkFJDipfMifVomDl6vwuhcxTFWQJmqR5uiKHbnGyn9OZOxP4WO58446ZLjRgTRwCAQkDAvMphZ-InCdnrsVYQ2Ay4X10r9mHccH7kdOSDA7VkTBUGDbff5j3AgBtREXZp2475eiGo4hbm2OQrLkmZsrzGknH7TZ3HazvwTykUfe4nEOiBvbKsZtVcYXFwVZ7GAM6IWB8yQGBwrtLBOD7w4HlaVmsIiByJAr0ObZy6X23SlhSEQZEB7DUjOM5XuY0AgHdcccmmgL4X65S8-5-N2sk3chzaRJ9Qiczt0_mKtLeBbpsbyPz0wSAyChDeUstNu9acf-Kt74yvTEIVTX-XKnzo7d0cckl3FKBqpCq0rqubLmudEP41dzxYMmAIJmje79lHoqvmiG7cWVgBYV4EHgpeDqWrwm0HCHwFx5TpSn3JxNJtLisELkxVIqyTCLrYZWcZiUUkt9CP6vyzczZSQANDTyfN6Dz67Sss1pthsaRmy2cHTekAYuoyI2kRWc_4L1qt6xw4TlouPLS8fWmEn2UTXPO-cNRCeO5Hze41islcD_08TR23UFtL92QQhQX9iYWAUbjuq_6rTixsJOIvKDK1MJggT55f7FzJioEDLEMoP4Ck2XOGhkwAlWh1RrWpGRgKYWFIcfNhIWOQmfyG0tzpxBV20O1RlshWM8oOZiMWho2SvJ7Vz8qoC096YFCK6-cKpthg2bORhkt6A2PdzgzxjA3Eb4lZ5XKSPa5INa1_Olsbkj3cA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 9FE7 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:16:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43237
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 10:16:48 GMT

GET
H2 200 widget.e53c0145f118df2f5218.js Show response
c.bannerflow.net/scripts/ Frame D229 24 KB
9 KB 31ms
30ms Script
application/javascript 2606:4700::6811:ca6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/scripts/widget.e53c0145f118df2f5218.js
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/6526647e843eb9eeda762f3e?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvHXuvKOdpyWjDNYcZzsh7DhDBjHxEBMGoK9NWuUB7-LxJY-Z7dpgrKku6bKk_H6UqiSXqtQqe_W2UOHak7bQkgJATPEjvqHMsnwNSS6eNjUNT51R9DzUvqwyaHF96I4PMctXTfb4l_Q5VgGrNCda4mjLJJbwj1d7w6wlZJgNYbLTI8-Gy_JqsZYcSGsHCmPFACPNPSF4T3Lfp9tnqX5VqKovX-0MbuhZQWYdeh-6W8s5BrjotDNenfv_aTjZtAeVv06Fb__1jN5iS-21pm3DmhqMw-z0QfGp7-2LRdWOuGvv5FMIjKciQAzi9nB9s9p1VmgYEShkxtysrPWjJiXWCI3N_piKVFPPFmDIHiL578l33L6pz7Vsy3R35eyUtnO7nufThLnRIMiWpRrOHEg_Qgnfc1nBeEfdqSgb4am_Cm7O2MMCEzgoDEA2K4RQ8qZBoRVNZ4eWtxzLIMIuOgHDBj8h_56TVEQVkRSOC7WWBetkiakYdaz4PnaD1kvTRsxBloLusxrtjoYSSxe_9ifAq-W6ACkFNgey-mGf8oFJjDdtKy_DPbJRc2eGHRu7NE5A2i3ml3OcJmVOJG_eanVxMOKY_xCToUO77BQ5cNPAZ_EInJM2cLDsWbyKLjsyWe-CEpz5iAQSvLxeqvbVjSkU9gblO8NgsXdxiZrPtZKarMhF2agL6eZEDHFTRNyMg9Fa_Mun8d-2vMtasPeCJtNdOtMPyfA1s0mCtZ_FcpplfRDRezaT4ccZqFBEa9fdoBG28fOYZva-_RfDYv4YpTur_42eo_s-t7umP3X0vcHMRmtVcH-qNV_vJN_RmNO82ewoEbQBy56hDVd9-wwTnDoeg8qRCvSbVs9jZL4im-m_8LLE6A19D_eFiG1Jc9MUQMGLywxlkdBRdDDM47r4P6hyk9veMgPCQmz7sFY46DdEwST8nFsBP816JnrrEmK3WYa2QbMDQ7RgaNDPphTTxyRHnT3l8I6XejbVIEqorCq79ro9doEpiqXRWLYFRlu1H2YHbrV1-D_tQGDcVvl0QbutkZNRcecgsOHE2h8FDZH_2YALZEFtptlZB8CpMHV_aOYfgTo6ohAfO9e-ocXT_sQqLm_5QfEpkfVuV672RqLCZHi7BrTbrdX2S98cBxTmRdLMywd8HKMQGH6l6bm7Wdk6t3NpFk6o9fqHx8nriq0u4pL6deHuPHmawTEE40A-7wQIckfqfwStZSxkX11gv3I6bMtgO87bZCHE8vzxrImSOy_jPYUGJ6j2zUozEm0g0wvg9RYp2G6jt9if13abZ0fbev0bCsFz5MU7YIDngcpCWPQimOOZFFd9MAlEUyPXeRLPURRiknX9ESIwHibvmltyLJv9jabvGPr2N8XX-z_L6JzNiJBXlWnz25m_74l2XguLbbbpazczr1vT-Zd6_u7rc1uluuRWK5YiQOSgT7JS4Jp9xtDlUKIz7234_ojn6A03WnRmwDBbcubgdB%26sai%3DAMfl-YQZvGvqdyeG2sF-c_26Bo_jdXqbIZGqvHFipWdf93kcPo2uL3g9Ksr168XctL8CQbWZmrGN-UaknAWLFLbthbO-EhQFeCPeDymEdDdLZg2dkDqXcp2E4XjqZqycJAr3KOhaEOV0DhlJk2JN_eAyeM6wsPUOqSKi-PHzwke0ANwOVMMym2zdPWy6q34d2LdnFYMlz91NlL-xvIAa2SVT4cYNtktx3y4IIYEi-NS5j-GkWFAgY1EwIQ3KHcg-iZh_EbsceEbUWqtRd-5K5XnvJgO4xKDs7Cxp_vVu3q_IkQ%26sig%3DCg0ArKJSzKau7LaQQtCiEAE%26cry%3D1%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26rm_eid%3D5362262%26adurl%3Dhttps%253A%252F%252Fwww.home.saxo%252Fen-ch%252Fproducts%252Fstocks%253Fdclid%253D%2525edclid!%2526cmpid%253Ddisp_cm_1014735043_20642156636_524800797
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ca6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ccc73644afcea0862b8aec123ddee9e17c8a2cd8e82f8526e63700a5d4e4e3cf

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 26 Nov 2023 22:17:25 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: O/JEW+6nwDFyi4qO2v1f5Q==
age: 1456670
cf-polished: origSize=24228
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Fri, 18 Aug 2023 11:29:30 GMT
server: cloudflare
etag: W/"0x8DB9FDE635FCEFB"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b1be7459-401e-003e-6576-1342ac000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2011-08-18
cf-ray: 82c5805d3acf3c77-CDG

