Submitted URL: http://file.io/
Effective URL: https://www.file.io/
Submission: On November 03 via manual from SA — Scanned from DE

Summary

This website contacted 41 IPs in 12 countries across 37 domains to perform 205 HTTP transactions. The main IP is 13.224.189.97, located in United States and belongs to AMAZON-02, US. The main domain is www.file.io.
TLS certificate: Issued by Amazon on February 24th 2022. Valid for: a year.
This is the only time www.file.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 3.213.81.213 14618 (AMAZON-AES)
36 13.224.189.97 16509 (AMAZON-02)
2 2001:4860:480... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
9 2606:4700:10:... 13335 (CLOUDFLAR...)
1 64.20.35.44 19318 (IS-AS-1)
1 2a00:1450:400... 15169 (GOOGLE)
34 2a00:1450:400... 15169 (GOOGLE)
18 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
13 16 142.250.186.34 15169 (GOOGLE)
6 15 185.80.39.216 27381 (CASALE-MEDIA)
8 11 37.252.173.38 29990 (ASN-APPNEX)
33 2a00:1450:400... 15169 (GOOGLE)
6 216.58.212.130 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 2 18.156.0.31 16509 (AMAZON-02)
1 2600:9000:20e... 16509 (AMAZON-02)
2 2 188.42.196.115 7979 (SERVERS-COM)
1 72.251.249.9 32475 (SINGLEHOP...)
1 141.95.98.65 16276 (OVH)
1 3.127.59.146 16509 (AMAZON-02)
1 1 23.35.228.23 16625 (AKAMAI-AS)
2 2 3.225.128.227 14618 (AMAZON-AES)
1 1 69.166.1.12 27630 (AS-XFERNET)
2 104.18.19.126 13335 (CLOUDFLAR...)
2 23.35.236.201 16625 (AKAMAI-AS)
1 1 96.16.141.156 16625 (AKAMAI-AS)
2 23.205.235.133 16625 (AKAMAI-AS)
1 51.75.86.98 16276 (OVH)
1 213.19.147.45 3356 (LEVEL3)
1 185.64.189.115 62713 (AS-PUBMATIC)
1 2 52.46.143.56 16509 (AMAZON-02)
3 3.33.220.150 16509 (AMAZON-02)
1 2a05:d018:d29... 16509 (AMAZON-02)
1 63.33.112.15 16509 (AMAZON-02)
1 1 185.183.112.155 60350 (VP)
2 2 151.101.194.49 54113 (FASTLY)
1 1 37.252.173.62 29990 (ASN-APPNEX)
3 4 37.157.6.247 198622 (ADFORM)
2 2 213.155.156.168 1299 (TWELVE99 ...)
4 185.64.189.110 62713 (AS-PUBMATIC)
2 2 185.29.132.245 30419 (MEDIAMATH...)
2 185.64.190.80 62713 (AS-PUBMATIC)
1 178.250.0.163 44788 (ASN-CRITE...)
1 2 52.95.122.74 16509 (AMAZON-02)
1 185.64.190.81 62713 (AS-PUBMATIC)
1 1 141.94.171.216 16276 (OVH)
1 35.204.158.49 396982 (GOOGLE-CL...)
1 69.173.144.138 26667 (RUBICONPR...)
205 41
Apex Domain
Subdomains
Transfer
49 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 131
tpc.googlesyndication.com — Cisco Umbrella Rank: 167
399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
316 KB
37 file.io
file.io — Cisco Umbrella Rank: 479682
www.file.io
1 MB
33 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 352
2 MB
32 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 166
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 264
googleads.g.doubleclick.net — Cisco Umbrella Rank: 66
cm.g.doubleclick.net — Cisco Umbrella Rank: 320
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 367
254 KB
17 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 819
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 666
14 KB
12 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 313
secure.adnxs.com — Cisco Umbrella Rank: 690
11 KB
10 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 732
image6.pubmatic.com — Cisco Umbrella Rank: 922
image2.pubmatic.com — Cisco Umbrella Rank: 1407
simage2.pubmatic.com — Cisco Umbrella Rank: 979
image4.pubmatic.com — Cisco Umbrella Rank: 1503
27 KB
9 quantumdex.io
useast.quantumdex.io — Cisco Umbrella Rank: 11543
sync.quantumdex.io — Cisco Umbrella Rank: 6794
2 KB
5 google.com
adservice.google.com — Cisco Umbrella Rank: 134
www.google.com — Cisco Umbrella Rank: 17
2 KB
4 adform.net
c1.adform.net — Cisco Umbrella Rank: 1002
2 KB
4 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 412
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1256
3 KB
4 rubiconproject.com
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1289
eus.rubiconproject.com — Cisco Umbrella Rank: 826
token.rubiconproject.com — Cisco Umbrella Rank: 1059
11 KB
4 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 223
168 KB
3 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 457
796 B
3 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 407
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 715
1 KB
3 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 447
17 KB
2 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 723
1 KB
2 de17a.com
d5p.de17a.com — Cisco Umbrella Rank: 6929
562 B
2 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 916
635 B
2 disqus.com
ssp.disqus.com — Cisco Umbrella Rank: 2888
663 B
2 betweendigital.com
ads.betweendigital.com — Cisco Umbrella Rank: 2520
1 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 97
20 KB
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 1432
615 B
1 onaudience.com
pixel.onaudience.com — Cisco Umbrella Rank: 4133
417 B
1 criteo.com
dis.criteo.com — Cisco Umbrella Rank: 941
363 B
1 adotmob.com
sync.adotmob.com — Cisco Umbrella Rank: 2384
300 B
1 adroll.com
d.adroll.com — Cisco Umbrella Rank: 2070
182 B
1 unrulymedia.com
usermatch.targeting.unrulymedia.com — Cisco Umbrella Rank: 4365
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 1095
1 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 1492
943 B
1 media.net
hbx.media.net — Cisco Umbrella Rank: 1890
452 B
1 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 756
36 B
1 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 678
1 KB
1 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 872
277 B
1 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 951
241 B
1 google.sk
adservice.google.sk — Cisco Umbrella Rank: 53647
793 B
1 bid.glass
bid.glass
317 B
205 37
Domain Requested by
36 www.file.io www.file.io
33 s0.2mdn.net www.file.io
s0.2mdn.net
28 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
googleads.g.doubleclick.net
s0.2mdn.net
www.googletagservices.com
18 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
s0.2mdn.net
16 cm.g.doubleclick.net 13 redirects googleads.g.doubleclick.net
15 dsum-sec.casalemedia.com 6 redirects googleads.g.doubleclick.net
ssum-sec.casalemedia.com
11 ib.adnxs.com 8 redirects googleads.g.doubleclick.net
8 sync.quantumdex.io www.file.io
sync.quantumdex.io
ssum-sec.casalemedia.com
ads.pubmatic.com
6 googleads4.g.doubleclick.net www.file.io
6 googleads.g.doubleclick.net 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
www.file.io
4 image2.pubmatic.com ads.pubmatic.com
4 c1.adform.net 3 redirects ads.pubmatic.com
4 www.google.com tpc.googlesyndication.com
399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
4 www.googletagservices.com www.file.io
399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
3 match.adsrvr.org ssum-sec.casalemedia.com
ads.pubmatic.com
3 ajax.googleapis.com s0.2mdn.net
3 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com securepubads.g.doubleclick.net
3 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
2 aax-eu.amazon-adsystem.com 1 redirects ads.pubmatic.com
2 simage2.pubmatic.com ads.pubmatic.com
2 sync.mathtag.com 2 redirects
2 d5p.de17a.com 2 redirects
2 sync-tm.everesttech.net 2 redirects
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 eus.rubiconproject.com sync.quantumdex.io
eus.rubiconproject.com
2 ads.pubmatic.com sync.quantumdex.io
ads.pubmatic.com
2 ssum-sec.casalemedia.com sync.quantumdex.io
ssum-sec.casalemedia.com
2 ssp.disqus.com 2 redirects
2 ads.betweendigital.com 2 redirects
2 ups.analytics.yahoo.com 2 redirects
2 www.google-analytics.com www.file.io
www.google-analytics.com
1 token.rubiconproject.com eus.rubiconproject.com
1 um.simpli.fi ads.pubmatic.com
1 pixel.onaudience.com 1 redirects
1 image4.pubmatic.com ads.pubmatic.com
1 dis.criteo.com ads.pubmatic.com
1 secure.adnxs.com 1 redirects
1 sync.adotmob.com 1 redirects
1 d.adroll.com ssum-sec.casalemedia.com
1 pr-bh.ybp.yahoo.com ssum-sec.casalemedia.com
1 image6.pubmatic.com ads.pubmatic.com
1 usermatch.targeting.unrulymedia.com sync.quantumdex.io
1 onetag-sys.com sync.quantumdex.io
1 secure-assets.rubiconproject.com 1 redirects
1 sync.go.sonobi.com 1 redirects
1 hbx.media.net 1 redirects
1 match.sharethrough.com sync.quantumdex.io
1 id5-sync.com sync.quantumdex.io
1 ap.lijit.com sync.quantumdex.io
1 s.ad.smaato.net sync.quantumdex.io
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.sk securepubads.g.doubleclick.net
1 bid.glass www.file.io
1 useast.quantumdex.io www.file.io
1 stats.g.doubleclick.net www.google-analytics.com
1 file.io 1 redirects
205 56

This site contains links to these domains. Also see Links.

Domain
mrcowboy.com
bid.glass
twitter.com
www.facebook.com
www.reddit.com
www.linkedin.com
github.com
Subject Issuer Validity Valid
*.file.io
Amazon
2022-02-24 -
2023-03-25
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-10-17 -
2023-01-09
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-10-17 -
2023-01-09
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-06-04 -
2023-06-03
a year crt.sh
www.onezo.bid.glass
R3
2022-10-02 -
2022-12-31
3 months crt.sh
*.google.sk
GTS CA 1C3
2022-10-17 -
2023-01-09
3 months crt.sh
*.google.com
GTS CA 1C3
2022-10-17 -
2023-01-09
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
www.google.com
GTS CA 1C3
2022-10-17 -
2023-01-09
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-10-17 -
2023-01-09
3 months crt.sh
s.ad.smaato.net
Amazon
2022-08-22 -
2023-09-20
a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2
2022-06-27 -
2023-06-05
a year crt.sh
*.id5-sync.com
R3
2022-08-18 -
2022-11-16
3 months crt.sh
*.sharethrough.com
Amazon
2022-07-14 -
2023-08-12
a year crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA
2022-02-04 -
2023-02-03
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2022-03-17 -
2023-04-04
a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-01-10 -
2023-01-03
a year crt.sh
*.targeting.unrulymedia.com
Sectigo RSA Domain Validation Secure Server CA
2022-05-09 -
2023-05-09
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2022-03-31 -
2023-05-02
a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2022-06-14 -
2022-12-07
6 months crt.sh
adroll.mgr.consensu.org
Amazon
2022-08-10 -
2023-09-08
a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2022-09-20 -
2023-09-20
a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-10-31 -
2023-01-26
3 months crt.sh
aax-eu.amazon-adsystem.com
Amazon
2022-07-20 -
2023-07-19
a year crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1
2021-10-27 -
2022-11-27
a year crt.sh

This page contains 31 frames:

Primary Page: https://www.file.io/
Frame ID: 9CA330188D94D152CD056FED3AC08678
Requests: 50 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EAFB3C698618706056E08137897A2C3B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 296FDEFF5B8D2161AB8822BEE22D61D6
Requests: 2 HTTP requests in this frame

Frame: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Frame ID: 3621147C609A8E9B5EF9E163CE829100
Requests: 15 HTTP requests in this frame

Frame: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Frame ID: F7E6788B04F1879B5A332C385F57BE95
Requests: 15 HTTP requests in this frame

Frame: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Frame ID: B4705B66482E84B26B8BD568F27FB14B
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNVyqO-UVq8fBGweb8TFXdUb3OMmxIZMUOyScBvGJfJWUZuiD6459IP3GCebALmO3jaCvJi_7n6dSJVFn9uZYUo6yM_0aJZK5RjrlgB301d_1myq-F-Hm-t7hyCspt2oq8j2Vj9Q0R8gojEqtsTGPsXlUQtQFyxWD1fE1OQUuZyJ06QyAzU
Frame ID: 65A0646ECCF83038D04FF9C1D834DE8B
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNUWFbpww4_Qcm7KWUjYPUFDw-a4tivQ4PlMY6JoSJXrQYzwcf5piaqdRTdjTwx_dKHxOFqUi285m9u43dHQQkjz_wwAAfQPtlUPcRtI6APstee9xArhf_nBWclxXD3X4KAs3tUuqqOMhvEyBzbv2XaCk_OL5Gb79-dcuKo3EF68Lrl8GoQ
Frame ID: C3E6A02070595E9E1BEDD3E8D4825D2F
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNXgIwfOcv8_7IvawHRpI03mWDuo4dZCYbWDHw9jkV0fJeTPiM1RIjo6tWjKnvnIh824k-Yofr7LauEEcEmtvdPs_2OjASSnz_ZUFY2iXQbDUlDE-btwgKhf1w5qL7y-hkirGbYMcPW7h9_ekHD8kXsVTT8_Ud8PvAQqMi3z1gUaLQ2Y4p4
Frame ID: D8A4D505518C4FF8E63644C66348D46C
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5D9B929AD313F6BA920711244658A6CA
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=2XFlhVqEF4&t=1&renderingType=2&ev=01_247
Frame ID: 59AB3729E7D841AD55D5B22538A4A778
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 763763C95689209CE7FFD94499234297
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B679F12D07B448699E59FA947F67DC5C
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=v5JKLw99cE&t=1&renderingType=2&ev=01_247
Frame ID: DD2EA9CDFF61600A509CA28530D24A0F
Requests: 13 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=CCfblklzsh&t=1&renderingType=2&ev=01_247
Frame ID: 7E1CD0E7ADEE489BF9535042D68C699C
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
Frame ID: E17C3B13C605D9603637AEF586C7161C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
Frame ID: 68313559205C0E10A81F46C8829DF544
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
Frame ID: FBC671872084382F763BD66E78DB1840
Requests: 1 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/pbjs
Frame ID: 35997BB17E4280B9D9548A8861AD9CED
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Frame ID: A6F12E966FEDA1F60554BAF440145821
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Frame ID: D1ED6B7F018496DB4FCE4F93E548E4EA
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
Frame ID: 5F8494013BB1D5AEF8950022053C0C14
Requests: 3 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: F6D4BE9E823C9AD19A52F8B8FA2454CC
Requests: 1 HTTP requests in this frame

Frame: https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Frame ID: 882078594E82BDC012281151C4AC9025
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5634CC78-DA28-47AF-B932-36CFA8AD99FE&gdpr=0&gdpr_consent=
Frame ID: ECE2CE950DE76D5720E4B7C02C624563
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2608005241808991919
Frame ID: 828A2419666D60B51F0F02BCCFC5EFCF
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d1226363-d4c5-4500-be25-b93bd0ab20ff&gdpr=0&gdpr_consent=
Frame ID: BA0A8DABD35715A09D7875BEC2ED2AFA
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 4799278680870348B8444A397D9097ED
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=5634CC78-DA28-47AF-B932-36CFA8AD99FE&redir=true&gdpr=0&gdpr_consent=&dcc=t
Frame ID: 8C70C08386D0E72B1271F96C73BB64F3
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4641496546696765454&gdpr=0&gdpr_consent=
Frame ID: 2776670F3039F9628FD7B5A9189D2620
Requests: 1 HTTP requests in this frame

Frame: https://sync.quantumdex.io/setuid?bidder=pubmatic&uid=5634CC78-DA28-47AF-B932-36CFA8AD99FE
Frame ID: 542086ADF4F890EA1E9D23D9C074AF4A
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

file.io - Super simple file sharing

Page URL History Show full URLs

  1. http://file.io/ HTTP 302
    https://www.file.io/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googleapis\.com/.+webfont

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Page Statistics

205
Requests

86 %
HTTPS

26 %
IPv6

37
Domains

56
Subdomains

41
IPs

12
Countries

3624 kB
Transfer

6752 kB
Size

52
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://file.io/ HTTP 302
    https://www.file.io/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 66
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBaMue9Tk78ZmSdGxtbBzH8&google_cver=1
Request Chain 67
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y2PUwioVRxd9kzhyr6s4ngAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECIGm55bXbeusVCq8OrT6Fo&google_cver=1
Request Chain 68
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEJj3q3kkoW_Ik8CJl2N_t-I&google_cver=1
Request Chain 69
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY0MTQ5NjU0NjY5Njc2NTQ1NA%3D%3D
Request Chain 70
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBaMue9Tk78ZmSdGxtbBzH8&google_cver=1
Request Chain 71
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y2PUwioVRxd9kzhyr6s4ngAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECIGm55bXbeusVCq8OrT6Fo&google_cver=1
Request Chain 72
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEJj3q3kkoW_Ik8CJl2N_t-I&google_cver=1
Request Chain 73
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY0MTQ5NjU0NjY5Njc2NTQ1NA%3D%3D
Request Chain 74
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELX2vn16E2F3fclKnoTisS0&google_cver=1
Request Chain 75
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y2PUwioVRxd9kzhyr6s4ngAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECIGm55bXbeusVCq8OrT6Fo&google_cver=1
Request Chain 76
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEJj3q3kkoW_Ik8CJl2N_t-I&google_cver=1
Request Chain 77
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY0MTQ5NjU0NjY5Njc2NTQ1NA%3D%3D
Request Chain 166
  • https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
  • https://ups.analytics.yahoo.com/ups/58424/occ?verify=true HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-0XkTGqNE2uHtE2Pe92GWmuecYph9TGzqw8lc1G0-~A
Request Chain 168
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=appnexus&uid=4641496546696765454
Request Chain 169
  • https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1 HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=between&uid=e1a76d75-437a-5233-ac6f-9beecf0c4f2a
Request Chain 173
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dmedianet%26uid%3D%3Cvsid%3E HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=medianet&uid=0000EEA
Request Chain 174
  • https://ssp.disqus.com/redirectuser/?partner=valueimpression&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dzeta-global%26uid%3DBUYERUID HTTP 302
  • https://sync.go.sonobi.com/us?gdpr=0&gdpr_consent=&us_privacy=&loc=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D18%26buyeruid%3D%5BUID%5D%26r%3DCid1YS0zYTZiYzFkYS1kYmQzLTM2OGUtYjkyNS03YjZjMDMwMDk0ZWIqYGh0dHBzOi8vc3luYy5xdWFudHVtZGV4LmlvL3NldHVpZD9iaWRkZXI9emV0YS1nbG9iYWwmdWlkPXVhLTNhNmJjMWRhLWRiZDMtMzY4ZS1iOTI1LTdiNmMwMzAwOTRlYjIBEjgB HTTP 302
  • https://ssp.disqus.com/match?bidder=18&buyeruid=c1e20704-75da-478f-a098-75759a614b48&r=Cid1YS0zYTZiYzFkYS1kYmQzLTM2OGUtYjkyNS03YjZjMDMwMDk0ZWIqYGh0dHBzOi8vc3luYy5xdWFudHVtZGV4LmlvL3NldHVpZD9iaWRkZXI9emV0YS1nbG9iYWwmdWlkPXVhLTNhNmJjMWRhLWRiZDMtMzY4ZS1iOTI1LTdiNmMwMzAwOTRlYjIBEjgB HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=zeta-global&uid=ua-3a6bc1da-dbd3-368e-b925-7b6c030094eb
Request Chain 177
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-valueimpression&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
Request Chain 181
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y2PUwioVRxd9kzhyr6s4ngAADGAAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y2PUwioVRxd9kzhyr6s4ngAADGAAAAAB&dcc=t
Request Chain 183
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Y2PUwioVRxd9kzhyr6s4ngAADGAAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEJfXZG6UUrZg-4HcFxQb85A&google_cver=1
Request Chain 186
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]
Request Chain 187
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=Y2PUxAAAAOhjuwAT HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y2PUxAAAAOhjuwAT&_test=Y2PUxAAAAOhjuwAT
Request Chain 188
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=4641496546696765454
Request Chain 191
  • https://c1.adform.net/serving/cookie/match?party=14&cid=5634CC78-DA28-47AF-B932-36CFA8AD99FE&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5634CC78-DA28-47AF-B932-36CFA8AD99FE&gdpr=0&gdpr_consent=
Request Chain 192
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2608005241808991919
Request Chain 193
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d1226363-d4c5-4500-be25-b93bd0ab20ff&gdpr=0&gdpr_consent=
Request Chain 195
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=5634CC78-DA28-47AF-B932-36CFA8AD99FE&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=5634CC78-DA28-47AF-B932-36CFA8AD99FE&redir=true&gdpr=0&gdpr_consent=&dcc=t
Request Chain 196
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4641496546696765454&gdpr=0&gdpr_consent=
Request Chain 198
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=VjTMeNooR6-5MjbPqK2Z_g%3D%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Request Chain 199
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=f8196363-d4c4-4400-bff0-fb0a04d4dd3e
Request Chain 200
  • https://pixel.onaudience.com/?partner=214&mapped=5634CC78-DA28-47AF-B932-36CFA8AD99FE&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0
Request Chain 201
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NTYzNENDNzgtREEyOC00N0FGLUI5MzItMzZDRkE4QUQ5OUZF&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 202
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEIKvw9bqe2_YVpI35KCkQfE&google_cver=1
Request Chain 204
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3487740793890318401