GET
H2 200 document.000000BA074610.js Show response
c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/published/4731308/6325508/ Frame D229 124 KB
29 KB 33ms
33ms Script
application/javascript 2606:4700::6811:ca6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/published/4731308/6325508/document.000000BA074610.js
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/6526647e843eb9eeda762f3e?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvHXuvKOdpyWjDNYcZzsh7DhDBjHxEBMGoK9NWuUB7-LxJY-Z7dpgrKku6bKk_H6UqiSXqtQqe_W2UOHak7bQkgJATPEjvqHMsnwNSS6eNjUNT51R9DzUvqwyaHF96I4PMctXTfb4l_Q5VgGrNCda4mjLJJbwj1d7w6wlZJgNYbLTI8-Gy_JqsZYcSGsHCmPFACPNPSF4T3Lfp9tnqX5VqKovX-0MbuhZQWYdeh-6W8s5BrjotDNenfv_aTjZtAeVv06Fb__1jN5iS-21pm3DmhqMw-z0QfGp7-2LRdWOuGvv5FMIjKciQAzi9nB9s9p1VmgYEShkxtysrPWjJiXWCI3N_piKVFPPFmDIHiL578l33L6pz7Vsy3R35eyUtnO7nufThLnRIMiWpRrOHEg_Qgnfc1nBeEfdqSgb4am_Cm7O2MMCEzgoDEA2K4RQ8qZBoRVNZ4eWtxzLIMIuOgHDBj8h_56TVEQVkRSOC7WWBetkiakYdaz4PnaD1kvTRsxBloLusxrtjoYSSxe_9ifAq-W6ACkFNgey-mGf8oFJjDdtKy_DPbJRc2eGHRu7NE5A2i3ml3OcJmVOJG_eanVxMOKY_xCToUO77BQ5cNPAZ_EInJM2cLDsWbyKLjsyWe-CEpz5iAQSvLxeqvbVjSkU9gblO8NgsXdxiZrPtZKarMhF2agL6eZEDHFTRNyMg9Fa_Mun8d-2vMtasPeCJtNdOtMPyfA1s0mCtZ_FcpplfRDRezaT4ccZqFBEa9fdoBG28fOYZva-_RfDYv4YpTur_42eo_s-t7umP3X0vcHMRmtVcH-qNV_vJN_RmNO82ewoEbQBy56hDVd9-wwTnDoeg8qRCvSbVs9jZL4im-m_8LLE6A19D_eFiG1Jc9MUQMGLywxlkdBRdDDM47r4P6hyk9veMgPCQmz7sFY46DdEwST8nFsBP816JnrrEmK3WYa2QbMDQ7RgaNDPphTTxyRHnT3l8I6XejbVIEqorCq79ro9doEpiqXRWLYFRlu1H2YHbrV1-D_tQGDcVvl0QbutkZNRcecgsOHE2h8FDZH_2YALZEFtptlZB8CpMHV_aOYfgTo6ohAfO9e-ocXT_sQqLm_5QfEpkfVuV672RqLCZHi7BrTbrdX2S98cBxTmRdLMywd8HKMQGH6l6bm7Wdk6t3NpFk6o9fqHx8nriq0u4pL6deHuPHmawTEE40A-7wQIckfqfwStZSxkX11gv3I6bMtgO87bZCHE8vzxrImSOy_jPYUGJ6j2zUozEm0g0wvg9RYp2G6jt9if13abZ0fbev0bCsFz5MU7YIDngcpCWPQimOOZFFd9MAlEUyPXeRLPURRiknX9ESIwHibvmltyLJv9jabvGPr2N8XX-z_L6JzNiJBXlWnz25m_74l2XguLbbbpazczr1vT-Zd6_u7rc1uluuRWK5YiQOSgT7JS4Jp9xtDlUKIz7234_ojn6A03WnRmwDBbcubgdB%26sai%3DAMfl-YQZvGvqdyeG2sF-c_26Bo_jdXqbIZGqvHFipWdf93kcPo2uL3g9Ksr168XctL8CQbWZmrGN-UaknAWLFLbthbO-EhQFeCPeDymEdDdLZg2dkDqXcp2E4XjqZqycJAr3KOhaEOV0DhlJk2JN_eAyeM6wsPUOqSKi-PHzwke0ANwOVMMym2zdPWy6q34d2LdnFYMlz91NlL-xvIAa2SVT4cYNtktx3y4IIYEi-NS5j-GkWFAgY1EwIQ3KHcg-iZh_EbsceEbUWqtRd-5K5XnvJgO4xKDs7Cxp_vVu3q_IkQ%26sig%3DCg0ArKJSzKau7LaQQtCiEAE%26cry%3D1%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26rm_eid%3D5362262%26adurl%3Dhttps%253A%252F%252Fwww.home.saxo%252Fen-ch%252Fproducts%252Fstocks%253Fdclid%253D%2525edclid!%2526cmpid%253Ddisp_cm_1014735043_20642156636_524800797
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ca6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7c2174fe8b71022bd85d239b639f1be86df5b16ca6ef6937404f7d53ece648e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 26 Nov 2023 22:17:25 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: fDo+53yKU69C0W4eXkltCg==
age: 1350040
cf-polished: origSize=133130
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Thu, 07 Sep 2023 10:55:39 GMT
server: cloudflare
etag: W/"0x8DBAF90F96AB0E3"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 4b7e2a66-601e-0016-386f-142304000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2011-08-18
cf-ray: 82c5805d3ad03c77-CDG

GET
H2 200 animated-creative.b105a4e6577fb08357fd.js Show response
c.bannerflow.net/scripts/ Frame D229 156 KB
53 KB 36ms
36ms Script
application/javascript 2606:4700::6811:ca6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/scripts/animated-creative.b105a4e6577fb08357fd.js
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/6526647e843eb9eeda762f3e?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvHXuvKOdpyWjDNYcZzsh7DhDBjHxEBMGoK9NWuUB7-LxJY-Z7dpgrKku6bKk_H6UqiSXqtQqe_W2UOHak7bQkgJATPEjvqHMsnwNSS6eNjUNT51R9DzUvqwyaHF96I4PMctXTfb4l_Q5VgGrNCda4mjLJJbwj1d7w6wlZJgNYbLTI8-Gy_JqsZYcSGsHCmPFACPNPSF4T3Lfp9tnqX5VqKovX-0MbuhZQWYdeh-6W8s5BrjotDNenfv_aTjZtAeVv06Fb__1jN5iS-21pm3DmhqMw-z0QfGp7-2LRdWOuGvv5FMIjKciQAzi9nB9s9p1VmgYEShkxtysrPWjJiXWCI3N_piKVFPPFmDIHiL578l33L6pz7Vsy3R35eyUtnO7nufThLnRIMiWpRrOHEg_Qgnfc1nBeEfdqSgb4am_Cm7O2MMCEzgoDEA2K4RQ8qZBoRVNZ4eWtxzLIMIuOgHDBj8h_56TVEQVkRSOC7WWBetkiakYdaz4PnaD1kvTRsxBloLusxrtjoYSSxe_9ifAq-W6ACkFNgey-mGf8oFJjDdtKy_DPbJRc2eGHRu7NE5A2i3ml3OcJmVOJG_eanVxMOKY_xCToUO77BQ5cNPAZ_EInJM2cLDsWbyKLjsyWe-CEpz5iAQSvLxeqvbVjSkU9gblO8NgsXdxiZrPtZKarMhF2agL6eZEDHFTRNyMg9Fa_Mun8d-2vMtasPeCJtNdOtMPyfA1s0mCtZ_FcpplfRDRezaT4ccZqFBEa9fdoBG28fOYZva-_RfDYv4YpTur_42eo_s-t7umP3X0vcHMRmtVcH-qNV_vJN_RmNO82ewoEbQBy56hDVd9-wwTnDoeg8qRCvSbVs9jZL4im-m_8LLE6A19D_eFiG1Jc9MUQMGLywxlkdBRdDDM47r4P6hyk9veMgPCQmz7sFY46DdEwST8nFsBP816JnrrEmK3WYa2QbMDQ7RgaNDPphTTxyRHnT3l8I6XejbVIEqorCq79ro9doEpiqXRWLYFRlu1H2YHbrV1-D_tQGDcVvl0QbutkZNRcecgsOHE2h8FDZH_2YALZEFtptlZB8CpMHV_aOYfgTo6ohAfO9e-ocXT_sQqLm_5QfEpkfVuV672RqLCZHi7BrTbrdX2S98cBxTmRdLMywd8HKMQGH6l6bm7Wdk6t3NpFk6o9fqHx8nriq0u4pL6deHuPHmawTEE40A-7wQIckfqfwStZSxkX11gv3I6bMtgO87bZCHE8vzxrImSOy_jPYUGJ6j2zUozEm0g0wvg9RYp2G6jt9if13abZ0fbev0bCsFz5MU7YIDngcpCWPQimOOZFFd9MAlEUyPXeRLPURRiknX9ESIwHibvmltyLJv9jabvGPr2N8XX-z_L6JzNiJBXlWnz25m_74l2XguLbbbpazczr1vT-Zd6_u7rc1uluuRWK5YiQOSgT7JS4Jp9xtDlUKIz7234_ojn6A03WnRmwDBbcubgdB%26sai%3DAMfl-YQZvGvqdyeG2sF-c_26Bo_jdXqbIZGqvHFipWdf93kcPo2uL3g9Ksr168XctL8CQbWZmrGN-UaknAWLFLbthbO-EhQFeCPeDymEdDdLZg2dkDqXcp2E4XjqZqycJAr3KOhaEOV0DhlJk2JN_eAyeM6wsPUOqSKi-PHzwke0ANwOVMMym2zdPWy6q34d2LdnFYMlz91NlL-xvIAa2SVT4cYNtktx3y4IIYEi-NS5j-GkWFAgY1EwIQ3KHcg-iZh_EbsceEbUWqtRd-5K5XnvJgO4xKDs7Cxp_vVu3q_IkQ%26sig%3DCg0ArKJSzKau7LaQQtCiEAE%26cry%3D1%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26rm_eid%3D5362262%26adurl%3Dhttps%253A%252F%252Fwww.home.saxo%252Fen-ch%252Fproducts%252Fstocks%253Fdclid%253D%2525edclid!%2526cmpid%253Ddisp_cm_1014735043_20642156636_524800797
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ca6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80c1a71b0825d5c2a91d238da77ede821f8df46b20974aa774f5bc03aefe6a45

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 26 Nov 2023 22:17:25 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: lEV9j3pUvMgu01szZkbLog==
age: 2301853
cf-polished: origSize=159577
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Thu, 31 Aug 2023 09:36:51 GMT
server: cloudflare
etag: W/"0x8DBAA05CE239A64"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 1cf3bb30-f01e-0014-5cc6-0ba549000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2011-08-18
cf-ray: 82c5805d3ad13c77-CDG

GET
DATA 200
OK truncated
/ Frame D229 66 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
BLOB 200
OK 25cb059b-67a5-488c-b82c-a11301e80572 Show response
https://s0.2mdn.net/ Frame F840 668 B
0 Script
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://s0.2mdn.net/25cb059b-67a5-488c-b82c-a11301e80572
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/scripts/animated-creative.b105a4e6577fb08357fd.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 668
Content-Type

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0D02 42 B
64 B 58ms
57ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuN9hstEb4A-CVXcPjPdbwiwUhqGP8B4ZaK5gynZy-w5lnOCtBomT-HbVhNPcaBCzPMvwDYMSISt4vvoU5bOhKBu-hqnN-4BNj_nh1ag_gu2HURBZuAHiC50tKQd6lLQCE9I2djz0lr6g&sai=AMfl-YQJPVtZh9klKACBh-QA4l8d6meJe4VZiU4T2FB6j4dqcx-wXvDsGx_KrrtN1VDOBbr6bNzxo-wZPmaR63uDE3zGNWAseg2suryxDslUroRnr6zxQ05hACKMRQLSF5L_a9Ur_pif72FNKMgWYLCI&sig=Cg0ArKJSzP1xa0t-Cf1hEAE&cid=CAQSTgDICaaNA5hsswmp047RunG7MUCl8lI0brR1-_UHly0I9sVZk_SRfSMhK4HjrXvNxQ__WksmvlzezAteM0GES_z2Sum8rWNXxpQ_gvSkrhgB&id=lidar2&mcvt=1007&p=611,315,861,1285&mtos=1007,1007,1007,1007,1007&tos=1007,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=554408032&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701037044287&rpt=190&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 font
c.bannerflow.net/fs/api/v2/ Frame D229 20 KB
21 KB 83ms
33ms Font
font/woff 2606:4700::6811:ca6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F5a0d39df4b0d911948f0e725%2F80e96a5f-eddf-4121-a75c-0206e164272c.woff&t=%20%2C.ABLTabcdefghiklmnoprstuvwxy
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15188330174727847936/CH_EN_Stocks_Track4_Tools-2-ENCH-970x250-638326117443072680-102d336a-dbfe-4e4b-9e38-1fd955ed6d42.html?ev=01_250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ca6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1b8b8e9a3c52646733826d2a3a30fbe6c3ae5e1d077fa1789cfc68dce3a55f7

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:25 GMT
cf-cache-status: HIT
last-modified: Sat, 11 Nov 2023 06:59:22 GMT
server: cloudflare
age: 1351083
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition: attachment; filename=80e96a5f-eddf-4121-a75c-0206e164272c-subset.woff
cf-ray: 82c5805ecb3e3c71-CDG
expires: Sun, 10 Nov 2024 06:59:22 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 77C5 42 B
64 B 58ms
57ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst8Esbo3ITDixfaCyAbICfx6TCX35x6-3n45oi26fWTx8mrhSV3wYCtaMszrmeAYzZlee-oSJbrtFFR_hj_TF8hkEyQKpMnAMrJYIskmaTVzS6OLlz7zYS9WMGZiTdzvRDbmgl5IxWXdQ&sai=AMfl-YSpY0LFblxuAru1K2g2pKFho805MkNNpz2_WyQHAkmnnFqALtx8TYLq0fqqSD2pRC_9NQ-Ra0Pm2t_NMhra1EjVNdJO2qJAh_sg0ILzTIfgUZ5ciqftJdhJFCsVWCurz5bx8y8Zq_ywPiT_BOWZ&sig=Cg0ArKJSzGLlGhu-hV61EAE&cid=CAQSTgDICaaNbV0gkyEGT8GirZwpL2bWVrykUfmBbqNhZYLp-1K4CFC-_FMSbPu_c2H8VsxMjQg3lVaZoo_ygT9wAWARchHZHQZde5CCaSr1jRgB&id=lidar2&mcvt=1000&p=231,315,481,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2746787995&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701037044391&rpt=170&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 font
c.bannerflow.net/fs/api/v2/ Frame D229 4 KB
4 KB 31ms
31ms Font
font/woff 2606:4700::6811:ca6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F5a0d39df4b0d911948f0e725%2F0f63eea9-bff4-46f1-b0c4-c0bc6ce3911c.woff&t=%20Tadenorw
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15188330174727847936/CH_EN_Stocks_Track4_Tools-2-ENCH-970x250-638326117443072680-102d336a-dbfe-4e4b-9e38-1fd955ed6d42.html?ev=01_250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ca6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f20c18f7c0f055e9c16a7371a5293728674a4658225b0a45cbb132b8d614df43