205 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.file.io/
Redirect Chain
  • http://file.io/
  • https://www.file.io/
410 KB
104 KB
Document
General
Full URL
https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3da0e43e9cf8fa4cf33b0e8aa683493281ed4734ebdc152e7ba9a90f4d2cd0f9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
39916
cache-control
public, max-age=0, s-maxage=86400
content-encoding
br
content-type
text/html
date
Thu, 03 Nov 2022 03:43:17 GMT
etag
W/"60e3d2540949671f9263794d55293524"
last-modified
Mon, 24 Oct 2022 09:05:43 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-cf-id
CZ6j27lKkp_dV3rXbgfet57wM5O2PX-pWUMsd9hGGhsRKsnYpd8efg==
x-amz-cf-pop
FRA2-C1
x-amz-id-2
GzydRgX6bJbC28UIa2FnvMIFx0lyKgz25rfyuyv0/sQ5CP3epcvCkbzR8Y0nWwG4YcxD53iWvOE=
x-amz-request-id
2HAVE7S7VYSZS87X
x-cache
Hit from cloudfront

Redirect headers

Access-Control-Allow-Headers
Cache-Control,Authorization,Content-Type,X-reqed-With,x-requested-with
Access-Control-Allow-Methods
GET,HEAD,POST,PUT,PATCH,DELETE
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-RateLimit-Limit,X-RateLimit-Remaining,X-RateLimit-Reset
Connection
keep-alive
Content-Length
82
Content-Type
text/html; charset=utf-8
Date
Thu, 03 Nov 2022 14:48:32 GMT
Location
https://www.file.io
Retry-After
1
Vary
Accept
X-RateLimit-Limit
1
X-RateLimit-Remaining
7
X-RateLimit-Reset
2022-11-03T14:48:33.096Z
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 03 Nov 2022 13:15:54 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
5558
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Thu, 03 Nov 2022 15:15:54 GMT
app-438588750f6b6905c6ff.js
www.file.io/
638 KB
155 KB
Script
General
Full URL
https://www.file.io/app-438588750f6b6905c6ff.js
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3bfbb8f42b3e79f5e8093d4459dbc75d1c9cb481c5c13c31b34ffc1890f0b787

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 09:08:08 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:39 GMT
server
AmazonS3
x-amz-request-id
SRS7GCGA4YHDF860
x-amz-cf-pop
FRA2-C1
etag
W/"bf53dfdd7a2d5df4ce50d7ce51826663"
age
884425
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
v8NxVfV5abP-zeKVSvjkt19lugdDy8D9m76ukQ_YJqdIZLTkSfbXFw==
x-amz-id-2
MRv5yEpnbL/ghwGbI9U3f9HIIoPF4wmqt5w61T64V58ftr3ybyrSyoT4QzKMuIgtmVok57bgzBY=
0eceb729-761e2b4090024f08e2ca.js
www.file.io/
12 KB
2 KB
Script
General
Full URL
https://www.file.io/0eceb729-761e2b4090024f08e2ca.js
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8e64ece70e36a6959f180c175b0bfee4d46960579cb7e56d19fdeb4839d4c9d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Sat, 29 Oct 2022 01:09:02 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:34 GMT
server
AmazonS3
x-amz-request-id
N85AKMVWEQEF5X9Q
x-amz-cf-pop
FRA2-C1
etag
W/"d8fa3e295945b4065c7adabadd2be99b"
age
481171
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
wkG0L-k2HFJQG2TdTqttvBY43vXh2gEprlXjlBYbd5Hzo4Us6Myscg==
x-amz-id-2
Czc9ZvHF86aCnaxq8QHDm+0sURHkLoII8IGtZJ+fMdAtVEep4BUOXM2uTfr81XmNGrZcELlycfo=
d6a9949e-4e9c210da2d83a376ddb.js
www.file.io/
51 KB
6 KB
Script
General
Full URL
https://www.file.io/d6a9949e-4e9c210da2d83a376ddb.js
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
19358326caaeb1ae753c10b461bdd9a6ea351654ed4608a643f2e85ff4a77959

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 09:08:08 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:42 GMT
server
AmazonS3
x-amz-request-id
SRSE0J7DGTDV1TD9
x-amz-cf-pop
FRA2-C1
etag
W/"2feda6389a53a29ad5102ef7918752f6"
age
884425
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
3osTGx4m8oNYWfc7bIDi0qe6ISMnSl0i5pam_z_TJrZm097uU6IwBw==
x-amz-id-2
L3LHmssI5k48PAA48H5dihyJAqH4BrKFEt7CjYyYYAjB75SsFBybBYOKyBMXO5BtqfHHeczAYI0=
e82996df-3c73e38611643c5bb219.js
www.file.io/
50 KB
14 KB
Script
General
Full URL
https://www.file.io/e82996df-3c73e38611643c5bb219.js
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5467779bb4c774feb582e4066d9bc4d4f7798fed06a721ef5ab2e527ac4dcfbe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 09:08:08 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:42 GMT
server
AmazonS3
x-amz-request-id
SRSCBT94885ZFG0W
x-amz-cf-pop
FRA2-C1
etag
W/"785aafc2bda0f767992456b4ba1b0627"
age
884425
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
wWqzb6XPxf-JWUp1U9wWvZm87DeXqfnaaj7frZcztPx_-GY60BjfNQ==
x-amz-id-2
tbFVwHmDl6PIyjM2veQ9XlBQ7NLY7EL6vuloNI8hT9UwcuvFvbPQYDlXBRUSz8cOlwNPk/Fav7c=
framework-8fce40ee519418a713c9.js
www.file.io/
145 KB
42 KB
Script
General
Full URL
https://www.file.io/framework-8fce40ee519418a713c9.js
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a1dc61a1ec299faace8c3bdc4de4993df47b4ac8e513c15cb0da57ecd8eb4681

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 04:09:09 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:43 GMT
server
AmazonS3
x-amz-request-id
45J9ZSR16YBGCCNE
x-amz-cf-pop
FRA2-C1
etag
W/"c4a5f7717ceee6ea81514ff62873ada9"
age
556764
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
-jfGlsEHyuDnJRnBSzwlQg5r12zKSBzeA7o-mT5YFA9KkkYsCyvr6Q==
x-amz-id-2
VNmiXd+ThilmsnQp4YGWhF4Mq89hCLTOu3B9/0qmCgOfz8SQ90Ms/Zs0P5DDfDniOhD5+WPsL3w=
webpack-runtime-048164bed35c94f5e17a.js
www.file.io/
9 KB
4 KB
Script
General
Full URL
https://www.file.io/webpack-runtime-048164bed35c94f5e17a.js
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
10dcaaf69bd430ace51c25e2c8a0d676faaedf2bce0acabaa1def47c7bcc0ad3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 09:07:31 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:47 GMT
server
AmazonS3
x-amz-request-id
MRVE1V48XWWMW8H8
x-amz-cf-pop
FRA2-C1
etag
W/"e0397cf582f6a185758876a8b057cc11"
age
884462
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
EUspIfIWeAsPauUBAenzNJTNnPKefykYYWwOitYixQlEjeRYH1kGEA==
x-amz-id-2
VU45pltBY/MukrZU57W0JAeKGZKnxSRqtGnH5wfRnH9we+KjGlFDKMwSlmmg/zwGqC8TIl4N1l0=
app-data.json
www.file.io/page-data/
50 B
532 B
XHR
General
Full URL
https://www.file.io/page-data/app-data.json
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
27b75a7887b7fd3716f7abff1ede95e77201eab7cbb4cc167d250c2082a56871

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 05:54:25 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-request-id
6V8R1ZADFD8XGD9S
x-amz-cf-pop
FRA2-C1
age
32048
x-cache
Hit from cloudfront
content-length
50
x-amz-id-2
sgE88uT8SbrOi86/m8hKaxZvzrMu10XcT//pN2lzZLexMtM/hfR/UoWBCiiHqLALbOS0TdSiZI0=
last-modified
Mon, 24 Oct 2022 09:05:44 GMT
server
AmazonS3
etag
"c2add5c1ce131d8981ee8ababaf5ec74"
vary
Accept-Encoding
content-type
application/json
cache-control
public, max-age=0, s-maxage=86400
accept-ranges
bytes
x-amz-cf-id
DEn0MT7itUlFXSzr7t71OfkC39pwujSVWqUqONkkLTNe64x1EZotzw==
page-data.json
www.file.io/page-data/index/
142 B
625 B
XHR
General
Full URL
https://www.file.io/page-data/index/page-data.json
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
74c145c786d91070055b7dbb15449cb26fea942f6af265ef4aaaaca0758f024a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 00:58:34 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-request-id
GHKP31EDH3V9CH7A
x-amz-cf-pop
FRA2-C1
age
49799
x-cache
Hit from cloudfront
content-length
142
x-amz-id-2
vsvjQlMqVIgJm27rK92OCazrH65sq0PpngsOMJiHEVbfPRdS4mif1eA+qTn1YoxU7LTnWzCQq9c=
last-modified
Mon, 24 Oct 2022 09:05:44 GMT
server
AmazonS3
etag
"296469106a3781916eca896cd4626af5"
vary
Accept-Encoding
content-type
application/json
cache-control
public, max-age=0, s-maxage=86400
accept-ranges
bytes
x-amz-cf-id
9Jft_Alskrl-cmlLAC9DIL18H8TiinhJvXvD4rGYWkZT44xc5G29Bw==
cb1608f2-c3c6ab3068acdccdccc5.js
www.file.io/
18 KB
7 KB
Script
General
Full URL
https://www.file.io/cb1608f2-c3c6ab3068acdccdccc5.js
Requested by
Host: www.file.io
URL: https://www.file.io/webpack-runtime-048164bed35c94f5e17a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fb26ba7d6c1e90849f333847be322f55b4de508d294467d7c8a7f1cd70d366f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 01 Nov 2022 00:47:17 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:39 GMT
server
AmazonS3
x-amz-request-id
WZ95WRVEJN525GD3
x-amz-cf-pop
FRA2-C1
etag
W/"be2740357851b35d3b50ac372bdc1864"
age
223276
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
3-4idRy5JD-3iA-Ojggp8BwK55X2a_F6aYGFVZnA1IUPvG5wLoM7wQ==
x-amz-id-2
+feauHhRoAPwbC++Kw7tDR9DVGyFtfOSVCBf+/14XBQKhfP9tlSD7EWZtq3Ux6bCiqlNz4rpTZ0=
a9a7754c-f1b5f9c5144f62adc766.js
www.file.io/
4 KB
2 KB
Script
General
Full URL
https://www.file.io/a9a7754c-f1b5f9c5144f62adc766.js
Requested by
Host: www.file.io
URL: https://www.file.io/webpack-runtime-048164bed35c94f5e17a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d8cb7fbdd1d95c5e5945676dab0a6572eea9ac679815e863e3c1a25abe149769

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 00:54:46 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:36 GMT
server
AmazonS3
x-amz-request-id
GZ836EYR0H8HWQHH
x-amz-cf-pop
FRA2-C1
etag
W/"4ae04cdf11989fa265bb8cc9b598298f"
age
50027
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
iI1CDnrhu4IZJtJy4PeMICS9yWV1Ryje1dXVSB5uRq4TCNgWanr_Iw==
x-amz-id-2
P0ZhSnj+HHMFq4IAYgyrWAxJ0ciEzUVriA8OuDU5vnK85Pv3X/QFlcn/w5aSa6QZjarD1pq6eVQ=
381417c15e948e10ceded78bff93c5a25db3efa3-40bf9a1dd8e6dc843785.js
www.file.io/
117 KB
66 KB
Script
General
Full URL
https://www.file.io/381417c15e948e10ceded78bff93c5a25db3efa3-40bf9a1dd8e6dc843785.js
Requested by
Host: www.file.io
URL: https://www.file.io/webpack-runtime-048164bed35c94f5e17a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
94a057fa3a8cb5ddac308191c23926e496ed8874cc71e6640806a09760e6732a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 00:25:31 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:35 GMT
server
AmazonS3
x-amz-request-id
FJJ0EXNZ43RCH000
x-amz-cf-pop
FRA2-C1
etag
W/"d7b6ca59f2fccbba3f62d8b48c85f4ab"
age
310982
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
gM52tclm8TuFY1bk7u7VNSE4oF1x3MOIDbfkqmDK4ZcqQxhaqVRItA==
x-amz-id-2
Ns1725lVM6bgU9DmryCgShz20VpWSZ9zH7IPcHaI0BO88GUOhJ7ZA7Fr3XHmqqnIO45lyOQDE+o=
a874c63d384a247abb93b2eff37b6f661aa3cb57-5cfe5a4092f64f208325.js
www.file.io/
21 KB
9 KB
Script
General
Full URL
https://www.file.io/a874c63d384a247abb93b2eff37b6f661aa3cb57-5cfe5a4092f64f208325.js
Requested by
Host: www.file.io
URL: https://www.file.io/webpack-runtime-048164bed35c94f5e17a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ec350dbc6117aa7cbe6795c6dc5697e26a6e936ba871a2266a1422f52e131a7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 09:08:09 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:36 GMT
server
AmazonS3
x-amz-request-id
W7FJJ34V3GD5AKP2
x-amz-cf-pop
FRA2-C1
etag
W/"2b921aab089ea83ec7bb825f970e0b68"
age
884424
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
s7UY2B5zzjv7yXZF-bJk81P4ct-3qaj2M5Hsz4shqDVS8GqvzDtFzQ==
x-amz-id-2
1UO22uvA0B/HYbkcJl0IkwJwf074iSXMkLcO/ho4H+ROBjm3ZnVr4zV0tFfeRll/7p2P/rUYc5aJd0bMbUoXzQ==
6043c7ae7d033d369a2fc1db82212855efeac9f9-77152812dffde4f282dc.js
www.file.io/
24 KB
8 KB
Script
General
Full URL
https://www.file.io/6043c7ae7d033d369a2fc1db82212855efeac9f9-77152812dffde4f282dc.js
Requested by
Host: www.file.io
URL: https://www.file.io/webpack-runtime-048164bed35c94f5e17a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
15a6c1f335e08bfbef5ddca3572088dfa897eaa5a7c020885e33a73e769e2833

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 09:08:09 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:35 GMT
server
AmazonS3
x-amz-request-id
W7FJHG0Z276CEB0H
x-amz-cf-pop
FRA2-C1
etag
W/"28a08914b667bd7d6c376d859bef83e6"
age
884424
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
QaGgmgXBnjm-8GwD27GcmpKh3XqpHm_HIeOoEXlYUXqHrXXOJWQd4Q==
x-amz-id-2
PpWFgMl0mGur71Fgu8M1djCeDik58sepZIqKNI8RUykvw7FUJCXehEhu0llC2N842fTw/TAluKA=
113382e39e0094637e6c370a1afdf6378943c0d9-450045684b75827b8372.js
www.file.io/
33 KB
11 KB
Script
General
Full URL
https://www.file.io/113382e39e0094637e6c370a1afdf6378943c0d9-450045684b75827b8372.js
Requested by
Host: www.file.io
URL: https://www.file.io/webpack-runtime-048164bed35c94f5e17a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d044ee74f8fa3db2665169beb777c84298dfcf3576597e286173ba1c77981eb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 09:08:09 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:34 GMT
server
AmazonS3
x-amz-request-id
W7FJZS4J0KRDYKG0
x-amz-cf-pop
FRA2-C1
etag
W/"2b80969bb40c4349478b01d10f1143de"
age
884424
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
iGsIVtRxOWVM1X1UTjYEHvYNenoQI9wu7Ug7TF8s-ohmgfV7DBalBw==
x-amz-id-2
drfSvL+PY+Ksh4SelSun7ofLoXZBlGTPlf11nTEjIvcjzMPMGmKKtzGcKP7bo/kTP8jHNyrsdRkSUxYgWC6T+g==
5964903858f8beed589c20c7b2b6be9e8ad2d202-93820d2402a8e0c48146.js
www.file.io/
15 KB
5 KB
Script
General
Full URL
https://www.file.io/5964903858f8beed589c20c7b2b6be9e8ad2d202-93820d2402a8e0c48146.js
Requested by
Host: www.file.io
URL: https://www.file.io/webpack-runtime-048164bed35c94f5e17a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1febd05863543deec054ba709e090a74a7e17cccad0cc4c18a3d9aa42be2de29

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 09:08:09 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:35 GMT
server
AmazonS3
x-amz-request-id
W7FVYDXVQ2CWMPD5
x-amz-cf-pop
FRA2-C1
etag
W/"a5b5aa5040f05ebd1b6880bfd2f6bc65"
age
884424
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
FTyIdIcBdSCTynzixyqKFXVJbEAZx94-1Ir1z1EoUIpne7HDcDp1Bw==
x-amz-id-2
1JjJpA4lZIqNK0jmAaw6mqCiH5bf2nTVP3WnEdChITlYPsU7JUr3gincx9qxhTdz12Sd3SORC+0=
7945792da56c3b3a1d41545388fa0f1a82bb20d6-62e953e2c8e505992a10.js
www.file.io/
5 KB
3 KB
Script
General
Full URL
https://www.file.io/7945792da56c3b3a1d41545388fa0f1a82bb20d6-62e953e2c8e505992a10.js
Requested by
Host: www.file.io
URL: https://www.file.io/webpack-runtime-048164bed35c94f5e17a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1973c59776e5bbd8b11fa3fab9b12ba5ab1fb670a71e7768ae54d43d79c0e92f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 09:08:09 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:36 GMT
server
AmazonS3
x-amz-request-id
W7FVSG247HM426Q1
x-amz-cf-pop
FRA2-C1
etag
W/"c47f7fbac72308f4a775faf72c61a12f"
age
884424
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
KvZbmdWYdN3454IZ3CWBjV54tjE1EPNZxx0hl050uNPks4hWJm-BZQ==
x-amz-id-2
zwhe8+DvxawNBM7++EIcM81juqLTcLrKW+eNP5Hdpt53eLQVzBWYZl+J+otmTuvBKR9rMhcPWUU=
e98b170d240584cc273f592e36a9137245db2ee9-dfa71bc7c182e143d729.js
www.file.io/
67 KB
20 KB
Script
General
Full URL
https://www.file.io/e98b170d240584cc273f592e36a9137245db2ee9-dfa71bc7c182e143d729.js
Requested by
Host: www.file.io
URL: https://www.file.io/webpack-runtime-048164bed35c94f5e17a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2c6c40892eeac45630835e71ea88a7bee39454223bc54fdeae25ed642cb11a6f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Sat, 29 Oct 2022 01:09:02 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:43 GMT
server
AmazonS3
x-amz-request-id
N851FSPFJGAYFA5S
x-amz-cf-pop
FRA2-C1
etag
W/"d3020b9765fef3dbbe2edff35496bdd2"
age
481170
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
_O6OYXCvWUcDPnkUZLDhNRgDORQQzo9tPMAyV_5VsGBe2URGOoOtXQ==
x-amz-id-2
sooaWBkT6/v8uVfXCE9hDC7CJs+3nCa4hyTr+8emVcAAkkYNTlYqnIq+/9j4m8iiTvSt5MTDaXs=
component---src-pages-index-js-f2df336e7aa984bb0da3.js
www.file.io/
48 KB
16 KB
Script
General
Full URL
https://www.file.io/component---src-pages-index-js-f2df336e7aa984bb0da3.js
Requested by
Host: www.file.io
URL: https://www.file.io/webpack-runtime-048164bed35c94f5e17a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
73223b29ef8f9997f60ee62fc27ab501a9fd59db27f8f180ad726071cd659b14

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 26 Oct 2022 00:49:19 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:41 GMT
server
AmazonS3
x-amz-request-id
WG9FAE1DVKFFEBPR
x-amz-cf-pop
FRA2-C1
etag
W/"02c1c144572d02a2c86bdc62c65be517"
age
741554
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
OpXtNP6WumA283jAPgMlMtyjUj_4dov_HOjoEgGQtRwzXpTYPCUNFA==
x-amz-id-2
oUP3T6UxUXDiWZM164FsaAmIcgSrullJnj7zb08hQ3hXgqfrELSP64cswwlMahnZSfAkPx1lA80=
1655680770.json
www.file.io/page-data/sq/d/
447 B
933 B
XHR
General
Full URL
https://www.file.io/page-data/sq/d/1655680770.json
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d2b39ffcc4994277d64afbdc2fdf1f9320dd33207dba07a324f21a1bb67d4a27

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 04:25:44 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-request-id
0C1B6SH6ZZQRTR51
x-amz-cf-pop
FRA2-C1
age
37369
x-cache
Hit from cloudfront
content-length
447
x-amz-id-2
ht/+5VOhBUQth/eNmf9E6zRT4xaFxcRHOk2/cHYhjtypZEC0kfcJBuGXAe8jhne7K8PubLUR4bQ=
last-modified
Mon, 24 Oct 2022 09:05:44 GMT
server
AmazonS3
etag
"c839c57483bd5d788408e7fc88e7cc8d"
vary
Accept-Encoding
content-type
application/json
cache-control
public, max-age=0, s-maxage=86400
accept-ranges
bytes
x-amz-cf-id
XIOTyxrTumXljWwTncfBNvplP4SVGCJUaBEhTZ6FvpoXPvC28EobCw==
1810866655.json
www.file.io/page-data/sq/d/
2 KB
861 B
XHR
General
Full URL
https://www.file.io/page-data/sq/d/1810866655.json
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
17a9b1943f50a130af854afbd05878dc7f26f835a127531ee7c785522731818b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 04:47:12 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:44 GMT
server
AmazonS3
x-amz-request-id
RWX731XAXGZC71DM
x-amz-cf-pop
FRA2-C1
etag
W/"7bb0144e136507cd9bfbaceb72189d09"
age
36081
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
cache-control
public, max-age=0, s-maxage=86400
x-amz-cf-id
sOKGkm6IDCTX5dCVn-3DOXRbV66Tsn3i6fEqaznk6j1l_x48-pQlgA==
x-amz-id-2
CcqXTWuk/VvGJg5+mNUAG4XH6k+KrKZAZP/sT6WHtoV2b6Zf/Q8CwXts58hRXPL4/iSanbrRchI=
gpt.js
www.googletagservices.com/tag/js/
80 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: www.file.io
URL: https://www.file.io/7945792da56c3b3a1d41545388fa0f1a82bb20d6-62e953e2c8e505992a10.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1cd6dc991527a540b47fcb612476b56efeff3beff9ddd260d31af7e1a0939b8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27423
x-xss-protection
0
server
sffe
etag
"1382 / 324 of 1000 / last-modified: 1667473691"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 03 Nov 2022 14:48:32 GMT
prebid7.18.0.js
www.file.io/scripts/
163 KB
48 KB
Script
General
Full URL
https://www.file.io/scripts/prebid7.18.0.js
Requested by
Host: www.file.io
URL: https://www.file.io/7945792da56c3b3a1d41545388fa0f1a82bb20d6-62e953e2c8e505992a10.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
280d9cb374b03e01072f2db3b7f1dd3c2d767e601c52212d7393f4f7158a08dd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 09:08:10 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:45 GMT
server
AmazonS3
x-amz-request-id
48T0FY3STDN5MWBT
x-amz-cf-pop
FRA2-C1
etag
W/"c488e1001b33af7893c3558f28b0fac8"
age
884423
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
65G2-jxjOu8dX0uvOsh-G1eSBYBruy6dVShDP1NFmp0OElT2NYnBPg==
x-amz-id-2
jnwnZcd/3jvZD0E7Tmkj6ZJ+9PRo2To6H8j2dqVdeA6aRlxJs4Y0ykD1oxUEA+Abedi2b3FbVl4=
ads-hodgepodge-ad-61589d581d2636ac2a38.js
www.file.io/
8 KB
3 KB
Script
General
Full URL
https://www.file.io/ads-hodgepodge-ad-61589d581d2636ac2a38.js
Requested by
Host: www.file.io
URL: https://www.file.io/webpack-runtime-048164bed35c94f5e17a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
870981ad8d93bcec8b2a487ee4efb161adf0241410ecec1fcb33c14a994555e8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 00:52:08 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:38 GMT
server
AmazonS3
x-amz-request-id
JKXH9KJ8P48AHG62
x-amz-cf-pop
FRA2-C1
etag
W/"8faee19bb807b3a2874fa928075b1226"
age
568585
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
FayLId_NTHeW3T9i9DXlAQo5o1eOm27jYZLTtjarDQXvItSbpNXGYA==
x-amz-id-2
SUi6XwQilwPkfL0EJWtUVDROj73vATlGrBTAdG8ST/oIUcvNT/Gx0p8XlpbWuA176DmODSVPEgM=
Inter.var-c2fe3cb2b7c746f7966a973d869d21c3.woff2
www.file.io/static/
317 KB
318 KB
Font
General
Full URL
https://www.file.io/static/Inter.var-c2fe3cb2b7c746f7966a973d869d21c3.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
85f08b5f51e36ca7e961a033c6bb61d7f0e44aa0984646383ecac648e98fdcc8

Request headers

Referer
https://www.file.io/
Origin
https://www.file.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 09:09:02 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:46 GMT
server
AmazonS3
x-amz-request-id
W3XRACMSY7QT2C89
x-amz-cf-pop
FRA2-C1
etag
"8dd26c3dd0125fb16ce19b8f5e8273fb"
age
884371
x-cache
Hit from cloudfront
content-type
font/woff2
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
324864
x-amz-id-2
sSSvEVeGWnw7g7RUFP6xImOcCkbUsEPYe9N2/GzPM+Ki8UbN8r3w1aufQi9nenxqJwIhpSVIU/c=
x-amz-cf-id
-BZ2xRZ4t_Ewo60E4lv6cvZDYRuZI0Fvt45Yvea4dx-i__3vNsqWcA==
collect
www.google-analytics.com/j/
4 B
206 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=176391105&t=pageview&_s=1&dl=https%3A%2F%2Fwww.file.io%2F&dp=%2F&ul=en-us&de=UTF-8&dt=file.io%20-%20Super%20simple%20file%20sharing&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAEABAAAAACAAI~&jid=1722705234&gjid=1493300529&cid=1716036296.1667486912&tid=UA-65658019-1&_gid=202236746.1667486912&_r=1&_slc=1&z=1781390248
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.file.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:32 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.file.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
1 B
436 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-65658019-1&cid=1716036296.1667486912&jid=1722705234&gjid=1493300529&_gid=202236746.1667486912&_u=aEBAAEAAAAAAACAAI~&z=269204319
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.file.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 03 Nov 2022 14:48:32 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.file.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_2022102701.js
securepubads.g.doubleclick.net/gpt/
379 KB
128 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102701.js?cb=31070654
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
58174fa028b2681d2f4ca49c97cca5ec0967c1429ac25487826ccf0e2f8afc0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 12:48:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
7213
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
130801
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 08:36:23 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 03 Nov 2023 12:48:19 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
90 B
720 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.file.io
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d4827b4382942d50b4fde2add4cef0d770dd3ba602e5a5906c9134f215fbfc09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
84
x-xss-protection
0
expires
Thu, 03 Nov 2022 14:48:32 GMT
pbjs
useast.quantumdex.io/auction/
0
262 B
XHR
General
Full URL
https://useast.quantumdex.io/auction/pbjs
Requested by
Host: www.file.io
URL: https://www.file.io/scripts/prebid7.18.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.file.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.file.io
date
Thu, 03 Nov 2022 14:48:33 GMT
access-control-allow-credentials
true
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
7645e9556ccabb97-FRA
access-control-allow-methods
POST, GET
hb.php
bid.glass/ad/
19 B
317 B
XHR
General
Full URL
https://bid.glass/ad/hb.php?src=prebid_prebid_7.18.0
Requested by
Host: www.file.io
URL: https://www.file.io/scripts/prebid7.18.0.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
64.20.35.44 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
bid.glass
Software
Apache /
Resource Hash
6a1aa3bcfd973ebc6bf69ae5551f82e379e0f362be2b09c3381857b41b1d97f3

Request headers

Referer
https://www.file.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 03 Nov 2022 14:48:33 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Keep-Alive
timeout=1, max=100
integrator.js
adservice.google.sk/adsid/
107 B
793 B
Script
General
Full URL
https://adservice.google.sk/adsid/integrator.js?domain=www.file.io
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102701.js?cb=31070654
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
550 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.file.io
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102701.js?cb=31070654
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
45 KB
15 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=134184137640835&correlator=4320551226680864&eid=31070654%2C31070657%2C31070110%2C31070559&output=ldjh&gdfp_req=1&vrg=2022102701&ptt=17&impl=fifs&iu_parts=22175459031%2Cfileio-halfpage-gallery-1%2Cfileio-halfpage-gallery-2%2Cfileio-halfpage-gallery-3&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=300x600%2C300x600%2C300x600&ifi=1&adks=2093335146%2C3306312227%2C2065559030&sfv=1-0-38&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1667486913176&lmt=1666602343&dlt=1667486912290&idt=672&adxs=393%2C806%2C1219&adys=328%2C328%2C328&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.file.io%2F&frm=20&vis=1&psz=413x600%7C413x600%7C413x600&msz=300x600%7C300x600%7C300x600&fws=0%2C0%2C0&ohw=0%2C0%2C0&ga_vid=1716036296.1667486912&ga_sid=1667486913&ga_hid=176391105&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102701.js?cb=31070654
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fbd144a071030b8e0ed1ceba65c6b245ceed3bcceb9b2e427992e931eff9ccfc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:34 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15661
x-xss-protection
0
google-lineitem-id
-1,-1,-1
pragma
no-cache
server
cafe
google-creative-id
-1,-1,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.file.io
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/
15 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022102701&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102701.js?cb=31070654
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0c26538c0de1d47480d898d2ef153cd6207cfea4f14933d0f0e7a4313b292386
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11383
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102701.js?cb=31070654
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 03 Nov 2022 14:48:33 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EAFB
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.file.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
2310
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 03 Nov 2022 14:10:03 GMT
expires
Fri, 03 Nov 2023 14:10:03 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 296F
783 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2b97688e60e96072449ce8af99618b05a0fff71a94bc1f8905f876bd9318c93d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-j8P-v5f9kyhTHiynWO5QeQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.file.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-j8P-v5f9kyhTHiynWO5QeQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 03 Nov 2022 14:48:33 GMT
expires
Thu, 03 Nov 2022 14:48:33 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
sodar
pagead2.googlesyndication.com/pagead/ Frame 296F
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022102701&jk=134184137640835&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
pagead2.googlesyndication.com/bg/ Frame EAFB
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 06:44:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
115465
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16118
x-xss-protection
0
last-modified
Thu, 20 Oct 2022 10:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Nov 2023 06:44:08 GMT
generate_204
tpc.googlesyndication.com/ Frame EAFB
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?O3fL6Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:33 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022102701&jk=134184137640835&bg=!HB-lH1vNAAZPh4lnb4c7ACkAdvg8WtDUMr6QgE7hJ3bWvXN37TpAkSX6orFTG_YwD_vXAzZn_wEvawIAAABRUgAAAAJoAQcKACVviRjwhNQNwu14A9SrwXzWG2hvMS67_pLpIbEAR0FMEIYCNNQBmQKVnpMUREJqROxSMLvgOcqUqcaVfQCvC5bMtbonMdnaeSbTlgYpIleHh2ttraGrpbK0ZAZ2HQXFsPUIE65MxwovfAbr1oksD2v1XigVwJSaS0bAvkREGdQKm1MHLNnh7poIqzUiq2WVZGm6XVA3k2LKzqRolJ6bO6Ak5TwlA7Wv2VFwcLwW6_lKaSPlk4k0SoTTAVqLQS0mn6yxS_HvFTH794CUodMyKuFGL-3Bn1S65sP7mIjQWqrV-hkMNvflc_2dlOJVVln-nZbm8aVIYitZujbZHvRqgtWH-OEazYiA9fIdYKhzQcZ_jheiVUhLphJvQKreYHkjA710BYojZ_Mq6h_QXDvF8SVuGEnhyA6PvR4m6rrg_nO719IMvO2sNhwtTydLwJwcay8webv9Yoq5r0Ba0EiWbQeE0NOVa3QbenDWCbnWDnANrH5R8Pi5DDKbLjlXlXW_PPNBGC9bRQ3Bf0rDf51CAih71S-W6nW7matP1ck9fz4NFmS9E2geDLd267hOJq_CJqFKj9KJ-3P845rpRdVhtyoBJqef4wBkm2FSNOqnUfaPqEVJDkQT8rqibpBusW3nebNbx7pkQC7JppyQRRxGUrvQ7hbuAZMHnQblOTzenxPRLo4wgKNwhFV6bv9-rqDz-rBBIQ1cBtQcqn4GX_K740HYljyfHMQKqtSM0XQIY-MOhiewi7c1QWrxaN9BuOh4Sizqm9g3TtvchO2HOP9ItZyNWBKcE1NVTKDk-maQ_BsEYSsdiST-_V-tgl_-2kTVPkqmNIkFzddOGH-6YBiTCT5pBgGcxxqy--ZtQFv5fEZj9FdAnvTPcClcauLK8NS2QTYxS5dT-aM48wL5yJP66IM0ZbnmQRjjCA5xO6Q01A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