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:25 GMT
cf-cache-status: HIT
last-modified: Wed, 01 Nov 2023 12:29:43 GMT
server: cloudflare
age: 2195262
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition: attachment; filename=0f63eea9-bff4-46f1-b0c4-c0bc6ce3911c-subset.woff
cf-ray: 82c5805f0b863c71-CDG
expires: Thu, 31 Oct 2024 12:29:43 GMT

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame 020C 3 KB
3 KB 33ms
33ms Image
image/webp 2606:4700::6811:ca6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fsaxo-bank%2F5a0d3b1088665f7354f5da6c%2Fimages%2F9f0ed779-182e-4c28-adce-8e9c63d05cba.png&w=215&h=311&q=99&f=webp&rt=contain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ca6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59c709c3b953b4bbb1b4bebaa3092c08577304b9506ea8e56c0ac6a65289224d

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:25 GMT
cf-cache-status: HIT
last-modified: Sun, 26 Nov 2023 07:11:55 GMT
api-supported-versions: 2.0
server: cloudflare
age: 54330
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 82c5805f5d093c77-CDG
content-length: 2590
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 200 9385cbed-00ad-4793-94f1-014c2e89e9b8.svg
c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/images/ Frame 020C 217 B
448 B 30ms
30ms Image
image/svg+xml 2606:4700::6811:ca6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/images/9385cbed-00ad-4793-94f1-014c2e89e9b8.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ca6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58550bfbd57abaa8f64bf8a14889e10a3726eaea36bf0c08a9f613fc29916c17

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 26 Nov 2023 22:17:25 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: jWK2YKDGtOC5ylmcMWhtkw==
age: 2238
x-ms-lease-status: unlocked
last-modified: Thu, 22 Sep 2022 09:21:09 GMT
server: cloudflare
etag: W/"0x8DA9C7BC8F9699C"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 661ded2d-701e-0068-553a-0d8bb6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version: 2011-08-18
cf-ray: 82c5805f5d0a3c77-CDG

GET
H2 200 301871cb-4ee2-47fb-a505-d8a1e2677930.svg
c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/images/ Frame 020C 152 B
334 B 33ms
32ms Image
image/svg+xml 2606:4700::6811:ca6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/images/301871cb-4ee2-47fb-a505-d8a1e2677930.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ca6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 307279644d7cf64dc9ee86371da7a27bb581695aeef145df65476f1f0364b990

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 26 Nov 2023 22:17:25 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: lx/tqoPhxe1djqV9/qEdwQ==
age: 284
x-ms-lease-status: unlocked
last-modified: Tue, 27 Sep 2022 13:23:17 GMT
server: cloudflare
etag: W/"0x8DAA08B70B1F9D9"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 6c7be7f8-701e-0035-74f1-11b9c7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version: 2011-08-18
cf-ray: 82c5805f5d0c3c77-CDG

GET
H2 200 7d56cabf-5616-4f5c-98e3-0898795d6f2c.svg
c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/images/ Frame 020C 361 B
349 B 31ms
31ms Image
image/svg+xml 2606:4700::6811:ca6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/accounts/saxo-bank/5a0d3b1088665f7354f5da6c/images/7d56cabf-5616-4f5c-98e3-0898795d6f2c.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ca6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 148786284342af63df57c33534fa5940616d81a9d181b789016dfdc2c26f1da5

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 26 Nov 2023 22:17:25 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: RUbP+sQxMgp/o5unKdEvSg==
age: 4922
x-ms-lease-status: unlocked
last-modified: Tue, 13 Dec 2022 12:36:07 GMT
server: cloudflare
etag: W/"0x8DADD069B8C58B6"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 8d7be33f-401e-003e-5ba0-1342ac000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version: 2011-08-18
cf-ray: 82c5805f5d0d3c77-CDG

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame 020C 3 KB
3 KB 32ms
32ms Image
image/webp 2606:4700::6811:ca6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fsaxo-bank%2F5a0d3b1088665f7354f5da6c%2Fimages%2Fd3bc406b-e9da-4faa-b2a9-03d21dd7d364.png&w=134&h=60&q=99&f=webp&rt=contain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ca6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a28283a9b717b42cd3970f0707475394e6c5b2a678f354bc25027d0cad00b17

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 22:17:25 GMT
cf-cache-status: HIT
last-modified: Sun, 26 Nov 2023 08:09:06 GMT
api-supported-versions: 2.0
server: cloudflare
age: 50899
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 82c5805f5d0e3c77-CDG
content-length: 3346
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 206 AOT_UK_9_0_Stocks_Tools_1080x1080_15s.webm
dfghidiqaynia.cloudfront.net/go-to-market/Display/AOT_2021/ Frame 3C23 79 KB
0 123ms
38ms Media
video/webm 2600:9000:2449:6200:16:eff:6080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dfghidiqaynia.cloudfront.net/go-to-market/Display/AOT_2021/AOT_UK_9_0_Stocks_Tools_1080x1080_15s.webm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2449:6200:16:eff:6080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

x-amz-version-id: Z8BzLdgwbnI1VrzmfAji8MkI8u4dzFOf
date: Sun, 26 Nov 2023 11:47:16 GMT
via: 1.1 28b2547a012b744c90796693b582d83c.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
age: 37810
x-cache: Hit from cloudfront
Content-Range: bytes 0-1493807/1493808
alt-svc: h3=":443"; ma=86400
Content-Length: 1493808
last-modified: Thu, 25 Feb 2021 18:23:58 GMT
server: AmazonS3
etag: "c8ce67790e15dc518d3be4e430e19a4a"
vary: Accept-Encoding
content-type: video/webm
accept-ranges: bytes
x-amz-cf-id: GCyzi-hPOfXoqoS9i_y1F3fWwPymlgiu6SgPIT4CSE0-g5vVQks1xA==

GET
H2 206 AOT_UK_9_0_Stocks_Tools_1080x1080_15s.webm
dfghidiqaynia.cloudfront.net/go-to-market/Display/AOT_2021/ Frame 3C23 19 KB
19 KB 96ms
96ms Media
video/webm 2600:9000:2449:6200:16:eff:6080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dfghidiqaynia.cloudfront.net/go-to-market/Display/AOT_2021/AOT_UK_9_0_Stocks_Tools_1080x1080_15s.webm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2449:6200:16:eff:6080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d10e78de54270934566d9ab35fa5228715fa950ce23213775f5a5ac51c261fdf

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=1474560-

Response headers

x-amz-version-id: Z8BzLdgwbnI1VrzmfAji8MkI8u4dzFOf
date: Sun, 26 Nov 2023 11:47:16 GMT
via: 1.1 28b2547a012b744c90796693b582d83c.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
age: 37810
x-cache: Hit from cloudfront
Content-Range: bytes 1474560-1493807/1493808
alt-svc: h3=":443"; ma=86400
Content-Length: 19248
last-modified: Thu, 25 Feb 2021 18:23:58 GMT
server: AmazonS3
etag: "c8ce67790e15dc518d3be4e430e19a4a"
vary: Accept-Encoding
content-type: video/webm
accept-ranges: bytes
x-amz-cf-id: VHOwqSDEhyyusUZ6lGoILE2CpsBSR4yJ8OGLOMoxnUeptc8EgV2Ttw==