container.html
399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3621
6 KB
4 KB
Document
General
Full URL
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102701.js?cb=31070654
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.file.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 03 Nov 2022 14:48:34 GMT
expires
Fri, 03 Nov 2023 14:48:34 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F7E6
6 KB
3 KB
Document
General
Full URL
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102701.js?cb=31070654
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.file.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 03 Nov 2022 14:48:34 GMT
expires
Fri, 03 Nov 2023 14:48:34 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B470
6 KB
3 KB
Document
General
Full URL
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102701.js?cb=31070654
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.file.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 03 Nov 2022 14:48:34 GMT
expires
Fri, 03 Nov 2023 14:48:34 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame 65A0
624 B
559 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNVyqO-UVq8fBGweb8TFXdUb3OMmxIZMUOyScBvGJfJWUZuiD6459IP3GCebALmO3jaCvJi_7n6dSJVFn9uZYUo6yM_0aJZK5RjrlgB301d_1myq-F-Hm-t7hyCspt2oq8j2Vj9Q0R8gojEqtsTGPsXlUQtQFyxWD1fE1OQUuZyJ06QyAzU
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 03 Nov 2022 14:48:34 GMT
expires
Thu, 03 Nov 2022 14:48:34 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 3621
86 KB
35 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DWp20Jc2cmglCyWxVS3MdsamvBg5OhK5DxCl5rOZ_qEMHi6kVeWk2M4WkPWikkzqwqqSvOSRMaeQQApEJHSILWCDc4Kc7BLA_JNoddlkQzctUU2eK3Qzji_23NWIqS3ygDN72LvffXoofBSVbC7IOWW4UZZxdiRcvcUSz81AiwSFNoAPQ&dbm_d=AKAmf-AsDUJalEYwRlu8vfj1sIHxk3gZD3KuoQ6gU3Cc5Nw5nypOB8UnioQkfL0LvoN1SX4j9v7joEdYZITIr5I7p1xdQq1zvfiHM3KB1EFozW1pfJ5rwdBS7ZcQ9a7RDzPRRZCxdRRmJib3mmrNfUUQ8kU1-IVoixrbDRJMW_cQa2Jm_KuBjjF16PtVbCZ8_91I80gbHQj3z9Swu5eAMniRl5TyHlgcIg45Dydw-T2XaWHWlWYKAB9ry70FN7VkKo8ZmvsKaFzVvzlFBC8BQBeSGjA1TnFEsAmJOBiMc4opGrkB1stwA4ayrxDhixkQBz7RVKNT9gSOwCkXIUFgJLbl9Vluhq7ydNjf4oR6Nhn5BwYVnoXybcJMcpyT3INPYYAxA04TL_a82JZHF9MbU8r6SGWRTvr6e7rcdAVkPmWX-3sVFOQPi8sp0Zst66lxJbriuxC-l1odKtFG3wY9znlwIIq9DDDXtYjpi9bubjP8lckSqXiUuwUoBRxM6jlOaWPGryiu7Jbcme-AXVW_x6H82gZQzQeZJy2w2yJM2obkq-qtp_MR8BNBqU-wVUR5PrPALOSoGcfkgZecRT7lKkjB7eYTQB_aLMK2yRDwNA_V4bwrUlyon_-zRRhBWo_TfYyK77XrbI-jH2SfoXfpDMBGhGfeHPZsbahp7esldY4ihK_YnnkzODpBBPfo1UDQADicOam08sX8Y1-apy745j5BtlfFqMburo8qcngslOsIB8RvZlizlHG9Uf8Q2z3du-yVRtR1LQ24pXv5nVbkiIxPYYqkbweO5GUYXBR1AXdfb-ovYWgqcJKG6g41VbKytiH5nDNf4EQCm4dJfILMTKcWtB_uTqsa3bANBZFwSPTGNqBYj0rLbHiUzE0f_eZ3aqKb3SNyh_AqT7PIVkeJCn6MrCHh3einPrdXjVHvQx5W-foY2v453SZhl9dDpE9gvLgpKoc2QXnafEbIlDdWC9kGxIDwi_lQzUJixcgw0fdrE7FuE1FaBb5n6_WAW6uaTi5l57M81FCKg-azwo9F4EADLSK-Pr2MeKvkpzWTEVGLx_Rizqd8c7MhQxYb7wTonVkOtMZkz2GFQbXMMk4AOXqQOF6NcnGxHyKrtClotssBYEoAbslS0SM-60d08IM_vxJ8HtU6xj8lwpBlCkVIZrZ1NLAlLdmjrcn7CSfcen4Pzky7uTj6Y65vUfS5lhU6m2piKCSEPG2j6YXN-BlWiRBZ7NZlwMWTjmpLiboymEsxSvtjwn2gsdIctPq-1j0mtaz2DYkzAZZDlfkNVxAIweTUTXvfmVBCf-PVyGcbTE7XJNTd66oFMw2Wqi_Bp677UAooqj72A2_Wv7ZgRA6R6BKIa_NqStzgm7ykp7d5ZGO0TdaRUNzAbAdJU-fd6Qglbyhc4U2zaG17ib-MTznmEE0v_cUeKqC5IsP-TFM9xuvwzA2WobcsNb1V_jlWQZtz_7IxeomFCAKa7310VM4IJkKPpT4g_GhhcIwpwHhPCsYdsEY2yawxzWcJrUdxr6SSm0Kn4d9BrZV93X4lNj-1dDMyolp2Jk6qzpZag1W5KMyPY1kdyEgRzeOORZhQ0fp5-A09MiZGxRQPENR5slteclIQoiK_1lu3uEU_p8poFRzJkkovd1P3uGyzka30zBHp5qobAZpglnrB1_ZpzcnDaWuNyTfLPVJUrGBJAtnUnq29WGYHWuUAlnFjmjAG-rw6nTu50hJVsrQNjj_dLxadJh2MiRD6xJuzatMse6eERCO5fCuHT6RXBSuaIx03K3J3U33tHJiDXyCqGTr32UBvGanHB1xZnR24nXN9l5qMISIYb6kxC2ktUMg_C6z94Vw1E0PIvbtbFZ-ASDhjzibHtMjGYet0DaBP5OZI8hOCbCPkCBrcUyHoFC570IIO43hlvLjJyXnVGhyDDyu6fOSCHgJRb7WXmIhxIOpuWUKqI6o3JLfO-QOJYEgRnpoviOPrfRm3qEudou0wCrJFJg36loSJv437k4rJGivPeU5XBe9sZ6CfkypK1q2p9PlE47oOT99kMdRJBFp03pnelX9aGQRpiVnM3EFOzwVw2mGgryU4cOzsvCKtTqfBhbDYmUEXxanNABfpcqH9YDfEeu7sgi7jvG6cySfq30SGSd10OKWFV0ZS_zIcbvtxYlCgG1a1hYTo1a_nt5j5X3ZbfPwwIYqlguCX8HmnUz-EqpLITbYtinpFAYr01llEzJsZqWWr8LyhQBQinbynmQwI39Qhj9PgpmCyOawruer8P01OHIxhuj-mSimRMwVeVd-v6oaynUdRdGp_OPR6YYaGdnW1pRUEufhcBV60l4wYCcTGkKX16rMtAkqysrBvoIBJcJziXQAZOfkfp-GRbKuXAb1Mu3M7PMkHy_Yd0H4ykN9xcZjn13SKoHGrBynitHvZoDQyksO33PVHUYOv8FvInHvG4oyKp6Q_7kDpi8gW4Ge6fj1A-BYwvL81_TSY2ZjO8Qk0fsCYRc5LKfAgsBftL42NJBA1QbCy0MCA1incW64_dFer2mw_C2infV10GxEIDbqbYvkQIFIGBJstDpqn9644h50VZ0p6l1NHHATNIJzqV9rA7XB-wi3_qFSx7I0XeycaqgHtuLqJ3cWR8R8dJtyhCm-gbt6RGrKF1iR7vdEtLAq_wsjjtpEuIOcOfyXgPWq91XesgindfFLuo2_6utEdLYM63WFdyV5NR4O1qAmbK4YDryAg6jaP9iJzumCI1shYRl_xneXR3f5DBelI1X1lEK1JfcmxiUtxOhkWkhhlGkN8DHzgJWIfEUNFKzEtBuTzCsA2ye9UULuXrF-WX5v7WirLRHJsHbS2_6gbIf5jQe3OYXQM8yFAq-8CBqHN92MV8Xzjiu8sCTFYCg6_U1WkTePmNIJ934VuXoKLPAbnVmbFXCyz2iDGyp_gopU7BTSPGXY2AFKmEOolq56zK3XXwxbZP1UN5mc_ZJlhnT7UuSthKtdUuDwafUlEjAuL_m48mo5L-3ODAXeGocEqV6V10I2WTC-MvHjApUJgWf6PtOALVjqhMImGCDb4oD746XpL_VtAEoxy5uT1kSicjxln1sikYVNKF6vVMcMhD6kPGnEraBwmtzqalFvUF4vuJageEAb3XDtEC0AwHgfbFvfr4TAtj0FxxEdfGMoHY8KbckXHO1Gzj3zbRT8vlYImH32OxobqszmGV3wTty0RxQRdaf4-XlkojwDKmvDUlf8Y0BKlvjAt1_wZIBZe-mcPQp4FImx7eDtQQCS5myVe_4YUFLCgTiUn8x6_bBlu9gzy1DRhdW2mN4CQXWnzebuF5Kt_n_8r57gecDNvsBP7muJxqFhWucHEI83f_YHWCzwzKIvOykjDzWCJ9McEfoWX49AXg18Omt1bVs85rKrNO1fORK8CLeBJMkzOWfeEsJUOEw6yYsl6LBM_QbQ&cid=CAQSPgDq26N9o1qNCJKbap5XTFWn5fPdy-dkSIc06EsTAPjGe4zxG55c5zIABEt2SXmAO5BZVGtjhf9rtx65S8YOGAEgDg&rfl=1%2Chttps%253A%252F%252Fwww.file.io%252F%240
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36e52c23f9b0829f02c4cf7524cab2891d4f8dfdd123e8f4d20500625e1656b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:34 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35738
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3621
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D2Vitc2sc0prvu8sUN-56nNAkE-TJdbgAX3K81lYI93ojgS3dZWF6KyVwWhv43I-DLIkNyH__DMd92EEiqId7uRdq0rg4rATtBQIN7AjVI0eHZgko
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:34 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame 3621
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/window_focus_fy2021.js
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 13:17:57 GMT
content-encoding
br
x-content-type-options
nosniff
age
5437
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Nov 2022 13:17:57 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame 3621
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
71d49d865114d9bb25bfdfc0272b738cdfd771749b21360ce5fb40eee3b4d986
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:35:23 GMT
content-encoding
br
x-content-type-options
nosniff
age
791
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7305
x-xss-protection
0
server
cafe
etag
12747696668401323709
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Nov 2022 14:35:23 GMT
l
www.google.com/ads/measurement/ Frame 3621
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSUDsDg07ODMojNXuMO2H1YSdY-GrjczzXNbG6zUN4pxWN0kRi8CUWvCxHm29VmS3MDQTkLoNSldELOacM3HOZCKVKtCQ
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 3621
153 KB
47 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6e09a6d66cea44aed01cd3c0e4224d8ec505d0ef42af7a3184f6e7523bc5b462
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47848
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1667389194171289"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 03 Nov 2022 14:48:34 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame C3E6
624 B
560 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNUWFbpww4_Qcm7KWUjYPUFDw-a4tivQ4PlMY6JoSJXrQYzwcf5piaqdRTdjTwx_dKHxOFqUi285m9u43dHQQkjz_wwAAfQPtlUPcRtI6APstee9xArhf_nBWclxXD3X4KAs3tUuqqOMhvEyBzbv2XaCk_OL5Gb79-dcuKo3EF68Lrl8GoQ
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 03 Nov 2022 14:48:34 GMT
expires
Thu, 03 Nov 2022 14:48:34 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame F7E6
86 KB
35 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dw_feWGYA3795LnFBJGR_9qJL9WxC0hqP7TE0PvbkHNdF9J4oUE95Y1qACYtp1DKKnFMCOqXq8lPXI_eIxy6BTc657Kp7nqtiJ6ldgRruBLvCsM9F8gjKA2-bo_WRo9lF1dSyIR5LC9_ig6-zN0KmxUx0MVD_G5rNEMPge9WtFElakHyo&dbm_d=AKAmf-BGp4LPTA_8Veq2uQ-9bfXEvKyZ2Dg_lpacCwwhCcJ5lh8y6t40IV_xa3qqX6S0C9VjHlTUCWerDkkSuQF_EJjOiXcwu9pviv5T-fuKs7kS5oSodADDeiscHB3QEkyKCdZFmNnWAEz-PQq2PE_1whcmPkZp2ZH-oCH7283-5-BNVXS7pLLZXoD-T44xnj0eZ9EkuRQf6D963wkaqWxQLNhFQ4Ig0sQS7vA1uAerdpzQdHt-rAMUNDgTQaUn8LZ5eSpkDVDvNtXJMCEytCHFbFH3nJTRipuQPGuKO0aHsJNT23Ajrhw0dkNjahr2qhNT-QWY_otwpuXQ88o86-t6J8bFQNkrETXFn7P6k6LXTJjPie2B8aMRBfROSHN3EzU2EdVJW_3Q1rlQNMHLzen-5uDzq6s447VL-GbZn7eXAnbmXRuBb7Ec04DyPkrhvoFSSOcLIrmAF9FOI6Bb9GB-o3XknvdzXNRs2LG3Tid2-NI5xBuz3GErtah5f9W0PC2tiFT9cww9VCtZjOkyQrjvoNDSjMjuVADx8wpBrJ_CjPNw_GyCAWAnK7S2N0Yeoxaz6R5x8oLTstcqxHdHKzOSpwQrkacxQm3VvK82NmtpnimL8uHCR0yVd-TCJSYpZzA3xf-18sadOVOmZEoMc20pS056AH9NwEp-5l1rHtYU8abD7ps-jwfJ6rlwdxIQQy1Umae3NSY8GSJHOiauhYsAX2P1mK7T6c9Hl4y9rX1V-iEGtBW5ump8wzYvzj0P9iCHQyRvUck3t1-FCtoT-mXBSIMwUOzV9igIwlPnpgRejQLsiWHTvIRl01nEoCgC7ctHz8OSfQfA0rbuK8NGTgoswv170_PV3ZbsTyRioqqFCwCR_TsO1JWnqvKOg3tVvCW5W4tpILVuzI0Y4CntcGA8vWEQf1nYGWDeciuoElaCzHfQcDORWYNA6Lcogh9g0MMpVpZCBOvFkySnwhkdiDCyG1UiJLl9hz82Wo61BMjNIG9HUC6WA0rR6aUIUpJsFd-I4ZaBZdOGhtsqN7Gzp6CfmtvGWtykMJ9bjOj824XjnR0MmrB35Lmd4e1xQXpoEGf3Kl6NqKNrrvRO_Iu8dyOeMINZ-FAhx07BxBzUmLPvuZvWkFD9upfPPkDMeWKbMC2Z3t7vVxhCuMD7JQvevhqgonmfTlIFq-uDCBrUvADnrC4AV7CNptX4YWL985e58gl6l_XlThLWln0ArUcCmLbiJYjWC9RM7u5MyXBlNE2woH1u7saXeCNqu9652eUTdbboY5z7M_uehptrQmIdncahoEl4I2tVfNTW-6O1_MSdlMbMACCZWwXfXM19O82GvUyEritIneku_PVPGz85w1dmJ8VAPEAXLXAiDCKrhdnQ_v2PRrVcrfXEQ__DTqVSkfqqGssHM6Z6wD6GBobU06BbY9lWeWLxWIhLWRaQSUTLJagPUSxjN933syT7vDP1nmf2pCRmAPAIK0y8gH6iz4hU0VHpSgQ6G1L8IAOFr9512ajNPAHMplDfSU4oO5M0G1dt9p5F9f4JA9iQ12MYEZvzycNUkVXfH5ykPBGrrsz4n85ogxzeD1sx1WzFhw69lA_U1YVAjmZpTWQhjimoKBN4CxiZwDNQOvHAyNn3zkswA_aCjta_imvQqwCj1c8XSiIB0s1622N8gvg-8cwMQOhyUzsrlE171mIEj9jGx0X_s0By1HjfJhmfK_e_2WrZafYLtIBlBr1WV1AO9IcivfV3jJFswvwBWOvaX8eMoFyL_C-HykrS1brWtheFQyzLTTYXuEnii3L5HseBg8vWgf4G0uS9GhyeOXvK2SEncewJHwgDW7i6pYmziDhdGBalrOJnLUoyGNyLshWxp2F91pQMqj6WaSuXZXrccb4vNwBpa5MZYH1CR-85wkcyd6Tbz3cVy1lg8zOHrXrtMdxUaFBWL9dF4D7ye7aDGdBni1vAhj9ihwwltkaiFItRYjKbiUyN2022SZWxfa4F8KY8fisK53wk-6IJZhx_GxgBYISoegBw5E2heyrg6KsWDFOtohK6ACgbioF9gF6jSEcNOah4DU27i_U8WV_EkEQ9VFA-CkedgFp-Miojt3CGINIC4OhkD_ZW2nglnWWZkNrmwyOl3IehN65LHv6nKqyHWYRyd_KsfxMRTD0WH0okn0dgJyXUktpc8l-pswezdl8UowPa0Aap1QSIOcevOhltq53uqpI8hXkUiKiUHGmCSs53yqP2s-N82KsssO4X0p24KMY6GPNVj2zUhj_cLdKRR3Lwg6UBNH9bYOhKzlXSGesWfPTEHjkk95KKYw2f62Zg37Gst8IBPvAjxpSOFaMN-1BFdT0m245dZN9gU-9jR5vt05SUt4hsADiZ77VIjnek1UrTjjR_kPrij9g12d9k20aKnEard0VPFcUn3_EtX0zYfaJs8_RQglmqBV6R8_iSr2NNw3jXMOKqC10rIBHWD5LnVIwEdbfzkX0OdTd9x3MyVKMehY1Cc6biLc6mfSrpjCVjNZZmsd0tG7pLqvRfDEIuwZOhS6aJj9WN3jVwtGw6UkEwY5ODh_nuny3Rqh2Idhvc49ZhgksAl-lod8tTgXzRK_j45Q4vAFcTy2wGsR0QECebmD6TTj4yVsbbt2t812reiYGjjotnhlwnXMsQ7JLnVz4vrmiONkSqab4EeXaFGQ_U0v86kuZ4a5smZZsqcwsDh8TxhMY_71pLsZVFbZn2YoMBxDDN_NlX39u9YVDC2zgkMQfPF-syjKQfwuOfrTkOeFMw049eEX-WNI_3F4bk_T3QPdbz1ah98kduSrDIFAlcZmJF-fdqwDI0fjqyTVZlAyIurkQGf7mDlbVB2-mORd8Bn-4yzaaLHyk2msugBgakvHFxt9gwlVD6SEWVa8ppq-tDSBIJeOZxKR1OkxXoAyeEa7k8JvcJjMQoIp9ZiKjLyyZ4Jf2NWFQjAgcuaACHR_EZiQQgKWGitfWSbtygrkpwUQLWsmHKJoZtu8n29cE6XUeoMgrM_d11sm5yRQvAGPo9xlvtfF1PnmzVyUS60JR8WBY0CeQnoLNic1W7RgkPfrdK8DxyLFJ08OJG-2jkHIfSFs1vlUOBYeSE0cMqIVOoGVQQ2ZYErdpthKevZSJozDEezIXdWhVAjYAsowRW20OJN7quJv6IxhDI9XFzk51dyfKMjjBj7MiTgovtgen6md8SS5tegHjCDU07SXyT2eb24qv6P58W6W-0_A-ADeP-4XmVYqgJFrQOtLQdWqlW_dzvtmTZj8hRNz92EP_eCzuWk8_2vJCII3DKy7vY1ILtUVqSd8KoJNmMglz4JkEiYSW9egOJp8pTiJUbk2vZTW-8cpd2w3WKXN6Tv8UyULw5l-sXrwJO5Fd4M7bih-A-uqk9sE_XV5Y1HbMnNdY4cmlhN92xpZnYri9kR72_E4pjRXbSShQ&cid=CAQSPgDq26N9o1qNCJKbap5XTFWn5fPdy-dkSIc06EsTAPjGe4zxG55c5zIABEt2SXmAO5BZVGtjhf9rtx65S8YOGAEgDg&rfl=1%2Chttps%253A%252F%252Fwww.file.io%252F%240
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f1a813444a601137953bf9b281a3c1f6ff0a37914eb8a51b521e95295c0c607
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:34 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35652
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame F7E6
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D01ahTqma8Au3XWSWauky9rFrLgrazTBjwlTpDuvmO3VtXKAfVvZjf6RfLA0zxJNZKhWXGUm4gq2InFNOX27NYdINYLGxeB4zHkMl6oQoE62FRoU8
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:34 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame F7E6
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/window_focus_fy2021.js
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 13:17:57 GMT
content-encoding
br
x-content-type-options
nosniff
age
5437
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Nov 2022 13:17:57 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame F7E6
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
71d49d865114d9bb25bfdfc0272b738cdfd771749b21360ce5fb40eee3b4d986
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:35:23 GMT
content-encoding
br
x-content-type-options
nosniff
age
791
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7305
x-xss-protection
0
server
cafe
etag
12747696668401323709
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Nov 2022 14:35:23 GMT
l
www.google.com/ads/measurement/ Frame F7E6
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTL8WRr_kpI9e6lkLZ9xA0DH2jGIXAeAkYruuV4eWqQ3qpUHweglBfqa2UuLrFUusPqLcRtOWtK5Ev4bjnp1MPl5AqAww
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame F7E6
153 KB
47 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6e09a6d66cea44aed01cd3c0e4224d8ec505d0ef42af7a3184f6e7523bc5b462
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47848
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1667389194171289"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 03 Nov 2022 14:48:34 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame D8A4
624 B
977 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNXgIwfOcv8_7IvawHRpI03mWDuo4dZCYbWDHw9jkV0fJeTPiM1RIjo6tWjKnvnIh824k-Yofr7LauEEcEmtvdPs_2OjASSnz_ZUFY2iXQbDUlDE-btwgKhf1w5qL7y-hkirGbYMcPW7h9_ekHD8kXsVTT8_Ud8PvAQqMi3z1gUaLQ2Y4p4
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 03 Nov 2022 14:48:34 GMT
expires
Thu, 03 Nov 2022 14:48:34 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame B470
86 KB
35 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AqeXKtvZ0NEbuV_21Hg7OvdzVTj3vgZS_IKFUs2prSlSRh4UvrCg4ZcFG9_qCXDDAapw8nw-3h2npC_xg8MprGqtZAntXhygD7NvGljzDGnD1m9g2pUgIEK6l0hvlS1vDsfxqz7l-UmB2-sDjfJHpAt3s5EonADgh9z_F28IJ-QrP0AXc&dbm_d=AKAmf-CFh5J-EbNf3sBueXdxkzwYVE_rwM4A-uDjrO4QBf8fmJJhSdE4cKd1nlRJexMCNmq3GbRZ7SW3YrIZ5sBYdDcn_vIe2uOKa28pQE6V-w82wyxneA-sRonorLDEmCEkDPzfXmORjBUiHSqsOPz15P_wIsFrnsmj525aveZpkPSMbRJll-CFgJHKxChZvCJy3fMvysBxBSSt6IayhMfHiwGPW9lkA2p7Dukv9HBFEOUqxK125GoZLg9W055GeSizxaTjUZ-93cdowP-G4RNxHx1C03LD7xVW3iNgtd_K35tMNONcTTz-k1g7smCp8FLgjXK_cOzmpD3qGqvuZJS7VazEGkhLUGrnztzb9r09_p4wsTtx7zB0h-ZoDzoWZBOgrFAItFT2N1NypR4C7Jxc3rqbszTz2baJrqvIyGowS5xeb9Hcs2texJJxTysKeE8HWHNymq27gUfK-KviBzP6ZbJLsgmneDztzWceSU2b2_Kss0rX-qXVvPKpTLX0rO-oWrp2SbI8soNPpZBTqc2Nfe0zxp17GoWsYx7nalg3xykhfOF4PlHM88oo5yDjNaz0c7EOKWNwh15ty0Flhxd7jfAiUYjlWYzX-6RGLDQi6XobW12fDq2FYIAZAxllfXQ5UdWOpR34y_-P4BzCOb_f4bxTD_PeDucVt6q-8WZMbBrDRdIt0TnuuhRI6UhY2D483u-veCrUEDzr_DiRQuD7Wb-vKwb3rUos6AavsSHNywHHX0UEEpRNZtnmrUSGB7BScXCKgZ1Gptzh0RPYEndsQZMbchL-S3nlnnYtUhhxd0nzD4rnH1Npj9zifnUM8HyYFYCORLWPJUK4j3_iSlUDDREvzOaWBwkskZJp8e52ZV_Zm7LBY2xNmbz3G5KcQswAywop-mQ1qpRbhXL6_dKCBxXKHjIIGeEnvSMZNDbEfNmviDAatwy1Ht8KgDM_5eROyE-tweH6Y8ZVZvtbhx6uOofuxXq_m294i4R1IBzM-qLqSFc1eUlM4nhSubufKVxWFKdL8Ot2rMJGxjUnFeKccA5bg-lEe42S441sLIyhG1ET5pbUXPW7X-JGOojMcRhgzqsyeF_JYatM_8tdYTDR7k4IpkGLUrmGlYe5qua3-4NeW3JmPYoHsBbCLYovhjmNJD-O7DPL_RyjU3t4AwR04pCiuTqPpwlpa795SfhAmw1uRmzMnc__rRaRn7juC3JpmL08s1tFMAuZ1Pm5bzK1N-L81N1aSlD4R37ULlnhynnMRchk8rC5XKMGlSQU14g7axlTl89AhjfZX2Y1warB52PowBDdxHWQc1zm289iKkIDELhxk7ZiHgWocHAAwtlwwO9MCB2CkS8do_xh2XOygQbuxWDrpLpQUucINwhMZw3hIHbMvsHSaWFSHwSmtyf_zzLQFl_PE0EQ-_zcbDXkii_pN3shbPhMYBSo0I4Yki4vaucoP22SCEAb3qL0vtsGfwY6-RAGgudlqfeVRG559wsyrJ8-pd-E7qQ-Cjr7rtNyji9cCOGcWPh2MG57M9AIUUuhcMvuDlEups1BaBQmW7qk0n1Ve5I-Gq2XCbvFE-PK5dT8Jmj0UhLRBZO8_Rn70VoDMlr5C00-wYF1IGEoCcFsFKllZE5IwkYTteGdW0zypRUkvRJ6-nHsnovDv_lbblfiwrd73AxKw0_CiImeCR_hedBGex18T5Y0zRkZ2AEUBWDMhOgzlEH09uhr6s7IAXKnFTHdFKMVsJ9Im5PzXn5wZz6SXAtO4FfAy1uusoWLPMSF2b5rKheJXHNNtEHunFZ9jvYRyvKcx693Zz-E6ly7q62pe9i56zolFjWNdk80A-6LnhelApFbcU-m7r79SwutrQnJZJwOT4w4eTc5TdLWABWJVxCzRg7La8K351XrDDjG6tNaL3V6WcB4QUvKUN2ZhPvPoA36pn7zqFsghx8yPh_Bqe2UM0LmKeZBn5kCqCL0JDPOz5K3ZSn0KBuAgu8LcpTz9jvaMrhnjzjcjmzTUGQNrFPYHYLhe95SBrSiZpGp-N5LRUgYknsAZwvFSo3HfUJX4iWA4vCUVhCu9ODXXjcMS700JSko852AD2WkNeXk_bw57CCrqAKFmIYmsIYVqZ8cyeIlf-eon03uad6ntEK3fl7pylARFU1PKwg38XvXfBF13MklMh0rgAutUxKNAuCrWr19ei_h95PHw3RX1K96O6BF49wE0Jjyf1kuw_xYr_ZF-8NYCxtiHIL1TikQJ3GemXw6OVlg8T0a4xf0QtgdNLHlPdOzkVDEFUTRqx5wy4kco9KNpx6OY1wlqxzjLl6ssVjGho873AoGJP5jU9bxwCFRx9m75zEgGv9uCPdBK4u-tfIZddzBFgX2U_Rpq9plK8ydjnTm7S-V0ys_5MjhsNVDsd2EOXK8eruDoOKXsE9uh4Md72jEIQbzOPN7CBvvz5Cj04LJcPDS4JS0QoyWHvDNqc_xPIhkYpssWcbCs63UEIx7pqQt7LUT8jbv9RWQhqFboTmiAwke9Xw1oVzV8zMkYozj8j7dHs0HFA4C6V5sjuDBsRleaaZHBzvPzu90K2Tq2fnjNNKp3njWqR3KcLTojqgfNBieOfGR4eH2ao7UfaTTnjwkt2W3x_4q80QaX7y4JVdL-95VrmSg4ar0rx8XoRdbxpn9KgE1d4HJJNhmfsl0Nu-qq2H5SysNNZdYac6XK55dQhpwzymuoCkN374fZcdvHwnLnli6gFYCIf-phkL8ez3Yt5M7UvcFqecvsb6Lo5_6uSwG0vnbE0mufhY9M8LpNo745rO8EQNEZwCiJYwc8tdRcmryFVqssiCpFkcjQxQljkQBj1YT5pk_JuO3RQSqPdR7-6dw6GgJmgqp4TkAe7c92zrc-eoJv_x1v6BsKyXottBpwJz6EEHiikwY5Gak4JxZF46txKjWXTD1XuaBgQxVnKPHJvJhILoq7JjQ11OYOSlp2tm52tAMaX2aKEJtP31emNMWokAVhFMdUa_RcSqaeK7yZYNNBxT86e0fOdL1p6iblSxoMVGpuhXTTpzYaUqI4cgm8qVK0HJ6HdH_Rdkj1NCv6fzeS_MZvVzK55RGfR_4SNTcnxAbnju5Cd64TX73BT31R3tl-vBmhp8PaHFNJiKkRt0E9Nc4LyKSaqdZXFgsthHDA3avFjZJ4kXkjunveP8_3w8-YyVIgkwZQk1cr_vA2jBLGPb_WKUzq4MBmvIoxZgYkIp1OI71cIN7wRxbcWjnlgvdnQEEAdDDq-37K3nYxPjwa2VcTqcltlUUZmFZCb0hOTnFy3zUCMF4garOD0DWCLE2IAm3yY2JyJEHXJWrFby2ttOiebr4X9DbCrURCQYn8HPAPe_1mQ9Jyb36aB5dYSloIshdN2U-IJZZeQUuyb5qlgvwSvPvH2oNd4JlEyPn_CSNhJx_woU1aPO4EjFrzxplTx0&cid=CAQSPgDq26N9o1qNCJKbap5XTFWn5fPdy-dkSIc06EsTAPjGe4zxG55c5zIABEt2SXmAO5BZVGtjhf9rtx65S8YOGAEgDg&rfl=1%2Chttps%253A%252F%252Fwww.file.io%252F%240
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e2d1a983992cae01535892ae16448262c8f161d1d51804dd726df4901355f66c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:34 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35688
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B470
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C5D1IwkFx5FGqatfbnwufuS_Gx9GzITD5GN_lZOHKyBoQDbpUIOFPv05XuUx4P4YYexmRYSFJO-JHadKrKjP5bYYwwPq9lYsZLxNFrvk_Txd4MsnY
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:34 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame B470
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/window_focus_fy2021.js
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 13:17:57 GMT
content-encoding
br
x-content-type-options
nosniff
age
5437
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Nov 2022 13:17:57 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame B470
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
71d49d865114d9bb25bfdfc0272b738cdfd771749b21360ce5fb40eee3b4d986
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:35:23 GMT
content-encoding
br
x-content-type-options
nosniff
age
791
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7305
x-xss-protection
0
server
cafe
etag
12747696668401323709
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Nov 2022 14:35:23 GMT
l
www.google.com/ads/measurement/ Frame B470
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQx_yioqeJHKpfdvn3OFo0m45C5lXkFqmFLBIgQuAAdYKyEiQF2Esyb1KzTrBQRT2U4eiodmuTNZAntI4budVHK5KF3mw
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame B470
153 KB
47 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6e09a6d66cea44aed01cd3c0e4224d8ec505d0ef42af7a3184f6e7523bc5b462
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47848
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1667389194171289"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 03 Nov 2022 14:48:34 GMT
rum
dsum-sec.casalemedia.com/ Frame D8A4
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBaMue9Tk78ZmSdGxtbBzH8&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBaMue9Tk78ZmSdGxtbBzH8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNXgIwfOcv8_7IvawHRpI03mWDuo4dZCYbWDHw9jkV0fJeTPiM1RIjo6tWjKnvnIh824k-Yofr7LauEEcEmtvdPs_2OjASSnz_ZUFY2iXQbDUlDE-btwgKhf1w5qL7y-hkirGbYMcPW7h9_ekHD8kXsVTT8_Ud8PvAQqMi3z1gUaLQ2Y4p4
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:35 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:34 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBaMue9Tk78ZmSdGxtbBzH8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame D8A4
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y2PUwioVRxd9kzhyr6s4ngAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECIGm55bXbeusVCq8OrT6Fo&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECIGm55bXbeusVCq8OrT6Fo&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNXgIwfOcv8_7IvawHRpI03mWDuo4dZCYbWDHw9jkV0fJeTPiM1RIjo6tWjKnvnIh824k-Yofr7LauEEcEmtvdPs_2OjASSnz_ZUFY2iXQbDUlDE-btwgKhf1w5qL7y-hkirGbYMcPW7h9_ekHD8kXsVTT8_Ud8PvAQqMi3z1gUaLQ2Y4p4
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:35 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:35 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECIGm55bXbeusVCq8OrT6Fo&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame D8A4
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEJj3q3kkoW_Ik8CJl2N_t-I&google_cver=1
43 B
1020 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEJj3q3kkoW_Ik8CJl2N_t-I&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNXgIwfOcv8_7IvawHRpI03mWDuo4dZCYbWDHw9jkV0fJeTPiM1RIjo6tWjKnvnIh824k-Yofr7LauEEcEmtvdPs_2OjASSnz_ZUFY2iXQbDUlDE-btwgKhf1w5qL7y-hkirGbYMcPW7h9_ekHD8kXsVTT8_Ud8PvAQqMi3z1gUaLQ2Y4p4
Protocol
HTTP/1.1
Server
37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:35 GMT
AN-X-Request-Uuid
732844cd-88ac-4088-9f25-0be1d3e62339
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
217.114.215.133; 217.114.215.133; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:34 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEJj3q3kkoW_Ik8CJl2N_t-I&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame D8A4
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY0MTQ5NjU0NjY5Njc2NTQ1NA%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY0MTQ5NjU0NjY5Njc2NTQ1NA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNXgIwfOcv8_7IvawHRpI03mWDuo4dZCYbWDHw9jkV0fJeTPiM1RIjo6tWjKnvnIh824k-Yofr7LauEEcEmtvdPs_2OjASSnz_ZUFY2iXQbDUlDE-btwgKhf1w5qL7y-hkirGbYMcPW7h9_ekHD8kXsVTT8_Ud8PvAQqMi3z1gUaLQ2Y4p4
Protocol
H3
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:35 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:35 GMT
AN-X-Request-Uuid
cf31c4ba-a436-4f83-9277-c9e381bb1ca2
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY0MTQ5NjU0NjY5Njc2NTQ1NA%3D%3D
Connection
keep-alive
X-Proxy-Origin
217.114.215.133; 217.114.215.133; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 65A0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBaMue9Tk78ZmSdGxtbBzH8&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBaMue9Tk78ZmSdGxtbBzH8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNVyqO-UVq8fBGweb8TFXdUb3OMmxIZMUOyScBvGJfJWUZuiD6459IP3GCebALmO3jaCvJi_7n6dSJVFn9uZYUo6yM_0aJZK5RjrlgB301d_1myq-F-Hm-t7hyCspt2oq8j2Vj9Q0R8gojEqtsTGPsXlUQtQFyxWD1fE1OQUuZyJ06QyAzU
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:35 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:34 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBaMue9Tk78ZmSdGxtbBzH8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 65A0
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y2PUwioVRxd9kzhyr6s4ngAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECIGm55bXbeusVCq8OrT6Fo&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECIGm55bXbeusVCq8OrT6Fo&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNVyqO-UVq8fBGweb8TFXdUb3OMmxIZMUOyScBvGJfJWUZuiD6459IP3GCebALmO3jaCvJi_7n6dSJVFn9uZYUo6yM_0aJZK5RjrlgB301d_1myq-F-Hm-t7hyCspt2oq8j2Vj9Q0R8gojEqtsTGPsXlUQtQFyxWD1fE1OQUuZyJ06QyAzU
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:35 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:35 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECIGm55bXbeusVCq8OrT6Fo&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 65A0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEJj3q3kkoW_Ik8CJl2N_t-I&google_cver=1
43 B
1020 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEJj3q3kkoW_Ik8CJl2N_t-I&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNVyqO-UVq8fBGweb8TFXdUb3OMmxIZMUOyScBvGJfJWUZuiD6459IP3GCebALmO3jaCvJi_7n6dSJVFn9uZYUo6yM_0aJZK5RjrlgB301d_1myq-F-Hm-t7hyCspt2oq8j2Vj9Q0R8gojEqtsTGPsXlUQtQFyxWD1fE1OQUuZyJ06QyAzU
Protocol
HTTP/1.1
Server
37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:35 GMT
AN-X-Request-Uuid
76167b56-9a41-4311-9c83-ed191efc836f
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
217.114.215.133; 217.114.215.133; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:34 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEJj3q3kkoW_Ik8CJl2N_t-I&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 65A0
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY0MTQ5NjU0NjY5Njc2NTQ1NA%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY0MTQ5NjU0NjY5Njc2NTQ1NA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNVyqO-UVq8fBGweb8TFXdUb3OMmxIZMUOyScBvGJfJWUZuiD6459IP3GCebALmO3jaCvJi_7n6dSJVFn9uZYUo6yM_0aJZK5RjrlgB301d_1myq-F-Hm-t7hyCspt2oq8j2Vj9Q0R8gojEqtsTGPsXlUQtQFyxWD1fE1OQUuZyJ06QyAzU
Protocol
H3
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:35 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:35 GMT
AN-X-Request-Uuid
3245f9dc-ae2f-4d07-9dd6-fc8b09c1360c
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY0MTQ5NjU0NjY5Njc2NTQ1NA%3D%3D
Connection
keep-alive
X-Proxy-Origin
217.114.215.133; 217.114.215.133; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame C3E6
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELX2vn16E2F3fclKnoTisS0&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELX2vn16E2F3fclKnoTisS0&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNUWFbpww4_Qcm7KWUjYPUFDw-a4tivQ4PlMY6JoSJXrQYzwcf5piaqdRTdjTwx_dKHxOFqUi285m9u43dHQQkjz_wwAAfQPtlUPcRtI6APstee9xArhf_nBWclxXD3X4KAs3tUuqqOMhvEyBzbv2XaCk_OL5Gb79-dcuKo3EF68Lrl8GoQ
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:35 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:34 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELX2vn16E2F3fclKnoTisS0&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame C3E6
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y2PUwioVRxd9kzhyr6s4ngAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECIGm55bXbeusVCq8OrT6Fo&google_cver=1
43 B
894 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECIGm55bXbeusVCq8OrT6Fo&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNUWFbpww4_Qcm7KWUjYPUFDw-a4tivQ4PlMY6JoSJXrQYzwcf5piaqdRTdjTwx_dKHxOFqUi285m9u43dHQQkjz_wwAAfQPtlUPcRtI6APstee9xArhf_nBWclxXD3X4KAs3tUuqqOMhvEyBzbv2XaCk_OL5Gb79-dcuKo3EF68Lrl8GoQ
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:35 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:35 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECIGm55bXbeusVCq8OrT6Fo&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame C3E6
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEJj3q3kkoW_Ik8CJl2N_t-I&google_cver=1
43 B
1020 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEJj3q3kkoW_Ik8CJl2N_t-I&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNUWFbpww4_Qcm7KWUjYPUFDw-a4tivQ4PlMY6JoSJXrQYzwcf5piaqdRTdjTwx_dKHxOFqUi285m9u43dHQQkjz_wwAAfQPtlUPcRtI6APstee9xArhf_nBWclxXD3X4KAs3tUuqqOMhvEyBzbv2XaCk_OL5Gb79-dcuKo3EF68Lrl8GoQ
Protocol
HTTP/1.1
Server
37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:35 GMT
AN-X-Request-Uuid
192025a8-4ec9-472d-8b90-0e14e9cf1b13
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
217.114.215.133; 217.114.215.133; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:34 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEJj3q3kkoW_Ik8CJl2N_t-I&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame C3E6