POST
H2 200 /
c.bannerflow.net/tr/v2/pixel/ Frame D229 0
81 B 43ms
42ms Ping
text/plain 2606:4700::6811:ca6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/tr/v2/pixel/
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/6526647e843eb9eeda762f3e?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvHXuvKOdpyWjDNYcZzsh7DhDBjHxEBMGoK9NWuUB7-LxJY-Z7dpgrKku6bKk_H6UqiSXqtQqe_W2UOHak7bQkgJATPEjvqHMsnwNSS6eNjUNT51R9DzUvqwyaHF96I4PMctXTfb4l_Q5VgGrNCda4mjLJJbwj1d7w6wlZJgNYbLTI8-Gy_JqsZYcSGsHCmPFACPNPSF4T3Lfp9tnqX5VqKovX-0MbuhZQWYdeh-6W8s5BrjotDNenfv_aTjZtAeVv06Fb__1jN5iS-21pm3DmhqMw-z0QfGp7-2LRdWOuGvv5FMIjKciQAzi9nB9s9p1VmgYEShkxtysrPWjJiXWCI3N_piKVFPPFmDIHiL578l33L6pz7Vsy3R35eyUtnO7nufThLnRIMiWpRrOHEg_Qgnfc1nBeEfdqSgb4am_Cm7O2MMCEzgoDEA2K4RQ8qZBoRVNZ4eWtxzLIMIuOgHDBj8h_56TVEQVkRSOC7WWBetkiakYdaz4PnaD1kvTRsxBloLusxrtjoYSSxe_9ifAq-W6ACkFNgey-mGf8oFJjDdtKy_DPbJRc2eGHRu7NE5A2i3ml3OcJmVOJG_eanVxMOKY_xCToUO77BQ5cNPAZ_EInJM2cLDsWbyKLjsyWe-CEpz5iAQSvLxeqvbVjSkU9gblO8NgsXdxiZrPtZKarMhF2agL6eZEDHFTRNyMg9Fa_Mun8d-2vMtasPeCJtNdOtMPyfA1s0mCtZ_FcpplfRDRezaT4ccZqFBEa9fdoBG28fOYZva-_RfDYv4YpTur_42eo_s-t7umP3X0vcHMRmtVcH-qNV_vJN_RmNO82ewoEbQBy56hDVd9-wwTnDoeg8qRCvSbVs9jZL4im-m_8LLE6A19D_eFiG1Jc9MUQMGLywxlkdBRdDDM47r4P6hyk9veMgPCQmz7sFY46DdEwST8nFsBP816JnrrEmK3WYa2QbMDQ7RgaNDPphTTxyRHnT3l8I6XejbVIEqorCq79ro9doEpiqXRWLYFRlu1H2YHbrV1-D_tQGDcVvl0QbutkZNRcecgsOHE2h8FDZH_2YALZEFtptlZB8CpMHV_aOYfgTo6ohAfO9e-ocXT_sQqLm_5QfEpkfVuV672RqLCZHi7BrTbrdX2S98cBxTmRdLMywd8HKMQGH6l6bm7Wdk6t3NpFk6o9fqHx8nriq0u4pL6deHuPHmawTEE40A-7wQIckfqfwStZSxkX11gv3I6bMtgO87bZCHE8vzxrImSOy_jPYUGJ6j2zUozEm0g0wvg9RYp2G6jt9if13abZ0fbev0bCsFz5MU7YIDngcpCWPQimOOZFFd9MAlEUyPXeRLPURRiknX9ESIwHibvmltyLJv9jabvGPr2N8XX-z_L6JzNiJBXlWnz25m_74l2XguLbbbpazczr1vT-Zd6_u7rc1uluuRWK5YiQOSgT7JS4Jp9xtDlUKIz7234_ojn6A03WnRmwDBbcubgdB%26sai%3DAMfl-YQZvGvqdyeG2sF-c_26Bo_jdXqbIZGqvHFipWdf93kcPo2uL3g9Ksr168XctL8CQbWZmrGN-UaknAWLFLbthbO-EhQFeCPeDymEdDdLZg2dkDqXcp2E4XjqZqycJAr3KOhaEOV0DhlJk2JN_eAyeM6wsPUOqSKi-PHzwke0ANwOVMMym2zdPWy6q34d2LdnFYMlz91NlL-xvIAa2SVT4cYNtktx3y4IIYEi-NS5j-GkWFAgY1EwIQ3KHcg-iZh_EbsceEbUWqtRd-5K5XnvJgO4xKDs7Cxp_vVu3q_IkQ%26sig%3DCg0ArKJSzKau7LaQQtCiEAE%26cry%3D1%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26rm_eid%3D5362262%26adurl%3Dhttps%253A%252F%252Fwww.home.saxo%252Fen-ch%252Fproducts%252Fstocks%253Fdclid%253D%2525edclid!%2526cmpid%253Ddisp_cm_1014735043_20642156636_524800797
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ca6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://s0.2mdn.net/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 26 Nov 2023 22:17:25 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82c580615f4a3c77-CDG
content-length: 0
request-context: appId=cid-v1:1d9bcaa3-5ddc-4e5d-973c-949d7ceab63e

GET
H3 206 AOT_UK_9_0_Stocks_Tools_1080x1080_15s.webm
dfghidiqaynia.cloudfront.net/go-to-market/Display/AOT_2021/ Frame 3C23 1 MB
0 32ms
32ms Media
video/webm 2600:9000:2449:6200:16:eff:6080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dfghidiqaynia.cloudfront.net/go-to-market/Display/AOT_2021/AOT_UK_9_0_Stocks_Tools_1080x1080_15s.webm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:2449:6200:16:eff:6080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=65536-

Response headers

x-amz-version-id: Z8BzLdgwbnI1VrzmfAji8MkI8u4dzFOf
date: Sun, 26 Nov 2023 11:47:16 GMT
via: 1.1 e3175a7d38795328ac3444e1d56a9f4e.cloudfront.net (CloudFront)
age: 37810
x-amz-cf-pop: AMS58-P6
x-cache: Hit from cloudfront
Content-Range: bytes 65536-1493807/1493808
alt-svc: h3=":443"; ma=86400
Content-Length: 1428272
last-modified: Thu, 25 Feb 2021 18:23:58 GMT
server: AmazonS3
etag: "c8ce67790e15dc518d3be4e430e19a4a"
vary: Accept-Encoding
content-type: video/webm
accept-ranges: bytes
x-amz-cf-id: 2o1aFjYVbIFm8p_zhWt07Vc2AlnfR173_TqTUbhZMCtg7CMk0K9J8g==

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 67E2 42 B
64 B 63ms
63ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssLPjhGNArlNobjfyH-MbBbVSYXLuq-ZlWTXv9-PPVgzN0sqaLh1FZPwFu2nhjBM6QYbaRMLQ7DiBOh6CpxdJ-qY88xcUXUY-Q-9HV8Wr6z01uxHYvE9gE06aV4GYta6h9Hx3MAqP4a8Q&sai=AMfl-YTK3Tf5wkCwq9aXZGteF3uqr5oEan2ZGYggLNiybWswSTok7GOD9vjxUMQIpqNxWn40aIoa2npsCfpDJ0T36M0Pyw4pm4U3rSMKCLU5C5q__YuOEAbkjKzFplQ&sig=Cg0ArKJSzKqaHY77ar3GEAE&cid=CAQSOwDICaaNxN6rViXAes5r8Jb23q4tz8f6Zg_x6bfa-CFqvfYcmlnamSgvZh0L4kzigZbjvgjRtS3hJCJ0GAE&id=lidar2&mcvt=1000&p=1179,297,1269,1025&mtos=328,827,1000,1091,1121&tos=328,499,173,91,30&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=920899659&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701037044676&rpt=209&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0402 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5898839963235&version=m202311060101&ct=76&x=1&cor=10255656881810230000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 22:17:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: certify-js.alexametrics.com
URL: https://certify-js.alexametrics.com/atrk.js