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY0MTQ5NjU0NjY5Njc2NTQ1NA%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY0MTQ5NjU0NjY5Njc2NTQ1NA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY9-fiwAEwAQ&v=APEucNUWFbpww4_Qcm7KWUjYPUFDw-a4tivQ4PlMY6JoSJXrQYzwcf5piaqdRTdjTwx_dKHxOFqUi285m9u43dHQQkjz_wwAAfQPtlUPcRtI6APstee9xArhf_nBWclxXD3X4KAs3tUuqqOMhvEyBzbv2XaCk_OL5Gb79-dcuKo3EF68Lrl8GoQ
Protocol
H3
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:35 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:35 GMT
AN-X-Request-Uuid
2e72709b-fe63-4580-8d78-ee2e5d282ce2
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY0MTQ5NjU0NjY5Njc2NTQ1NA%3D%3D
Connection
keep-alive
X-Proxy-Origin
217.114.215.133; 217.114.215.133; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame 3621
170 KB
59 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
Origin
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 16:47:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
79277
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60311
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 03 Nov 2022 16:47:17 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221101/r20110914/elements/html/ Frame 3621
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221101/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DWp20Jc2cmglCyWxVS3MdsamvBg5OhK5DxCl5rOZ_qEMHi6kVeWk2M4WkPWikkzqwqqSvOSRMaeQQApEJHSILWCDc4Kc7BLA_JNoddlkQzctUU2eK3Qzji_23NWIqS3ygDN72LvffXoofBSVbC7IOWW4UZZxdiRcvcUSz81AiwSFNoAPQ&dbm_d=AKAmf-AsDUJalEYwRlu8vfj1sIHxk3gZD3KuoQ6gU3Cc5Nw5nypOB8UnioQkfL0LvoN1SX4j9v7joEdYZITIr5I7p1xdQq1zvfiHM3KB1EFozW1pfJ5rwdBS7ZcQ9a7RDzPRRZCxdRRmJib3mmrNfUUQ8kU1-IVoixrbDRJMW_cQa2Jm_KuBjjF16PtVbCZ8_91I80gbHQj3z9Swu5eAMniRl5TyHlgcIg45Dydw-T2XaWHWlWYKAB9ry70FN7VkKo8ZmvsKaFzVvzlFBC8BQBeSGjA1TnFEsAmJOBiMc4opGrkB1stwA4ayrxDhixkQBz7RVKNT9gSOwCkXIUFgJLbl9Vluhq7ydNjf4oR6Nhn5BwYVnoXybcJMcpyT3INPYYAxA04TL_a82JZHF9MbU8r6SGWRTvr6e7rcdAVkPmWX-3sVFOQPi8sp0Zst66lxJbriuxC-l1odKtFG3wY9znlwIIq9DDDXtYjpi9bubjP8lckSqXiUuwUoBRxM6jlOaWPGryiu7Jbcme-AXVW_x6H82gZQzQeZJy2w2yJM2obkq-qtp_MR8BNBqU-wVUR5PrPALOSoGcfkgZecRT7lKkjB7eYTQB_aLMK2yRDwNA_V4bwrUlyon_-zRRhBWo_TfYyK77XrbI-jH2SfoXfpDMBGhGfeHPZsbahp7esldY4ihK_YnnkzODpBBPfo1UDQADicOam08sX8Y1-apy745j5BtlfFqMburo8qcngslOsIB8RvZlizlHG9Uf8Q2z3du-yVRtR1LQ24pXv5nVbkiIxPYYqkbweO5GUYXBR1AXdfb-ovYWgqcJKG6g41VbKytiH5nDNf4EQCm4dJfILMTKcWtB_uTqsa3bANBZFwSPTGNqBYj0rLbHiUzE0f_eZ3aqKb3SNyh_AqT7PIVkeJCn6MrCHh3einPrdXjVHvQx5W-foY2v453SZhl9dDpE9gvLgpKoc2QXnafEbIlDdWC9kGxIDwi_lQzUJixcgw0fdrE7FuE1FaBb5n6_WAW6uaTi5l57M81FCKg-azwo9F4EADLSK-Pr2MeKvkpzWTEVGLx_Rizqd8c7MhQxYb7wTonVkOtMZkz2GFQbXMMk4AOXqQOF6NcnGxHyKrtClotssBYEoAbslS0SM-60d08IM_vxJ8HtU6xj8lwpBlCkVIZrZ1NLAlLdmjrcn7CSfcen4Pzky7uTj6Y65vUfS5lhU6m2piKCSEPG2j6YXN-BlWiRBZ7NZlwMWTjmpLiboymEsxSvtjwn2gsdIctPq-1j0mtaz2DYkzAZZDlfkNVxAIweTUTXvfmVBCf-PVyGcbTE7XJNTd66oFMw2Wqi_Bp677UAooqj72A2_Wv7ZgRA6R6BKIa_NqStzgm7ykp7d5ZGO0TdaRUNzAbAdJU-fd6Qglbyhc4U2zaG17ib-MTznmEE0v_cUeKqC5IsP-TFM9xuvwzA2WobcsNb1V_jlWQZtz_7IxeomFCAKa7310VM4IJkKPpT4g_GhhcIwpwHhPCsYdsEY2yawxzWcJrUdxr6SSm0Kn4d9BrZV93X4lNj-1dDMyolp2Jk6qzpZag1W5KMyPY1kdyEgRzeOORZhQ0fp5-A09MiZGxRQPENR5slteclIQoiK_1lu3uEU_p8poFRzJkkovd1P3uGyzka30zBHp5qobAZpglnrB1_ZpzcnDaWuNyTfLPVJUrGBJAtnUnq29WGYHWuUAlnFjmjAG-rw6nTu50hJVsrQNjj_dLxadJh2MiRD6xJuzatMse6eERCO5fCuHT6RXBSuaIx03K3J3U33tHJiDXyCqGTr32UBvGanHB1xZnR24nXN9l5qMISIYb6kxC2ktUMg_C6z94Vw1E0PIvbtbFZ-ASDhjzibHtMjGYet0DaBP5OZI8hOCbCPkCBrcUyHoFC570IIO43hlvLjJyXnVGhyDDyu6fOSCHgJRb7WXmIhxIOpuWUKqI6o3JLfO-QOJYEgRnpoviOPrfRm3qEudou0wCrJFJg36loSJv437k4rJGivPeU5XBe9sZ6CfkypK1q2p9PlE47oOT99kMdRJBFp03pnelX9aGQRpiVnM3EFOzwVw2mGgryU4cOzsvCKtTqfBhbDYmUEXxanNABfpcqH9YDfEeu7sgi7jvG6cySfq30SGSd10OKWFV0ZS_zIcbvtxYlCgG1a1hYTo1a_nt5j5X3ZbfPwwIYqlguCX8HmnUz-EqpLITbYtinpFAYr01llEzJsZqWWr8LyhQBQinbynmQwI39Qhj9PgpmCyOawruer8P01OHIxhuj-mSimRMwVeVd-v6oaynUdRdGp_OPR6YYaGdnW1pRUEufhcBV60l4wYCcTGkKX16rMtAkqysrBvoIBJcJziXQAZOfkfp-GRbKuXAb1Mu3M7PMkHy_Yd0H4ykN9xcZjn13SKoHGrBynitHvZoDQyksO33PVHUYOv8FvInHvG4oyKp6Q_7kDpi8gW4Ge6fj1A-BYwvL81_TSY2ZjO8Qk0fsCYRc5LKfAgsBftL42NJBA1QbCy0MCA1incW64_dFer2mw_C2infV10GxEIDbqbYvkQIFIGBJstDpqn9644h50VZ0p6l1NHHATNIJzqV9rA7XB-wi3_qFSx7I0XeycaqgHtuLqJ3cWR8R8dJtyhCm-gbt6RGrKF1iR7vdEtLAq_wsjjtpEuIOcOfyXgPWq91XesgindfFLuo2_6utEdLYM63WFdyV5NR4O1qAmbK4YDryAg6jaP9iJzumCI1shYRl_xneXR3f5DBelI1X1lEK1JfcmxiUtxOhkWkhhlGkN8DHzgJWIfEUNFKzEtBuTzCsA2ye9UULuXrF-WX5v7WirLRHJsHbS2_6gbIf5jQe3OYXQM8yFAq-8CBqHN92MV8Xzjiu8sCTFYCg6_U1WkTePmNIJ934VuXoKLPAbnVmbFXCyz2iDGyp_gopU7BTSPGXY2AFKmEOolq56zK3XXwxbZP1UN5mc_ZJlhnT7UuSthKtdUuDwafUlEjAuL_m48mo5L-3ODAXeGocEqV6V10I2WTC-MvHjApUJgWf6PtOALVjqhMImGCDb4oD746XpL_VtAEoxy5uT1kSicjxln1sikYVNKF6vVMcMhD6kPGnEraBwmtzqalFvUF4vuJageEAb3XDtEC0AwHgfbFvfr4TAtj0FxxEdfGMoHY8KbckXHO1Gzj3zbRT8vlYImH32OxobqszmGV3wTty0RxQRdaf4-XlkojwDKmvDUlf8Y0BKlvjAt1_wZIBZe-mcPQp4FImx7eDtQQCS5myVe_4YUFLCgTiUn8x6_bBlu9gzy1DRhdW2mN4CQXWnzebuF5Kt_n_8r57gecDNvsBP7muJxqFhWucHEI83f_YHWCzwzKIvOykjDzWCJ9McEfoWX49AXg18Omt1bVs85rKrNO1fORK8CLeBJMkzOWfeEsJUOEw6yYsl6LBM_QbQ&cid=CAQSPgDq26N9o1qNCJKbap5XTFWn5fPdy-dkSIc06EsTAPjGe4zxG55c5zIABEt2SXmAO5BZVGtjhf9rtx65S8YOGAEgDg&rfl=1%2Chttps%253A%252F%252Fwww.file.io%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:34:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
865
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2986
x-xss-protection
0
server
cafe
etag
3296546412363819624
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Nov 2022 14:34:09 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221101/r20110914/ Frame 3621
30 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221101/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DWp20Jc2cmglCyWxVS3MdsamvBg5OhK5DxCl5rOZ_qEMHi6kVeWk2M4WkPWikkzqwqqSvOSRMaeQQApEJHSILWCDc4Kc7BLA_JNoddlkQzctUU2eK3Qzji_23NWIqS3ygDN72LvffXoofBSVbC7IOWW4UZZxdiRcvcUSz81AiwSFNoAPQ&dbm_d=AKAmf-AsDUJalEYwRlu8vfj1sIHxk3gZD3KuoQ6gU3Cc5Nw5nypOB8UnioQkfL0LvoN1SX4j9v7joEdYZITIr5I7p1xdQq1zvfiHM3KB1EFozW1pfJ5rwdBS7ZcQ9a7RDzPRRZCxdRRmJib3mmrNfUUQ8kU1-IVoixrbDRJMW_cQa2Jm_KuBjjF16PtVbCZ8_91I80gbHQj3z9Swu5eAMniRl5TyHlgcIg45Dydw-T2XaWHWlWYKAB9ry70FN7VkKo8ZmvsKaFzVvzlFBC8BQBeSGjA1TnFEsAmJOBiMc4opGrkB1stwA4ayrxDhixkQBz7RVKNT9gSOwCkXIUFgJLbl9Vluhq7ydNjf4oR6Nhn5BwYVnoXybcJMcpyT3INPYYAxA04TL_a82JZHF9MbU8r6SGWRTvr6e7rcdAVkPmWX-3sVFOQPi8sp0Zst66lxJbriuxC-l1odKtFG3wY9znlwIIq9DDDXtYjpi9bubjP8lckSqXiUuwUoBRxM6jlOaWPGryiu7Jbcme-AXVW_x6H82gZQzQeZJy2w2yJM2obkq-qtp_MR8BNBqU-wVUR5PrPALOSoGcfkgZecRT7lKkjB7eYTQB_aLMK2yRDwNA_V4bwrUlyon_-zRRhBWo_TfYyK77XrbI-jH2SfoXfpDMBGhGfeHPZsbahp7esldY4ihK_YnnkzODpBBPfo1UDQADicOam08sX8Y1-apy745j5BtlfFqMburo8qcngslOsIB8RvZlizlHG9Uf8Q2z3du-yVRtR1LQ24pXv5nVbkiIxPYYqkbweO5GUYXBR1AXdfb-ovYWgqcJKG6g41VbKytiH5nDNf4EQCm4dJfILMTKcWtB_uTqsa3bANBZFwSPTGNqBYj0rLbHiUzE0f_eZ3aqKb3SNyh_AqT7PIVkeJCn6MrCHh3einPrdXjVHvQx5W-foY2v453SZhl9dDpE9gvLgpKoc2QXnafEbIlDdWC9kGxIDwi_lQzUJixcgw0fdrE7FuE1FaBb5n6_WAW6uaTi5l57M81FCKg-azwo9F4EADLSK-Pr2MeKvkpzWTEVGLx_Rizqd8c7MhQxYb7wTonVkOtMZkz2GFQbXMMk4AOXqQOF6NcnGxHyKrtClotssBYEoAbslS0SM-60d08IM_vxJ8HtU6xj8lwpBlCkVIZrZ1NLAlLdmjrcn7CSfcen4Pzky7uTj6Y65vUfS5lhU6m2piKCSEPG2j6YXN-BlWiRBZ7NZlwMWTjmpLiboymEsxSvtjwn2gsdIctPq-1j0mtaz2DYkzAZZDlfkNVxAIweTUTXvfmVBCf-PVyGcbTE7XJNTd66oFMw2Wqi_Bp677UAooqj72A2_Wv7ZgRA6R6BKIa_NqStzgm7ykp7d5ZGO0TdaRUNzAbAdJU-fd6Qglbyhc4U2zaG17ib-MTznmEE0v_cUeKqC5IsP-TFM9xuvwzA2WobcsNb1V_jlWQZtz_7IxeomFCAKa7310VM4IJkKPpT4g_GhhcIwpwHhPCsYdsEY2yawxzWcJrUdxr6SSm0Kn4d9BrZV93X4lNj-1dDMyolp2Jk6qzpZag1W5KMyPY1kdyEgRzeOORZhQ0fp5-A09MiZGxRQPENR5slteclIQoiK_1lu3uEU_p8poFRzJkkovd1P3uGyzka30zBHp5qobAZpglnrB1_ZpzcnDaWuNyTfLPVJUrGBJAtnUnq29WGYHWuUAlnFjmjAG-rw6nTu50hJVsrQNjj_dLxadJh2MiRD6xJuzatMse6eERCO5fCuHT6RXBSuaIx03K3J3U33tHJiDXyCqGTr32UBvGanHB1xZnR24nXN9l5qMISIYb6kxC2ktUMg_C6z94Vw1E0PIvbtbFZ-ASDhjzibHtMjGYet0DaBP5OZI8hOCbCPkCBrcUyHoFC570IIO43hlvLjJyXnVGhyDDyu6fOSCHgJRb7WXmIhxIOpuWUKqI6o3JLfO-QOJYEgRnpoviOPrfRm3qEudou0wCrJFJg36loSJv437k4rJGivPeU5XBe9sZ6CfkypK1q2p9PlE47oOT99kMdRJBFp03pnelX9aGQRpiVnM3EFOzwVw2mGgryU4cOzsvCKtTqfBhbDYmUEXxanNABfpcqH9YDfEeu7sgi7jvG6cySfq30SGSd10OKWFV0ZS_zIcbvtxYlCgG1a1hYTo1a_nt5j5X3ZbfPwwIYqlguCX8HmnUz-EqpLITbYtinpFAYr01llEzJsZqWWr8LyhQBQinbynmQwI39Qhj9PgpmCyOawruer8P01OHIxhuj-mSimRMwVeVd-v6oaynUdRdGp_OPR6YYaGdnW1pRUEufhcBV60l4wYCcTGkKX16rMtAkqysrBvoIBJcJziXQAZOfkfp-GRbKuXAb1Mu3M7PMkHy_Yd0H4ykN9xcZjn13SKoHGrBynitHvZoDQyksO33PVHUYOv8FvInHvG4oyKp6Q_7kDpi8gW4Ge6fj1A-BYwvL81_TSY2ZjO8Qk0fsCYRc5LKfAgsBftL42NJBA1QbCy0MCA1incW64_dFer2mw_C2infV10GxEIDbqbYvkQIFIGBJstDpqn9644h50VZ0p6l1NHHATNIJzqV9rA7XB-wi3_qFSx7I0XeycaqgHtuLqJ3cWR8R8dJtyhCm-gbt6RGrKF1iR7vdEtLAq_wsjjtpEuIOcOfyXgPWq91XesgindfFLuo2_6utEdLYM63WFdyV5NR4O1qAmbK4YDryAg6jaP9iJzumCI1shYRl_xneXR3f5DBelI1X1lEK1JfcmxiUtxOhkWkhhlGkN8DHzgJWIfEUNFKzEtBuTzCsA2ye9UULuXrF-WX5v7WirLRHJsHbS2_6gbIf5jQe3OYXQM8yFAq-8CBqHN92MV8Xzjiu8sCTFYCg6_U1WkTePmNIJ934VuXoKLPAbnVmbFXCyz2iDGyp_gopU7BTSPGXY2AFKmEOolq56zK3XXwxbZP1UN5mc_ZJlhnT7UuSthKtdUuDwafUlEjAuL_m48mo5L-3ODAXeGocEqV6V10I2WTC-MvHjApUJgWf6PtOALVjqhMImGCDb4oD746XpL_VtAEoxy5uT1kSicjxln1sikYVNKF6vVMcMhD6kPGnEraBwmtzqalFvUF4vuJageEAb3XDtEC0AwHgfbFvfr4TAtj0FxxEdfGMoHY8KbckXHO1Gzj3zbRT8vlYImH32OxobqszmGV3wTty0RxQRdaf4-XlkojwDKmvDUlf8Y0BKlvjAt1_wZIBZe-mcPQp4FImx7eDtQQCS5myVe_4YUFLCgTiUn8x6_bBlu9gzy1DRhdW2mN4CQXWnzebuF5Kt_n_8r57gecDNvsBP7muJxqFhWucHEI83f_YHWCzwzKIvOykjDzWCJ9McEfoWX49AXg18Omt1bVs85rKrNO1fORK8CLeBJMkzOWfeEsJUOEw6yYsl6LBM_QbQ&cid=CAQSPgDq26N9o1qNCJKbap5XTFWn5fPdy-dkSIc06EsTAPjGe4zxG55c5zIABEt2SXmAO5BZVGtjhf9rtx65S8YOGAEgDg&rfl=1%2Chttps%253A%252F%252Fwww.file.io%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5ebd2e1b961bbef77f1bf08b08af4dad8e349dfdf2bfcf7272d314c49cf23276
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:34:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
832
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11393
x-xss-protection
0
server
cafe
etag
8974296396314687744
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Nov 2022 14:34:42 GMT
html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame F7E6
170 KB
59 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
Origin
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 16:47:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
79277
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60311
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 03 Nov 2022 16:47:17 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221101/r20110914/elements/html/ Frame F7E6
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221101/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dw_feWGYA3795LnFBJGR_9qJL9WxC0hqP7TE0PvbkHNdF9J4oUE95Y1qACYtp1DKKnFMCOqXq8lPXI_eIxy6BTc657Kp7nqtiJ6ldgRruBLvCsM9F8gjKA2-bo_WRo9lF1dSyIR5LC9_ig6-zN0KmxUx0MVD_G5rNEMPge9WtFElakHyo&dbm_d=AKAmf-BGp4LPTA_8Veq2uQ-9bfXEvKyZ2Dg_lpacCwwhCcJ5lh8y6t40IV_xa3qqX6S0C9VjHlTUCWerDkkSuQF_EJjOiXcwu9pviv5T-fuKs7kS5oSodADDeiscHB3QEkyKCdZFmNnWAEz-PQq2PE_1whcmPkZp2ZH-oCH7283-5-BNVXS7pLLZXoD-T44xnj0eZ9EkuRQf6D963wkaqWxQLNhFQ4Ig0sQS7vA1uAerdpzQdHt-rAMUNDgTQaUn8LZ5eSpkDVDvNtXJMCEytCHFbFH3nJTRipuQPGuKO0aHsJNT23Ajrhw0dkNjahr2qhNT-QWY_otwpuXQ88o86-t6J8bFQNkrETXFn7P6k6LXTJjPie2B8aMRBfROSHN3EzU2EdVJW_3Q1rlQNMHLzen-5uDzq6s447VL-GbZn7eXAnbmXRuBb7Ec04DyPkrhvoFSSOcLIrmAF9FOI6Bb9GB-o3XknvdzXNRs2LG3Tid2-NI5xBuz3GErtah5f9W0PC2tiFT9cww9VCtZjOkyQrjvoNDSjMjuVADx8wpBrJ_CjPNw_GyCAWAnK7S2N0Yeoxaz6R5x8oLTstcqxHdHKzOSpwQrkacxQm3VvK82NmtpnimL8uHCR0yVd-TCJSYpZzA3xf-18sadOVOmZEoMc20pS056AH9NwEp-5l1rHtYU8abD7ps-jwfJ6rlwdxIQQy1Umae3NSY8GSJHOiauhYsAX2P1mK7T6c9Hl4y9rX1V-iEGtBW5ump8wzYvzj0P9iCHQyRvUck3t1-FCtoT-mXBSIMwUOzV9igIwlPnpgRejQLsiWHTvIRl01nEoCgC7ctHz8OSfQfA0rbuK8NGTgoswv170_PV3ZbsTyRioqqFCwCR_TsO1JWnqvKOg3tVvCW5W4tpILVuzI0Y4CntcGA8vWEQf1nYGWDeciuoElaCzHfQcDORWYNA6Lcogh9g0MMpVpZCBOvFkySnwhkdiDCyG1UiJLl9hz82Wo61BMjNIG9HUC6WA0rR6aUIUpJsFd-I4ZaBZdOGhtsqN7Gzp6CfmtvGWtykMJ9bjOj824XjnR0MmrB35Lmd4e1xQXpoEGf3Kl6NqKNrrvRO_Iu8dyOeMINZ-FAhx07BxBzUmLPvuZvWkFD9upfPPkDMeWKbMC2Z3t7vVxhCuMD7JQvevhqgonmfTlIFq-uDCBrUvADnrC4AV7CNptX4YWL985e58gl6l_XlThLWln0ArUcCmLbiJYjWC9RM7u5MyXBlNE2woH1u7saXeCNqu9652eUTdbboY5z7M_uehptrQmIdncahoEl4I2tVfNTW-6O1_MSdlMbMACCZWwXfXM19O82GvUyEritIneku_PVPGz85w1dmJ8VAPEAXLXAiDCKrhdnQ_v2PRrVcrfXEQ__DTqVSkfqqGssHM6Z6wD6GBobU06BbY9lWeWLxWIhLWRaQSUTLJagPUSxjN933syT7vDP1nmf2pCRmAPAIK0y8gH6iz4hU0VHpSgQ6G1L8IAOFr9512ajNPAHMplDfSU4oO5M0G1dt9p5F9f4JA9iQ12MYEZvzycNUkVXfH5ykPBGrrsz4n85ogxzeD1sx1WzFhw69lA_U1YVAjmZpTWQhjimoKBN4CxiZwDNQOvHAyNn3zkswA_aCjta_imvQqwCj1c8XSiIB0s1622N8gvg-8cwMQOhyUzsrlE171mIEj9jGx0X_s0By1HjfJhmfK_e_2WrZafYLtIBlBr1WV1AO9IcivfV3jJFswvwBWOvaX8eMoFyL_C-HykrS1brWtheFQyzLTTYXuEnii3L5HseBg8vWgf4G0uS9GhyeOXvK2SEncewJHwgDW7i6pYmziDhdGBalrOJnLUoyGNyLshWxp2F91pQMqj6WaSuXZXrccb4vNwBpa5MZYH1CR-85wkcyd6Tbz3cVy1lg8zOHrXrtMdxUaFBWL9dF4D7ye7aDGdBni1vAhj9ihwwltkaiFItRYjKbiUyN2022SZWxfa4F8KY8fisK53wk-6IJZhx_GxgBYISoegBw5E2heyrg6KsWDFOtohK6ACgbioF9gF6jSEcNOah4DU27i_U8WV_EkEQ9VFA-CkedgFp-Miojt3CGINIC4OhkD_ZW2nglnWWZkNrmwyOl3IehN65LHv6nKqyHWYRyd_KsfxMRTD0WH0okn0dgJyXUktpc8l-pswezdl8UowPa0Aap1QSIOcevOhltq53uqpI8hXkUiKiUHGmCSs53yqP2s-N82KsssO4X0p24KMY6GPNVj2zUhj_cLdKRR3Lwg6UBNH9bYOhKzlXSGesWfPTEHjkk95KKYw2f62Zg37Gst8IBPvAjxpSOFaMN-1BFdT0m245dZN9gU-9jR5vt05SUt4hsADiZ77VIjnek1UrTjjR_kPrij9g12d9k20aKnEard0VPFcUn3_EtX0zYfaJs8_RQglmqBV6R8_iSr2NNw3jXMOKqC10rIBHWD5LnVIwEdbfzkX0OdTd9x3MyVKMehY1Cc6biLc6mfSrpjCVjNZZmsd0tG7pLqvRfDEIuwZOhS6aJj9WN3jVwtGw6UkEwY5ODh_nuny3Rqh2Idhvc49ZhgksAl-lod8tTgXzRK_j45Q4vAFcTy2wGsR0QECebmD6TTj4yVsbbt2t812reiYGjjotnhlwnXMsQ7JLnVz4vrmiONkSqab4EeXaFGQ_U0v86kuZ4a5smZZsqcwsDh8TxhMY_71pLsZVFbZn2YoMBxDDN_NlX39u9YVDC2zgkMQfPF-syjKQfwuOfrTkOeFMw049eEX-WNI_3F4bk_T3QPdbz1ah98kduSrDIFAlcZmJF-fdqwDI0fjqyTVZlAyIurkQGf7mDlbVB2-mORd8Bn-4yzaaLHyk2msugBgakvHFxt9gwlVD6SEWVa8ppq-tDSBIJeOZxKR1OkxXoAyeEa7k8JvcJjMQoIp9ZiKjLyyZ4Jf2NWFQjAgcuaACHR_EZiQQgKWGitfWSbtygrkpwUQLWsmHKJoZtu8n29cE6XUeoMgrM_d11sm5yRQvAGPo9xlvtfF1PnmzVyUS60JR8WBY0CeQnoLNic1W7RgkPfrdK8DxyLFJ08OJG-2jkHIfSFs1vlUOBYeSE0cMqIVOoGVQQ2ZYErdpthKevZSJozDEezIXdWhVAjYAsowRW20OJN7quJv6IxhDI9XFzk51dyfKMjjBj7MiTgovtgen6md8SS5tegHjCDU07SXyT2eb24qv6P58W6W-0_A-ADeP-4XmVYqgJFrQOtLQdWqlW_dzvtmTZj8hRNz92EP_eCzuWk8_2vJCII3DKy7vY1ILtUVqSd8KoJNmMglz4JkEiYSW9egOJp8pTiJUbk2vZTW-8cpd2w3WKXN6Tv8UyULw5l-sXrwJO5Fd4M7bih-A-uqk9sE_XV5Y1HbMnNdY4cmlhN92xpZnYri9kR72_E4pjRXbSShQ&cid=CAQSPgDq26N9o1qNCJKbap5XTFWn5fPdy-dkSIc06EsTAPjGe4zxG55c5zIABEt2SXmAO5BZVGtjhf9rtx65S8YOGAEgDg&rfl=1%2Chttps%253A%252F%252Fwww.file.io%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:34:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
865
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2986
x-xss-protection
0
server
cafe
etag
3296546412363819624
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Nov 2022 14:34:09 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221101/r20110914/ Frame F7E6
30 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221101/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dw_feWGYA3795LnFBJGR_9qJL9WxC0hqP7TE0PvbkHNdF9J4oUE95Y1qACYtp1DKKnFMCOqXq8lPXI_eIxy6BTc657Kp7nqtiJ6ldgRruBLvCsM9F8gjKA2-bo_WRo9lF1dSyIR5LC9_ig6-zN0KmxUx0MVD_G5rNEMPge9WtFElakHyo&dbm_d=AKAmf-BGp4LPTA_8Veq2uQ-9bfXEvKyZ2Dg_lpacCwwhCcJ5lh8y6t40IV_xa3qqX6S0C9VjHlTUCWerDkkSuQF_EJjOiXcwu9pviv5T-fuKs7kS5oSodADDeiscHB3QEkyKCdZFmNnWAEz-PQq2PE_1whcmPkZp2ZH-oCH7283-5-BNVXS7pLLZXoD-T44xnj0eZ9EkuRQf6D963wkaqWxQLNhFQ4Ig0sQS7vA1uAerdpzQdHt-rAMUNDgTQaUn8LZ5eSpkDVDvNtXJMCEytCHFbFH3nJTRipuQPGuKO0aHsJNT23Ajrhw0dkNjahr2qhNT-QWY_otwpuXQ88o86-t6J8bFQNkrETXFn7P6k6LXTJjPie2B8aMRBfROSHN3EzU2EdVJW_3Q1rlQNMHLzen-5uDzq6s447VL-GbZn7eXAnbmXRuBb7Ec04DyPkrhvoFSSOcLIrmAF9FOI6Bb9GB-o3XknvdzXNRs2LG3Tid2-NI5xBuz3GErtah5f9W0PC2tiFT9cww9VCtZjOkyQrjvoNDSjMjuVADx8wpBrJ_CjPNw_GyCAWAnK7S2N0Yeoxaz6R5x8oLTstcqxHdHKzOSpwQrkacxQm3VvK82NmtpnimL8uHCR0yVd-TCJSYpZzA3xf-18sadOVOmZEoMc20pS056AH9NwEp-5l1rHtYU8abD7ps-jwfJ6rlwdxIQQy1Umae3NSY8GSJHOiauhYsAX2P1mK7T6c9Hl4y9rX1V-iEGtBW5ump8wzYvzj0P9iCHQyRvUck3t1-FCtoT-mXBSIMwUOzV9igIwlPnpgRejQLsiWHTvIRl01nEoCgC7ctHz8OSfQfA0rbuK8NGTgoswv170_PV3ZbsTyRioqqFCwCR_TsO1JWnqvKOg3tVvCW5W4tpILVuzI0Y4CntcGA8vWEQf1nYGWDeciuoElaCzHfQcDORWYNA6Lcogh9g0MMpVpZCBOvFkySnwhkdiDCyG1UiJLl9hz82Wo61BMjNIG9HUC6WA0rR6aUIUpJsFd-I4ZaBZdOGhtsqN7Gzp6CfmtvGWtykMJ9bjOj824XjnR0MmrB35Lmd4e1xQXpoEGf3Kl6NqKNrrvRO_Iu8dyOeMINZ-FAhx07BxBzUmLPvuZvWkFD9upfPPkDMeWKbMC2Z3t7vVxhCuMD7JQvevhqgonmfTlIFq-uDCBrUvADnrC4AV7CNptX4YWL985e58gl6l_XlThLWln0ArUcCmLbiJYjWC9RM7u5MyXBlNE2woH1u7saXeCNqu9652eUTdbboY5z7M_uehptrQmIdncahoEl4I2tVfNTW-6O1_MSdlMbMACCZWwXfXM19O82GvUyEritIneku_PVPGz85w1dmJ8VAPEAXLXAiDCKrhdnQ_v2PRrVcrfXEQ__DTqVSkfqqGssHM6Z6wD6GBobU06BbY9lWeWLxWIhLWRaQSUTLJagPUSxjN933syT7vDP1nmf2pCRmAPAIK0y8gH6iz4hU0VHpSgQ6G1L8IAOFr9512ajNPAHMplDfSU4oO5M0G1dt9p5F9f4JA9iQ12MYEZvzycNUkVXfH5ykPBGrrsz4n85ogxzeD1sx1WzFhw69lA_U1YVAjmZpTWQhjimoKBN4CxiZwDNQOvHAyNn3zkswA_aCjta_imvQqwCj1c8XSiIB0s1622N8gvg-8cwMQOhyUzsrlE171mIEj9jGx0X_s0By1HjfJhmfK_e_2WrZafYLtIBlBr1WV1AO9IcivfV3jJFswvwBWOvaX8eMoFyL_C-HykrS1brWtheFQyzLTTYXuEnii3L5HseBg8vWgf4G0uS9GhyeOXvK2SEncewJHwgDW7i6pYmziDhdGBalrOJnLUoyGNyLshWxp2F91pQMqj6WaSuXZXrccb4vNwBpa5MZYH1CR-85wkcyd6Tbz3cVy1lg8zOHrXrtMdxUaFBWL9dF4D7ye7aDGdBni1vAhj9ihwwltkaiFItRYjKbiUyN2022SZWxfa4F8KY8fisK53wk-6IJZhx_GxgBYISoegBw5E2heyrg6KsWDFOtohK6ACgbioF9gF6jSEcNOah4DU27i_U8WV_EkEQ9VFA-CkedgFp-Miojt3CGINIC4OhkD_ZW2nglnWWZkNrmwyOl3IehN65LHv6nKqyHWYRyd_KsfxMRTD0WH0okn0dgJyXUktpc8l-pswezdl8UowPa0Aap1QSIOcevOhltq53uqpI8hXkUiKiUHGmCSs53yqP2s-N82KsssO4X0p24KMY6GPNVj2zUhj_cLdKRR3Lwg6UBNH9bYOhKzlXSGesWfPTEHjkk95KKYw2f62Zg37Gst8IBPvAjxpSOFaMN-1BFdT0m245dZN9gU-9jR5vt05SUt4hsADiZ77VIjnek1UrTjjR_kPrij9g12d9k20aKnEard0VPFcUn3_EtX0zYfaJs8_RQglmqBV6R8_iSr2NNw3jXMOKqC10rIBHWD5LnVIwEdbfzkX0OdTd9x3MyVKMehY1Cc6biLc6mfSrpjCVjNZZmsd0tG7pLqvRfDEIuwZOhS6aJj9WN3jVwtGw6UkEwY5ODh_nuny3Rqh2Idhvc49ZhgksAl-lod8tTgXzRK_j45Q4vAFcTy2wGsR0QECebmD6TTj4yVsbbt2t812reiYGjjotnhlwnXMsQ7JLnVz4vrmiONkSqab4EeXaFGQ_U0v86kuZ4a5smZZsqcwsDh8TxhMY_71pLsZVFbZn2YoMBxDDN_NlX39u9YVDC2zgkMQfPF-syjKQfwuOfrTkOeFMw049eEX-WNI_3F4bk_T3QPdbz1ah98kduSrDIFAlcZmJF-fdqwDI0fjqyTVZlAyIurkQGf7mDlbVB2-mORd8Bn-4yzaaLHyk2msugBgakvHFxt9gwlVD6SEWVa8ppq-tDSBIJeOZxKR1OkxXoAyeEa7k8JvcJjMQoIp9ZiKjLyyZ4Jf2NWFQjAgcuaACHR_EZiQQgKWGitfWSbtygrkpwUQLWsmHKJoZtu8n29cE6XUeoMgrM_d11sm5yRQvAGPo9xlvtfF1PnmzVyUS60JR8WBY0CeQnoLNic1W7RgkPfrdK8DxyLFJ08OJG-2jkHIfSFs1vlUOBYeSE0cMqIVOoGVQQ2ZYErdpthKevZSJozDEezIXdWhVAjYAsowRW20OJN7quJv6IxhDI9XFzk51dyfKMjjBj7MiTgovtgen6md8SS5tegHjCDU07SXyT2eb24qv6P58W6W-0_A-ADeP-4XmVYqgJFrQOtLQdWqlW_dzvtmTZj8hRNz92EP_eCzuWk8_2vJCII3DKy7vY1ILtUVqSd8KoJNmMglz4JkEiYSW9egOJp8pTiJUbk2vZTW-8cpd2w3WKXN6Tv8UyULw5l-sXrwJO5Fd4M7bih-A-uqk9sE_XV5Y1HbMnNdY4cmlhN92xpZnYri9kR72_E4pjRXbSShQ&cid=CAQSPgDq26N9o1qNCJKbap5XTFWn5fPdy-dkSIc06EsTAPjGe4zxG55c5zIABEt2SXmAO5BZVGtjhf9rtx65S8YOGAEgDg&rfl=1%2Chttps%253A%252F%252Fwww.file.io%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5ebd2e1b961bbef77f1bf08b08af4dad8e349dfdf2bfcf7272d314c49cf23276
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:34:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
832
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11393
x-xss-protection
0
server
cafe
etag
8974296396314687744
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Nov 2022 14:34:42 GMT
html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame B470
170 KB
59 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
Origin
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 16:47:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
79277
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60311
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 03 Nov 2022 16:47:17 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221101/r20110914/elements/html/ Frame B470
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221101/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AqeXKtvZ0NEbuV_21Hg7OvdzVTj3vgZS_IKFUs2prSlSRh4UvrCg4ZcFG9_qCXDDAapw8nw-3h2npC_xg8MprGqtZAntXhygD7NvGljzDGnD1m9g2pUgIEK6l0hvlS1vDsfxqz7l-UmB2-sDjfJHpAt3s5EonADgh9z_F28IJ-QrP0AXc&dbm_d=AKAmf-CFh5J-EbNf3sBueXdxkzwYVE_rwM4A-uDjrO4QBf8fmJJhSdE4cKd1nlRJexMCNmq3GbRZ7SW3YrIZ5sBYdDcn_vIe2uOKa28pQE6V-w82wyxneA-sRonorLDEmCEkDPzfXmORjBUiHSqsOPz15P_wIsFrnsmj525aveZpkPSMbRJll-CFgJHKxChZvCJy3fMvysBxBSSt6IayhMfHiwGPW9lkA2p7Dukv9HBFEOUqxK125GoZLg9W055GeSizxaTjUZ-93cdowP-G4RNxHx1C03LD7xVW3iNgtd_K35tMNONcTTz-k1g7smCp8FLgjXK_cOzmpD3qGqvuZJS7VazEGkhLUGrnztzb9r09_p4wsTtx7zB0h-ZoDzoWZBOgrFAItFT2N1NypR4C7Jxc3rqbszTz2baJrqvIyGowS5xeb9Hcs2texJJxTysKeE8HWHNymq27gUfK-KviBzP6ZbJLsgmneDztzWceSU2b2_Kss0rX-qXVvPKpTLX0rO-oWrp2SbI8soNPpZBTqc2Nfe0zxp17GoWsYx7nalg3xykhfOF4PlHM88oo5yDjNaz0c7EOKWNwh15ty0Flhxd7jfAiUYjlWYzX-6RGLDQi6XobW12fDq2FYIAZAxllfXQ5UdWOpR34y_-P4BzCOb_f4bxTD_PeDucVt6q-8WZMbBrDRdIt0TnuuhRI6UhY2D483u-veCrUEDzr_DiRQuD7Wb-vKwb3rUos6AavsSHNywHHX0UEEpRNZtnmrUSGB7BScXCKgZ1Gptzh0RPYEndsQZMbchL-S3nlnnYtUhhxd0nzD4rnH1Npj9zifnUM8HyYFYCORLWPJUK4j3_iSlUDDREvzOaWBwkskZJp8e52ZV_Zm7LBY2xNmbz3G5KcQswAywop-mQ1qpRbhXL6_dKCBxXKHjIIGeEnvSMZNDbEfNmviDAatwy1Ht8KgDM_5eROyE-tweH6Y8ZVZvtbhx6uOofuxXq_m294i4R1IBzM-qLqSFc1eUlM4nhSubufKVxWFKdL8Ot2rMJGxjUnFeKccA5bg-lEe42S441sLIyhG1ET5pbUXPW7X-JGOojMcRhgzqsyeF_JYatM_8tdYTDR7k4IpkGLUrmGlYe5qua3-4NeW3JmPYoHsBbCLYovhjmNJD-O7DPL_RyjU3t4AwR04pCiuTqPpwlpa795SfhAmw1uRmzMnc__rRaRn7juC3JpmL08s1tFMAuZ1Pm5bzK1N-L81N1aSlD4R37ULlnhynnMRchk8rC5XKMGlSQU14g7axlTl89AhjfZX2Y1warB52PowBDdxHWQc1zm289iKkIDELhxk7ZiHgWocHAAwtlwwO9MCB2CkS8do_xh2XOygQbuxWDrpLpQUucINwhMZw3hIHbMvsHSaWFSHwSmtyf_zzLQFl_PE0EQ-_zcbDXkii_pN3shbPhMYBSo0I4Yki4vaucoP22SCEAb3qL0vtsGfwY6-RAGgudlqfeVRG559wsyrJ8-pd-E7qQ-Cjr7rtNyji9cCOGcWPh2MG57M9AIUUuhcMvuDlEups1BaBQmW7qk0n1Ve5I-Gq2XCbvFE-PK5dT8Jmj0UhLRBZO8_Rn70VoDMlr5C00-wYF1IGEoCcFsFKllZE5IwkYTteGdW0zypRUkvRJ6-nHsnovDv_lbblfiwrd73AxKw0_CiImeCR_hedBGex18T5Y0zRkZ2AEUBWDMhOgzlEH09uhr6s7IAXKnFTHdFKMVsJ9Im5PzXn5wZz6SXAtO4FfAy1uusoWLPMSF2b5rKheJXHNNtEHunFZ9jvYRyvKcx693Zz-E6ly7q62pe9i56zolFjWNdk80A-6LnhelApFbcU-m7r79SwutrQnJZJwOT4w4eTc5TdLWABWJVxCzRg7La8K351XrDDjG6tNaL3V6WcB4QUvKUN2ZhPvPoA36pn7zqFsghx8yPh_Bqe2UM0LmKeZBn5kCqCL0JDPOz5K3ZSn0KBuAgu8LcpTz9jvaMrhnjzjcjmzTUGQNrFPYHYLhe95SBrSiZpGp-N5LRUgYknsAZwvFSo3HfUJX4iWA4vCUVhCu9ODXXjcMS700JSko852AD2WkNeXk_bw57CCrqAKFmIYmsIYVqZ8cyeIlf-eon03uad6ntEK3fl7pylARFU1PKwg38XvXfBF13MklMh0rgAutUxKNAuCrWr19ei_h95PHw3RX1K96O6BF49wE0Jjyf1kuw_xYr_ZF-8NYCxtiHIL1TikQJ3GemXw6OVlg8T0a4xf0QtgdNLHlPdOzkVDEFUTRqx5wy4kco9KNpx6OY1wlqxzjLl6ssVjGho873AoGJP5jU9bxwCFRx9m75zEgGv9uCPdBK4u-tfIZddzBFgX2U_Rpq9plK8ydjnTm7S-V0ys_5MjhsNVDsd2EOXK8eruDoOKXsE9uh4Md72jEIQbzOPN7CBvvz5Cj04LJcPDS4JS0QoyWHvDNqc_xPIhkYpssWcbCs63UEIx7pqQt7LUT8jbv9RWQhqFboTmiAwke9Xw1oVzV8zMkYozj8j7dHs0HFA4C6V5sjuDBsRleaaZHBzvPzu90K2Tq2fnjNNKp3njWqR3KcLTojqgfNBieOfGR4eH2ao7UfaTTnjwkt2W3x_4q80QaX7y4JVdL-95VrmSg4ar0rx8XoRdbxpn9KgE1d4HJJNhmfsl0Nu-qq2H5SysNNZdYac6XK55dQhpwzymuoCkN374fZcdvHwnLnli6gFYCIf-phkL8ez3Yt5M7UvcFqecvsb6Lo5_6uSwG0vnbE0mufhY9M8LpNo745rO8EQNEZwCiJYwc8tdRcmryFVqssiCpFkcjQxQljkQBj1YT5pk_JuO3RQSqPdR7-6dw6GgJmgqp4TkAe7c92zrc-eoJv_x1v6BsKyXottBpwJz6EEHiikwY5Gak4JxZF46txKjWXTD1XuaBgQxVnKPHJvJhILoq7JjQ11OYOSlp2tm52tAMaX2aKEJtP31emNMWokAVhFMdUa_RcSqaeK7yZYNNBxT86e0fOdL1p6iblSxoMVGpuhXTTpzYaUqI4cgm8qVK0HJ6HdH_Rdkj1NCv6fzeS_MZvVzK55RGfR_4SNTcnxAbnju5Cd64TX73BT31R3tl-vBmhp8PaHFNJiKkRt0E9Nc4LyKSaqdZXFgsthHDA3avFjZJ4kXkjunveP8_3w8-YyVIgkwZQk1cr_vA2jBLGPb_WKUzq4MBmvIoxZgYkIp1OI71cIN7wRxbcWjnlgvdnQEEAdDDq-37K3nYxPjwa2VcTqcltlUUZmFZCb0hOTnFy3zUCMF4garOD0DWCLE2IAm3yY2JyJEHXJWrFby2ttOiebr4X9DbCrURCQYn8HPAPe_1mQ9Jyb36aB5dYSloIshdN2U-IJZZeQUuyb5qlgvwSvPvH2oNd4JlEyPn_CSNhJx_woU1aPO4EjFrzxplTx0&cid=CAQSPgDq26N9o1qNCJKbap5XTFWn5fPdy-dkSIc06EsTAPjGe4zxG55c5zIABEt2SXmAO5BZVGtjhf9rtx65S8YOGAEgDg&rfl=1%2Chttps%253A%252F%252Fwww.file.io%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:34:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
865
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2986
x-xss-protection
0
server
cafe
etag
3296546412363819624
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Nov 2022 14:34:09 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221101/r20110914/ Frame B470
30 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221101/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AqeXKtvZ0NEbuV_21Hg7OvdzVTj3vgZS_IKFUs2prSlSRh4UvrCg4ZcFG9_qCXDDAapw8nw-3h2npC_xg8MprGqtZAntXhygD7NvGljzDGnD1m9g2pUgIEK6l0hvlS1vDsfxqz7l-UmB2-sDjfJHpAt3s5EonADgh9z_F28IJ-QrP0AXc&dbm_d=AKAmf-CFh5J-EbNf3sBueXdxkzwYVE_rwM4A-uDjrO4QBf8fmJJhSdE4cKd1nlRJexMCNmq3GbRZ7SW3YrIZ5sBYdDcn_vIe2uOKa28pQE6V-w82wyxneA-sRonorLDEmCEkDPzfXmORjBUiHSqsOPz15P_wIsFrnsmj525aveZpkPSMbRJll-CFgJHKxChZvCJy3fMvysBxBSSt6IayhMfHiwGPW9lkA2p7Dukv9HBFEOUqxK125GoZLg9W055GeSizxaTjUZ-93cdowP-G4RNxHx1C03LD7xVW3iNgtd_K35tMNONcTTz-k1g7smCp8FLgjXK_cOzmpD3qGqvuZJS7VazEGkhLUGrnztzb9r09_p4wsTtx7zB0h-ZoDzoWZBOgrFAItFT2N1NypR4C7Jxc3rqbszTz2baJrqvIyGowS5xeb9Hcs2texJJxTysKeE8HWHNymq27gUfK-KviBzP6ZbJLsgmneDztzWceSU2b2_Kss0rX-qXVvPKpTLX0rO-oWrp2SbI8soNPpZBTqc2Nfe0zxp17GoWsYx7nalg3xykhfOF4PlHM88oo5yDjNaz0c7EOKWNwh15ty0Flhxd7jfAiUYjlWYzX-6RGLDQi6XobW12fDq2FYIAZAxllfXQ5UdWOpR34y_-P4BzCOb_f4bxTD_PeDucVt6q-8WZMbBrDRdIt0TnuuhRI6UhY2D483u-veCrUEDzr_DiRQuD7Wb-vKwb3rUos6AavsSHNywHHX0UEEpRNZtnmrUSGB7BScXCKgZ1Gptzh0RPYEndsQZMbchL-S3nlnnYtUhhxd0nzD4rnH1Npj9zifnUM8HyYFYCORLWPJUK4j3_iSlUDDREvzOaWBwkskZJp8e52ZV_Zm7LBY2xNmbz3G5KcQswAywop-mQ1qpRbhXL6_dKCBxXKHjIIGeEnvSMZNDbEfNmviDAatwy1Ht8KgDM_5eROyE-tweH6Y8ZVZvtbhx6uOofuxXq_m294i4R1IBzM-qLqSFc1eUlM4nhSubufKVxWFKdL8Ot2rMJGxjUnFeKccA5bg-lEe42S441sLIyhG1ET5pbUXPW7X-JGOojMcRhgzqsyeF_JYatM_8tdYTDR7k4IpkGLUrmGlYe5qua3-4NeW3JmPYoHsBbCLYovhjmNJD-O7DPL_RyjU3t4AwR04pCiuTqPpwlpa795SfhAmw1uRmzMnc__rRaRn7juC3JpmL08s1tFMAuZ1Pm5bzK1N-L81N1aSlD4R37ULlnhynnMRchk8rC5XKMGlSQU14g7axlTl89AhjfZX2Y1warB52PowBDdxHWQc1zm289iKkIDELhxk7ZiHgWocHAAwtlwwO9MCB2CkS8do_xh2XOygQbuxWDrpLpQUucINwhMZw3hIHbMvsHSaWFSHwSmtyf_zzLQFl_PE0EQ-_zcbDXkii_pN3shbPhMYBSo0I4Yki4vaucoP22SCEAb3qL0vtsGfwY6-RAGgudlqfeVRG559wsyrJ8-pd-E7qQ-Cjr7rtNyji9cCOGcWPh2MG57M9AIUUuhcMvuDlEups1BaBQmW7qk0n1Ve5I-Gq2XCbvFE-PK5dT8Jmj0UhLRBZO8_Rn70VoDMlr5C00-wYF1IGEoCcFsFKllZE5IwkYTteGdW0zypRUkvRJ6-nHsnovDv_lbblfiwrd73AxKw0_CiImeCR_hedBGex18T5Y0zRkZ2AEUBWDMhOgzlEH09uhr6s7IAXKnFTHdFKMVsJ9Im5PzXn5wZz6SXAtO4FfAy1uusoWLPMSF2b5rKheJXHNNtEHunFZ9jvYRyvKcx693Zz-E6ly7q62pe9i56zolFjWNdk80A-6LnhelApFbcU-m7r79SwutrQnJZJwOT4w4eTc5TdLWABWJVxCzRg7La8K351XrDDjG6tNaL3V6WcB4QUvKUN2ZhPvPoA36pn7zqFsghx8yPh_Bqe2UM0LmKeZBn5kCqCL0JDPOz5K3ZSn0KBuAgu8LcpTz9jvaMrhnjzjcjmzTUGQNrFPYHYLhe95SBrSiZpGp-N5LRUgYknsAZwvFSo3HfUJX4iWA4vCUVhCu9ODXXjcMS700JSko852AD2WkNeXk_bw57CCrqAKFmIYmsIYVqZ8cyeIlf-eon03uad6ntEK3fl7pylARFU1PKwg38XvXfBF13MklMh0rgAutUxKNAuCrWr19ei_h95PHw3RX1K96O6BF49wE0Jjyf1kuw_xYr_ZF-8NYCxtiHIL1TikQJ3GemXw6OVlg8T0a4xf0QtgdNLHlPdOzkVDEFUTRqx5wy4kco9KNpx6OY1wlqxzjLl6ssVjGho873AoGJP5jU9bxwCFRx9m75zEgGv9uCPdBK4u-tfIZddzBFgX2U_Rpq9plK8ydjnTm7S-V0ys_5MjhsNVDsd2EOXK8eruDoOKXsE9uh4Md72jEIQbzOPN7CBvvz5Cj04LJcPDS4JS0QoyWHvDNqc_xPIhkYpssWcbCs63UEIx7pqQt7LUT8jbv9RWQhqFboTmiAwke9Xw1oVzV8zMkYozj8j7dHs0HFA4C6V5sjuDBsRleaaZHBzvPzu90K2Tq2fnjNNKp3njWqR3KcLTojqgfNBieOfGR4eH2ao7UfaTTnjwkt2W3x_4q80QaX7y4JVdL-95VrmSg4ar0rx8XoRdbxpn9KgE1d4HJJNhmfsl0Nu-qq2H5SysNNZdYac6XK55dQhpwzymuoCkN374fZcdvHwnLnli6gFYCIf-phkL8ez3Yt5M7UvcFqecvsb6Lo5_6uSwG0vnbE0mufhY9M8LpNo745rO8EQNEZwCiJYwc8tdRcmryFVqssiCpFkcjQxQljkQBj1YT5pk_JuO3RQSqPdR7-6dw6GgJmgqp4TkAe7c92zrc-eoJv_x1v6BsKyXottBpwJz6EEHiikwY5Gak4JxZF46txKjWXTD1XuaBgQxVnKPHJvJhILoq7JjQ11OYOSlp2tm52tAMaX2aKEJtP31emNMWokAVhFMdUa_RcSqaeK7yZYNNBxT86e0fOdL1p6iblSxoMVGpuhXTTpzYaUqI4cgm8qVK0HJ6HdH_Rdkj1NCv6fzeS_MZvVzK55RGfR_4SNTcnxAbnju5Cd64TX73BT31R3tl-vBmhp8PaHFNJiKkRt0E9Nc4LyKSaqdZXFgsthHDA3avFjZJ4kXkjunveP8_3w8-YyVIgkwZQk1cr_vA2jBLGPb_WKUzq4MBmvIoxZgYkIp1OI71cIN7wRxbcWjnlgvdnQEEAdDDq-37K3nYxPjwa2VcTqcltlUUZmFZCb0hOTnFy3zUCMF4garOD0DWCLE2IAm3yY2JyJEHXJWrFby2ttOiebr4X9DbCrURCQYn8HPAPe_1mQ9Jyb36aB5dYSloIshdN2U-IJZZeQUuyb5qlgvwSvPvH2oNd4JlEyPn_CSNhJx_woU1aPO4EjFrzxplTx0&cid=CAQSPgDq26N9o1qNCJKbap5XTFWn5fPdy-dkSIc06EsTAPjGe4zxG55c5zIABEt2SXmAO5BZVGtjhf9rtx65S8YOGAEgDg&rfl=1%2Chttps%253A%252F%252Fwww.file.io%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5ebd2e1b961bbef77f1bf08b08af4dad8e349dfdf2bfcf7272d314c49cf23276
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:34:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
832
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11393
x-xss-protection
0
server
cafe
etag
8974296396314687744
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Nov 2022 14:34:42 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 3621
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 12:01:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
96422
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 02 Nov 2023 12:01:32 GMT
truncated
/ Frame 3621
210 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0b72eb0324a818be910dabcb01ca472955f5218045548cae5a2d116c91e4f599