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstt7KpR-dCKQ7QGnllf4o1H3XCTphly7nvWkZDT_p0ZLiUrmgvlJ3hfKFPNo-9FuoBtgdJkoLCJD5LYN-z50Vbm6izF8PwzKfeN9dRFU2isOo-ewhKMK9YWMJI-qvdM2DC6Q5uZyfLJX9FGOvqchU-n0ehvAgBspSeIUew1wcDMtQ36jeJOWMpzsOc0ewK7RnrxZZcisSqI4eSc3J8nvXca_Y_U6dplissmcQnZUO99KQClWh_THhKK9j4FNz1y-84FulgrSSHssSMq74qDLwrEmkLtueXD6Rdym7Y24IDFBYI5ulLrOMjkeQmVrjwnnemXJO16b5knJVDsQpTyw5x7lRjstyNc5KJF1dPz6udT0JsxrfpIVz-stnMf-1M-aMJK2VWxhfRdr6sa1nv4FJazkydjzAvPdGFNuHt-MlyEvFFgvw&sai=AMfl-YTgJmOnGJUPGV4W_x5Ux3OHOaF_JNsWZDCgDvFoAsSbCCbr8wZKazYrsnqsnR0UDIO2sSavdnkPULoDPYfrNGfYoMCAsL61MJs6Gk7f7FGpvXlAMXe54nEbAtPbZ9w79AU2tQLaJmVqmRcCfwdGWho&sig=Cg0ArKJSzGNRDySQIf31EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Domain: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Verdicts & Comments Add Verdict or Comment

189 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

53 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.file-upload.org/	1969-12-31 23:59:59	Name: lang Value: german
www.file-upload.org/	1969-12-31 23:59:59	Name: visited Value: visited, visited_expires=Sun Nov 26 2023 23:18:23 GMT+0100 (Central European Standard Time), path=/
live.demand.supply/	1970-01-21 02:06:37	Name: demandSupplyTi Value: b0213ff6-e76f-493a-8d30-08c2cb104f80
.demand.supply/	1970-01-20 16:30:38	Name: __cf_bm Value: m.f07Xt8ZjrTNKqA4zGfXOFWi2myETLRPdzizPbv5ks-1701037043-0-AX+yi6SytWKa/enDjmjWI7EHpcbpGaSZgBzdiFD1jdaRl5VBx2TS3J3zlEQ2oeQEdmfbcDNohoZcjB1RiLOUtGo=
.file-upload.in/	1970-01-21 02:06:37	Name: _ga_3T7TKCZCC9 Value: GS1.1.1701037043.1.0.1701037043.0.0.0
.file-upload.in/	1970-01-21 02:06:37	Name: _ga Value: GA1.2.1496652062.1701037044
.file-upload.in/	1970-01-20 16:32:03	Name: _gid Value: GA1.2.383712901.1701037044
.file-upload.in/	1970-01-20 16:30:37	Name: _gat_gtag_UA_119779859_1 Value: 1
.file-upload.in/	1970-01-20 16:30:37	Name: lotame_domain_check Value: file-upload.in
.criteo.com/	1970-01-21 01:52:13	Name: uid Value: a5fe5979-0f1d-42b1-9cb9-2f425a9fe8f0
.openx.net/	1970-01-21 01:16:13	Name: i Value: 163ca608-d16b-421f-8bc0-3eafe5d7a7c5\|1701037043
.file-upload.in/	1970-01-21 01:52:13	Name: cto_bundle Value: ROJDa185WFQ2a201cDZHdktablRiSlhCbW0xcUttbmR6amJ0MFU4c2FnWmRiOEthViUyQmZNUmclMkYlMkJKeENUcVFKRlpSY0RXeFlmMWQxVmRtT1A5QWw0Wlhza1NnQVo3SnlJJTJGOUhZYXBteHdDMWhvUmhoRHcycGRQcnh3VEVOaHc3RzFNVEtKRHglMkZ0aFVuTkVvaTUzTEltS0hIVXVRJTNEJTNE
.yahoo.com/	1970-01-21 01:16:34	Name: A3 Value: d=AQABBPTDY2UCEF7XGAnfyfYmlVDzDNtVAf8FEgEBAQEVZWVtZbti0CMA_eMAAA&S=AQAAAl4QvFt4LdMGmZbp6oIOeFg
.crwdcntrl.net/	1970-01-20 22:59:24	Name: _cc_dc Value: 1
.crwdcntrl.net/	1970-01-20 22:59:24	Name: _cc_id Value: dc36a3167d81ec2bfefdca75e03a249a
.file-upload.in/	1970-01-20 22:59:25	Name: _cc_id Value: dc36a3167d81ec2bfefdca75e03a249a
.file-upload.in/	1970-01-20 16:40:41	Name: panoramaId_expiry Value: 1701641844128
.file-upload.in/	1970-01-20 16:40:41	Name: panoramaId Value: 7182b8caa86df79fc0363344e8354945a702d5453777b234932c38e6c42f72c5
.file-upload.in/	1970-01-20 16:40:41	Name: panoramaIdType Value: panoIndiv
.openx.net/	1970-01-20 16:52:13	Name: pd Value: v2\|1701037044\|n0vNvQiygu
.adform.net/	1970-01-20 17:13:49	Name: C Value: 1
.adform.net/	1970-01-20 17:57:01	Name: uid Value: 3135072572220521421
.file-upload.in/	1970-01-21 01:52:13	Name: __gads Value: ID=2af1e32e7518a61c:T=1701037044:RT=1701037044:S=ALNI_MbnjnG6-vIs5P0vmoI9xLEfx1z_2w
.file-upload.in/	1970-01-21 01:52:13	Name: __gpi Value: UID=00000cdccb242385:T=1701037044:RT=1701037044:S=ALNI_MblnXv4nW7GJ5gUQsaTCohsgvEE5Q
.casalemedia.com/	1970-01-20 18:40:13	Name: CMPS Value: 3227
.amazon-adsystem.com/	1970-01-20 21:44:32	Name: ad-id Value: A_2vo0dH3UwLrATw11zm4_c
.amazon-adsystem.com/	1970-01-21 02:06:37	Name: ad-privacy Value: 0
.casalemedia.com/	1970-01-21 01:16:13	Name: CMID Value: ZWPD9ETev8Uj7gTlATAFZwAA
.casalemedia.com/	1970-01-20 18:40:13	Name: CMPRO Value: 3227
.doubleclick.net/	1970-01-21 02:06:37	Name: IDE Value: AHWqTUmJcjG_ybCIJ1hor01Fjdx8686PzejCIety2zNcKkFtaCBcO91cnZofPJdPnEc
.adnxs.com/	1970-01-20 18:40:13	Name: uuid2 Value: 4179319892228523648
.csync.loopme.me/	1970-01-20 18:43:05	Name: viewer_token Value: 40896480-93f1-4b6f-bc81-02ddb4993f72
.adnxs.com/	1970-01-20 18:40:13	Name: anj Value: dTM7k!M41.D>6NRF']wIg2ImIN+6'!@wnfH8K6pQK`!5=E<L5?%K/c#m?cY=+$KjQkE!b]#[K69epm:/Ycgx]JzP(hw9P-HC_#tvFB?XyR
.bidswitch.net/	1970-01-21 01:16:13	Name: tuuid Value: 611e83c4-e9a2-4af9-ad1c-c1d25e314dda
.bidswitch.net/	1970-01-21 01:16:13	Name: c Value: 1701037044
.bidswitch.net/	1970-01-21 01:16:13	Name: tuuid_lu Value: 1701037044
.dotomi.com/	1970-01-20 16:30:37	Name: DotomiTest Value: 770d399eb8ad1615
.simpli.fi/	1970-01-21 01:17:39	Name: suid Value: 00605976505246628E2E921ABF3188EF
.go.sonobi.com/	1970-01-20 17:13:49	Name: __uis Value: 5477c103-d59d-4289-b31e-887a91b84a7a
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8G Value: s86188\|ZWPD+
.pubmatic.com/	1970-01-20 16:32:03	Name: KTPCACOOKIE Value: YES
.360yield.com/	1970-01-20 18:40:13	Name: tuuid Value: dc56d07c-6e27-4f8d-b145-22237a867e62
.360yield.com/	1970-01-20 18:40:13	Name: tuuid_lu Value: 1701037045
.teads.tv/	1970-01-21 01:14:46	Name: tt_viewer Value: 7f646109-f969-4f0e-83ad-690604d240c0
.de17a.com/	1970-01-21 01:09:01	Name: guid Value: 1.7189694675112578678
.rfihub.com/	1970-01-21 01:52:13	Name: rud Value: H4sIAAAAAAAA_-MSNjU0sDA1tTQ3NjQ0NLc0NjY3sxDiM9QttCw39_DPzTVPKzMGAEukpbYlAAAA
.rfihub.com/	1970-01-21 01:52:13	Name: eud Value: H4sIAAAAAAAA_1vFwmtobmBoYGxuYGJqaGwOAINqr80QAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0sDA1tTQ3NjQ0NLc0NjY3sxDiM9QttCw39_DPzTVPKzMGAEukpbYlAAAA
.pubmatic.com/	1970-01-21 01:16:13	Name: KADUSERCOOKIE Value: CACA8B4A-0028-452C-B4EF-5E8CA910FD4A
.linkedin.com/	1970-01-21 01:16:13	Name: bcookie Value: "v=2&892accbb-04a3-48f6-87d4-0e8efdb77d61"
.linkedin.com/	1970-01-20 20:49:49	Name: li_gc Value: MTswOzE3MDEwMzcwNDU7MjswMjHCgXUtxxYsKSU0pvkfTCFGknNgcG/ohkW0LYYP8oXHCw==
.linkedin.com/	1970-01-20 16:32:03	Name: lidc Value: "b=OGST01:s=O:r=O:a=O:p=O:g=3105:u=1:x=1:i=1701037045:t=1701123445:v=2:sig=AQGgB-C_Yb7fyz6LyObVx_Vvpsa8-7Mi"
.socdm.com/	1970-01-21 02:06:37	Name: SOC Value: ZWPD9cCo8XkAACFGy-YAAAAA

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://certify-js.alexametrics.com/atrk.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript	error	URL: https://www.file-upload.in/ Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d' from origin 'https://www.file-upload.in' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.file-upload.in/ Message: Access to font at 'https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e' from origin 'https://www.file-upload.in' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.file-upload.in/ Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a' from origin 'https://www.file-upload.in' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://ups.analytics.yahoo.com/ups/58813/fed?gpp_sid=-1&v=1&url=https%3A%2F%2Fwww.file-upload.in%2F Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2e228d32f4e91cf4d58fce6a2cd6ee6e.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
ajax.googleapis.com
api.demand.supply
bcp.crwdcntrl.net
c.bannerflow.net
c1.adform.net
cdn-ima.33across.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
certify-js.alexametrics.com
cm.g.doubleclick.net
connect.facebook.net
connectid.analytics.yahoo.com
csync.loopme.me
d5p.de17a.com
dclk-match.dotomi.com
dfghidiqaynia.cloudfront.net
dsum-sec.casalemedia.com
eu-u.openx.net
fonts.googleapis.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
images.dmca.com
invstatic101.creativecdn.com
live.demand.supply
match.360yield.com
match.adsrvr.org
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
px.ads.linkedin.com
region1.google-analytics.com
rtb.openx.net
s0.2mdn.net
secure.adnxs.com
securepubads.g.doubleclick.net
ssl.google-analytics.com
ssum-sec.casalemedia.com
static.criteo.net
sync.go.sonobi.com
sync.inmobi.com
sync.teads.tv
tags.crwdcntrl.net
tg.socdm.com
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.file-upload.com
www.file-upload.in
www.file-upload.org
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
certify-js.alexametrics.com
securepubads.g.doubleclick.net
www.file-upload.org
www.googletagservices.com
104.18.36.155
124.146.153.170
142.250.184.194
142.250.186.162
15.197.193.217
162.19.138.116
172.64.152.89
176.34.96.61
18.192.88.240
18.239.18.33
185.64.190.78
185.89.210.90
188.114.97.3
193.0.160.131
20.127.253.7
2001:4860:4802:34::36
213.155.156.185
23.35.237.56
2400:52e0:1e00::1080:1
2600:9000:2090:7800:10:dd8:5e40:93a1
2600:9000:2447:e200:a:e047:753:a221
2600:9000:2449:6200:16:eff:6080:93a1
2606:4700:10::6816:3556
2606:4700:3031::6815:3355
2606:4700::6810:5814
2606:4700::6810:8516
2606:4700::6810:8616
2606:4700::6811:ca6e
2620:1ec:21::14
2a00:1450:4001:802::2001
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2008
2a00:1450:4001:811::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::200a
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2001
2a00:1450:4001:831::2006
2a00:1450:4001:831::2008
2a02:2638:3::3
2a02:2638:3::c
2a02:fa8:8806:13::1370
2a03:2880:f083:100:face:b00c:0:3
2a05:d018:d29:3605:1147:a3e6:9be5:4305
2a06:98c1:3121::3
3.71.149.231
34.102.146.192
34.120.107.143
34.96.70.87
34.98.64.218
35.186.253.211
35.204.158.49
35.214.226.85
35.244.159.8
37.157.4.28
51.89.9.254
52.215.24.0
67.220.226.234
69.166.1.67
69.173.144.165
0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994
02a6d10f5b01a3f642b7d51769938003a6df66d74219f4670412465b0337fab0
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
0ad16ab974fb75864d97282d6532ca45539337abcc4bec86fb1d3e93d0495580
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983
115a766c8d4ecfcbb6928f450c44fcb86861255bec819faae054c61b3c9a2e5b
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
148786284342af63df57c33534fa5940616d81a9d181b789016dfdc2c26f1da5
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
184d53ce0e02a39cd434b8dd66e2da3dd45c00bbc386ed2f3eaf4c2527c084ac
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
18ffb4f8da527c8e8e63f197c2b06df360ab4e1b02bce32df5337ce9b2e3ee33
1d20bc2981cfbe01518dd798a69612d60b92b407a47491172e803b734338f671
1f40994eab15b92af5183f9acf338e0354771054c65024e0aa679b6506f9eb87
22a1257891d7523261ed7426751d43a5dfeb83e2211aed3b71f085b5a45149ed
2408e86e87c5df52e8160530980e94acf40b083adb5f330abd9ad21b5b5f65e8
24ed9d5f218f03c642d54f9901d630759852441dd960573817b8a6e0823e73b6
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af
27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810
2be4cdff5155a116e925e6bd091b8d4ad142c2c594b2dde80f7fe6b038929207
2ca4809bb58dd7abc8fba1b8ec903491c7748a0d116d0cddbb6f7ab6659900eb
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2d19796d3c3e62e5a1bf2630d51039c4acb80ae55d7e363a86966038bdab140d
307279644d7cf64dc9ee86371da7a27bb581695aeef145df65476f1f0364b990
30debe7e8820b593c8f6c0cddf6de4430a3a7dd6ccb2da62da0a82a655e0d674
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4da56999476a0550c62f0a269cda43474aaa0f7ba5c461cee58ac2af893bab90
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
543ecea882d39aea47b52446613562c16db55f3776a1386ae9500b209489de56
54453b4fbefcca3dca79bc9a64b29e36e9b6b06b043a81a3c5c49d7cd8132629
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b
58550bfbd57abaa8f64bf8a14889e10a3726eaea36bf0c08a9f613fc29916c17
59c709c3b953b4bbb1b4bebaa3092c08577304b9506ea8e56c0ac6a65289224d
5f72695d5e0fde2f25944b48ada6d91cf2befd5285741b7767f8040b934206ab
602a48d8418dc75bc51795b3f33e2e49ee38d40c4a658723b0878f1c64a68265
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63e288f92b95ce23ed61761110290d643e262c834cb02a6feacd8e011c859da4
65f7215216c84123c42d98e15f1f0242b81bb8c669335f0238c9a63415ccfa7d
663183ac62b3c55305c0cde395a7b7a8dfc650979b3d206985f3b837d10d040b
68b257b88bd723c48bf26abdcb2f5e4115b7891444ea9a3dfd21637a37257b21
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d2d6d5bd3cd0ab3138347e06b42c2af4d6fa6998d18d7c097f5ef9f98174579
6d87d0822bbaa955f9478aadc7c85259135b462165a9c555615fba531995a650
70118c761cd94bb75522b651eeaf62d2fe4e908d98b329c6037dcd72d4ce9afe
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
73ac1b0d31e51b405a912a984cdb65eac0887db8ccdfe273a924ece9481b0444
73d8b7246d74c24a4b7bdaf3df7576fe4d356cdda42c4e3db6a1acf1fade5560
769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c
795208ac6fba539ef1e50ad17ef822be89d2a043186493b3b3ed91f22bb15c41
7a28283a9b717b42cd3970f0707475394e6c5b2a678f354bc25027d0cad00b17
7b69386c30197ae317661d767f77180fede3bfcfcaa6162683eb25c9ed539096
7ccc354572f46ed4b26ffec17c24264cce720c1ebab7693af8e88032e46b6544
7cfca0792a500a8f7ea890afcfbce2b1ed8c3a87fa2218e9c25dba9ba29d218f
80517662352655810cd94d92070d02d75b231c2159cb5b92e6c9b6ceb1bea2d5
80c1a71b0825d5c2a91d238da77ede821f8df46b20974aa774f5bc03aefe6a45
80ffb3eec028765433299e385701c253fc5024465f40ff92e64d8a671946ac3a
848617181f078424393ded0015ce45584ac7d6835880e2441cbd17437914f602
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
87960e7994f9fc5f6d2fc8c0b93be02f4b9b7cdca0dd9c726f5806d8e9092068
881c34f9478aebd3b0de210be3a711ca7591e13997bf637335c23e4f39815c6d
8a1f8553f39d7c12ec667389da1ec8348c86d656f5f9e5ea647b405e650d71f2
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
91e90be8d5ed5bb9b3bc712826811913fc616afb7bdeb4633bbdcb343b2b6e2e
969ba10559cd16c1029a7fee37ea9e664b5ab8d306ad1ee5dc7bf8012e3f8b8d
9897b4c743db06b82f375b9155cfe09e62f8c5e72ca83ad71a6a7d0c6cd15746
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9
a1b8b8e9a3c52646733826d2a3a30fbe6c3ae5e1d077fa1789cfc68dce3a55f7
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7f956d6fb47d2b64be68785a2da0aa605dfd81d65ce4dff90216dd101d5ff38
a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13
ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205
ad18f76134091d6a4ea14854c9b7f8ec60ddcaf78b06e9e2c3ffa6bd22920ccb
af27345f740e9fa81e2c73fc810a3e48d85df61f024a42bf7aa3b343166d9093
af6f439b4493ea95140ee9297524fe889477890db7a8609fe8d4a00ccb9a3b69
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5b9283fe4995e6ca3e3cc470f3dd93dcd51848921bf7dd7fdc0c23aa2d0342e
b5d0b366aa5b710a89ead041863e9ba168855c900d342e2a12509f4f84b6f43a
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
b9a42cb27417d2b87b8d5983655566731a38089d5e30735e9e931008ea59c634
ba00e199882f3b24cddfdb1d0f3ecb36fa93fb4e6e75015dcb9035af38513852
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
bc1627bb5a3f6f3c3cf51ab01bc67a74a851bd203c51fa9210fe41ab096f56ad
bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309
c0c51686c0461b0c32fff93aef93f9514af8703575739796fd988c12b90e8d1b
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c3a581d187fa5f6096ca8df10de081cd9048467f30b11c168856a3bba7479aca
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c7c2174fe8b71022bd85d239b639f1be86df5b16ca6ef6937404f7d53ece648e
c7f6468c8ac1542980b2d5f637fa933d7d00d2c6ff6690e34505d2aed0c0e23a
c8934c75d7b6faf5e681a0d3fc7854a70876feebd7f613f792ffe35345486b16
c999659aefeb040a0e03e4ba21e74d444d1a78eb4bd90ae8855866ad4778a628
ccc73644afcea0862b8aec123ddee9e17c8a2cd8e82f8526e63700a5d4e4e3cf
cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
d10e78de54270934566d9ab35fa5228715fa950ce23213775f5a5ac51c261fdf
d26889f45a3c1df4e7d092ff5411f4ec7b16021b7adacb5d4ab9f6bd61f1fe0d
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856
e0b70a0f342b8f3eb5ba7787ecc51ff651e3b70114d07c96bb77270956a7a470
e11d0b5063c0889aea44c26cff42e0db870e02e303fca38299c2f1cb4675e463
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5118140a15e5dbb471f19c06816bcfa44170878bd8fe0ade80c24b7a988d8ba
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
edabf809b301dba76a2b332f0a5a412f764061119b991ec36a72778306178897
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f124772de384bd55715433695e6d32bb6cfc834eca655d65267ae90fa39b24b3
f20c18f7c0f055e9c16a7371a5293728674a4658225b0a45cbb132b8d614df43
f45ea48d1d58008b497bce74122e6b1dce39045f558732a28209d4dea948046f
f6cfe89b284e6a2100a86b8d6b0e52b76b85cc62622a40d63e929f328d883a6a
f9e0ceb1f95a005893308cd11cf0f53eeb5c563649062bf9f30a87752cc8e773
fabc70c55f40ea2f77fccc894b1b347219b5a8b03d3c9a5d14f49872573d4488
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

www.file-upload.in Open in urlscan Pro 2606:4700:3031::6815:3355 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

302 Requests

85 %HTTPS

48 %IPv6

48 Domains

68 Subdomains

46 IPs

11 Countries

5225 kBTransfer

11527 kBSize

53 Cookies

31 Outgoing links

Page URL History

Redirected requests

302 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.file-upload.in Open in urlscan Pro
2606:4700:3031::6815:3355 Public Scan

Screenshot
Live screenshot

Full Image

302
Requests

85 %
HTTPS

48 %
IPv6

48
Domains

68
Subdomains

46
IPs

11
Countries

5225 kB
Transfer

11527 kB
Size

53
Cookies

302 HTTP transactions
6 data transactions