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/png
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame F7E6
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 12:01:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
96423
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 02 Nov 2023 12:01:32 GMT
truncated
/ Frame F7E6
210 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0081ebc6259e90b38bd84a9474508b1f3982ec53e0f9b5a2564881690be27bc9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/png
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame B470
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: 399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
URL: https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?v=1-0-39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 12:01:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
96423
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 02 Nov 2023 12:01:32 GMT
truncated
/ Frame B470
216 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2348071df1fe1bc293b01b8bc017b9c03c3c63bf2509612dc8ecc4e767e8bd7c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 5D9B
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
96422
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 02 Nov 2022 12:01:33 GMT
expires
Thu, 02 Nov 2023 12:01:33 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
index.html
s0.2mdn.net/sadbundle/9150192991151314574/ Frame 59AB
15 KB
2 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=2XFlhVqEF4&t=1&renderingType=2&ev=01_247
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b3ada068479e37083f09e08e6d1784a3355c9cf16c6b4d78909dc606220ce7ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
2279
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Thu, 03 Nov 2022 14:48:35 GMT
expires
Fri, 03 Nov 2023 14:48:35 GMT
last-modified
Wed, 14 Sep 2022 10:35:04 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 3621
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsthrZ3FQmyZGldCUi2hOpfJBdLQqzkC8aI2klrlA9Zs9yprW7NFvJQcCFAeaqGNpfAha1EOZBOhHvP5NmANERsbth8hulk6_bNrGL4OkbfdjhA506TJOZyMHig8JHkUxMd92iGl3a29Sea3-L_U3IS-rIpKOTHD8PGSC8rtNsG5M4qYHONBFBi31V7d1ey7UgtJMPeqgpOJGPR8ujqfT121_6BtqXhHv2QHvuixhxNifxVavSNb8vkMU6GEpbdhovTohzQeRQeFaVSsXaf-znWPyGLqGB2nEhL0EMDCKPXfZiCzD6HMTzVsfyMRGiNOvh56uYF4ontDuGuLij_UtgFHpMIcyyibyQAPHWMNfTlU0tfNTRyLxbkJaLkRQY7zxmONJuZLxxTXDko9TeW2RJWqxKYS9ueGMQ8XceeqZ2zKZasHd04I55DHECIJW4m01StNWZJzV6mXFHtYyiWh6DKjgmrflqxH3K6YFckRri1OVpeHJPjNKPHjSbhc4nPSoAtVv-s76x63ZI0MXMFc11tk9v-QEpjC4RYAzqomirAxAWk8Z2QHgLZv6pcG3fx4RJ5O3Nv3TcuH1z2uXpu21k5GYBA1VvyJWQKgPdM7MUM1N9Fp4fl68FymwLv6sk_T-JHCMVPYquLQIHiczX2x54mfD2YSzkqzGR5Y78KbCvyHR2zLoqMvFsC1BoQ4tX6m8We84vjmUb4lflj77J66y8mNuZE4BVhErnWzf0VdF1DOUjmDFAKngL8pZErE6UO7ALsNKfrjCQboKRUKUYrmdWHxzTQ8k7v_NiJSPkpxhzbg_bzdQ1_qEA4z5bWO-aJ9bsVblH7B0gmBA5lLdMOuHm-DLFMNs-t-sPRJwRu9t-EWwXIiLud3uCa0HWiPfO00lZiUncNjor5aS0R9ZGI57HO1piCAUPIrCEx9lNsjoovQJQlMD-zPD_jWOB33-zlf0pQp1LwLXmHBbcX2lMSBwneMK_u7ebDsyZTNeK2CIfwJTu4P7NmV7qCQu2dWLYczXhn1NJrS2LSFj5exgx8cy5_Y-HSAwNZrXybRIKOcLBnjKUubPdK1m4Z62-YwOezwXea_gSzuHvXHJZq9MSsHECMX-XobBND6Clbf65sIrKVmplV9Rkzzk93fvrH_z8NwuuahH-He5FUpgwxDyeggJiWEe6pefE-oqiGpWy-QLG-0eKSYGbGPxNSKLplVBCFkU4YfoCOaVyVN5J5aSkZRGd95jZlZNNlLzw&sai=AMfl-YQCDgosfS4UzFdCSNb0uwfX16c2r7M_0yZOe0ecdm0zaW1tvlXmGJFbMG3kFwS12FR_R-F7vsA7CBxbSBV_qRnqmGu8UeiyAXDz3ZvUTXBKGkXSrzGfVDz93rnEgXKXXX_qF5kzt3Gh-D9swk65llGnMhVqiPDsJTUDeIKA314FIfCrIcMZimoIC251VRNNlxKkGTE4_bltSAuQmq0qRUo3XG87-Steww-kktW-CR2CDIHsnk5Q42gN1pTD4DtrnV_qkY4NBzayWnZSRkOx&sig=Cg0ArKJSzH8ppUvMAhHsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=171&cbvp=1&cstd=164&cisv=r20221101.96647&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 03 Nov 2022 14:48:35 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Thu, 03 Nov 2022 14:48:35 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 7637
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
96422
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 02 Nov 2022 12:01:33 GMT
expires
Thu, 02 Nov 2023 12:01:33 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame B679
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
96422
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 02 Nov 2022 12:01:33 GMT
expires
Thu, 02 Nov 2023 12:01:33 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
index.html
s0.2mdn.net/sadbundle/9150192991151314574/ Frame DD2E
15 KB
2 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=v5JKLw99cE&t=1&renderingType=2&ev=01_247
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b3ada068479e37083f09e08e6d1784a3355c9cf16c6b4d78909dc606220ce7ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
2279
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Thu, 03 Nov 2022 14:48:35 GMT
expires
Fri, 03 Nov 2023 14:48:35 GMT
last-modified
Wed, 14 Sep 2022 10:35:04 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame B470
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstsiI9L7h6F9AMRnVa5n4T3EiBLfBIdxJ8KHb1odMhI9KNGla7IdSo8dja4AVL_XLV8k2b6q3YWb-eXeKVJWgnTfwp4LJE5ELQ-k4jgWSQYx6V-zcsYIOdpZWu23M8VTDNJuehhQb1FTvUxdffBPQ0-FtmLwETZ2T5NRZKNv5B_gFyoMGJV9dQ_SQGo9rlIAK9jVjTosJCb__K_6WdjO1ZyqStvbcDnKL01vZiwqEqAjfCfure-8L8OfHCZ_9l-c9b2Bum3r5Vbmhx2kvvh77S1rkAZLwV5KIWeboysyRKs2oZoFTJkcWqQlgyn5uwMeXP-ZVouFAGQa5STTN2_kD4OxZuyC2C90m9bCjAV0QGuYAct6tf8a8OvwjHEanK-dko5BYQcyjqtMqd2fsRDI_p6NPj0G9TufTPFs9mJkyiaMoqkEh2YHMDukNvPg1LBSi86LXpQYjvlIFjZ1-YNHpPAjeSQz-HtOZRsJnVQVCV5kwBHCRxCaUkRU1dWizCpi6_LuaWHSguotS_rMru8dfjrrpHKivw9r9kFw_gMrwBhS_2ha5nXhkVX9hMeTON3QvkT9WLl_Wqe7u0luOwurQ3pkyXZF5OELep7fwJnfK8cv5B7qetDLr6tcvYh9MUZ9ibLMlrFw3MOWlfHmvBPut_FBoVkOdQlwARtswZWhYtiiGoFpj1tWuHPZelKZcrubZjjoIFusnVgnAqnlLCKm-ra1JMF8W-ONHKCCu2Rx2JxfBKR5j-stGZlhzTaWIodjFiJCh5xsjw_DYC3jmx8qxW7f1uzNnkOjlFiWr_ZjkEGnLhHHOX2FOdfrzRH7qo4MJmvCUCDg8sUqrx3Q4xPgRbuhcWKg5NqpoeWAh5zrlZao4sP0AEOYXaErTQNz15QpNm10S_H_uET8PxU2suvcNFyDmZm9bNMz5oBNEriiEx-nyZHTB0WpFU6B3OtbGYMyyKYWJRtH1BFfylLKitZUvkVLCykCgAfKNHiVpLgqqOyTr9SInHHRYzs8B5QxaTSAdr-0tg4xzTN341iKp6laiXaLnVs4OK-9wz-LTfR3HNtMbYe3zRDt1AyyOAewI9uH6Grmr6N5gVfBfIfnETd4-GAy_RbRA7KIalaOex0DGc5lQTgZWQ6Bm0g1Lp451gbeCgxJipRSGe1qnTvUL-G_xw5M-A-uih8AOJuKeo1z3z6sp6OofZTMJ6i9qo1a_-VA37ki2YYwZj8Tq-_ohwxa2-SYuXlSdTtb5fuL28&sai=AMfl-YSFN5zjUVBv7AfrD9sZQcQiEFB0BC_wUHUBns6A0iibhOM0s45-RxQBG10uLdP4UDeN7WvH0kCUDJoNtDBfz1vGhE-Cg866F1Bfx2Yc3k8FgbHNrLVJeY_IhtxUUYekMOv0-GVoKRuaSySJ3u4n_aspCK2fs9y_Zg6ngGJDz3n4fHATgIXPoMSzA9BaLPze87BohbxTyycIEoQGvMlNpEotf0Ufr-C60-ore_PfEsr9WOHWBLrZItNqrNwAybnrKh_wwODfbmR4SEPsuUkq&sig=Cg0ArKJSzB505ReLopueEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=166&cbvp=1&cstd=162&cisv=r20221101.80979&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 03 Nov 2022 14:48:35 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Thu, 03 Nov 2022 14:48:35 GMT
index.html
s0.2mdn.net/sadbundle/9150192991151314574/ Frame 7E1C
15 KB
2 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=CCfblklzsh&t=1&renderingType=2&ev=01_247
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b3ada068479e37083f09e08e6d1784a3355c9cf16c6b4d78909dc606220ce7ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
2279
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Thu, 03 Nov 2022 14:48:35 GMT
expires
Fri, 03 Nov 2023 14:48:35 GMT
last-modified
Wed, 14 Sep 2022 10:35:04 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame F7E6
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu6Kxz4RaAPdBBIGkmJh-z7ugYIfW8ZyAAzFGbz1bakReaHFuJ42ODuPcuRCcuCdh_Dl6cUDqpjnZMSiOqcoGCPI4v2mt6hWixObR8QQKcoP0qmf-ticJRvw4sWzn7PdAgs-N85HnlZ_EpN_gr1uVYeQpkwDNXPo7DMfkZaDzA3YjZV2GCLBNJ2iXDGANl73JYJbePI81rhujuHhEneJnhWf98CatwCVA0AIklM4WyEzHPfOBagtcton3z4CpVmHJCEBhHq1mNtJY4n_ScfzDPu_7vVSDkga_pl4gUOtZ7NkCJ_Q-7pFjFkfwZkyEUfi2Omi2ql5M1IMMKR5n2xyeQScwQsVpcqhBR6F5NtaLOprTCgs12HpN24l_cyVv2hXzhWaSJwEGSKaGqQHIdncsckbcRXnL5vwnly9uKeUMoCZo7V0y1heJxyumR2q2-Pu5TwMdRHq6LmiSkU6kR0qPEpLjT3TU2rSakoi5GJGjKTEpvIK3XzIeNCJCLm-ta5rpuq0rp8VPqjcep_DfiLhV6LV15Phkc1TVufvy1N11XuJ7ak6yVWAmHDRbNnrzxYGIwE095vJ2PG4sjmNDMADsg9c5-D2OY5au5GknFcWrjNLs4lusjwF5OL0zdk-AfnxoppKF6-9zNZNUqLSnhlhwXxiEENFr6eVWtGvG1Q0F1bVZCTYgQpLiJ2_HDTHsDtZ4fUNDHdSMU1psxpwuKy2WL0IYfeluH3_IVylDfJNVenfGGh92Yk-aH8u4Uh6mAAJY9MP1jZeQebEQUAb5rFzilYlhPWZRLcwo8Cw7Sj3E4Q7yv-sAUtihNM1BwGJrGu6nmFbmNXm8L5mx5hrj1qSk81rtilbdL7VcwQ1Y5r7d0U8LZertrObvmNuKfntnVPRoG_G_KkIonTO7UCaWCjO4pz5KJpWvcHbYEldHYDYBn0ORlReUnxgDaK5lEvNpDMuuQtq3cViQj-caoJI1pxNXyfIjlyk4EHdXzl-hXrzI6dVVNzy1pGGnvqbdg49Jc93F8nZuO5-IZiiOrvaUQbTj2S_Kn4Yx-bSz5CQJlIKKseEEvKyuv_PH75J-VDwDBDlr8JzFIJZrmDFuXQowjYzq7QieRfneke-oRxzKb3bFYP2wJ5v3EOWTRbrAzTg0mjy26NZKqoJMlVMmLBGxS4q-zBkH38QXnAaGdndrh7pka01fU9OwFlfNV9oykrunAzVpUKHtI4YksVkXjPYTN_X6g-Aqu7zF1zGh3_zG4&sai=AMfl-YTgSuqybFNApq7je-JcrrcMp-mt9PmW0eixFN9133qtPhGQYkfD7d7ETutkib-OXX7Yk6nuSqKgUwnOrNwLkW7tvhk5BzsM893xcuXeeYyzsObj2eXkjYYuyPfRK7j1wORUDa5ImSqZUeQXlFtdPRzxHVhP2Dv0owR1QiB2lqW365X1SVIxhya0XyaQsnEFCRp-1y1Lf06u0zN_U-pMZBE_fjFNw8b840P6PJ7FcUgbG5f7Ty-C8Y0TJN25NcILE9Y7mFs9vvqjfxwJV0WU&sig=Cg0ArKJSzCkO5-cCihTmEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=182&cbvp=1&cstd=178&cisv=r20221101.36207&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 03 Nov 2022 14:48:35 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Thu, 03 Nov 2022 14:48:35 GMT
1661867165592.css
s0.2mdn.net/sadbundle/9150192991151314574/ Frame 59AB
10 KB
2 KB
Stylesheet
General
Full URL
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=2XFlhVqEF4&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2030e278a681663d2dedd6ed24b6cc0baba1da3df22a5db62d3d428c2cf0bcfc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=2XFlhVqEF4&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 13:06:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92538
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2405
x-xss-protection
0
last-modified
Wed, 14 Sep 2022 10:35:04 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 02 Nov 2023 13:06:17 GMT
Enabler_01_247.js
s0.2mdn.net/879366/ Frame 59AB
118 KB
40 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=2XFlhVqEF4&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=2XFlhVqEF4&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 11:10:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13098
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 04 Nov 2022 11:10:17 GMT
1661867165592.js
s0.2mdn.net/sadbundle/9150192991151314574/ Frame 59AB
34 KB
11 KB
Script
General
Full URL
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=2XFlhVqEF4&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4989bc93c351231cf57c606028d58c3c35ec23a469cfe4475195db035df17fd0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=2XFlhVqEF4&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 18:58:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
244206
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11482
x-xss-protection
0
last-modified
Wed, 14 Sep 2022 10:35:04 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 31 Oct 2023 18:58:29 GMT
1661867165592.css
s0.2mdn.net/sadbundle/9150192991151314574/ Frame 7E1C
10 KB
2 KB
Stylesheet
General
Full URL
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=CCfblklzsh&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2030e278a681663d2dedd6ed24b6cc0baba1da3df22a5db62d3d428c2cf0bcfc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=CCfblklzsh&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 13:06:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92538
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2405
x-xss-protection
0
last-modified
Wed, 14 Sep 2022 10:35:04 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 02 Nov 2023 13:06:17 GMT
Enabler_01_247.js
s0.2mdn.net/879366/ Frame 7E1C
118 KB
40 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=CCfblklzsh&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=CCfblklzsh&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 11:10:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13098
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 04 Nov 2022 11:10:17 GMT
1661867165592.js
s0.2mdn.net/sadbundle/9150192991151314574/ Frame 7E1C
34 KB
11 KB
Script
General
Full URL
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=CCfblklzsh&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4989bc93c351231cf57c606028d58c3c35ec23a469cfe4475195db035df17fd0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=CCfblklzsh&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 18:58:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
244206
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11482
x-xss-protection
0
last-modified
Wed, 14 Sep 2022 10:35:04 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 31 Oct 2023 18:58:29 GMT
1661867165592.css
s0.2mdn.net/sadbundle/9150192991151314574/ Frame DD2E
10 KB
2 KB
Stylesheet
General
Full URL
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=v5JKLw99cE&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2030e278a681663d2dedd6ed24b6cc0baba1da3df22a5db62d3d428c2cf0bcfc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=v5JKLw99cE&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 13:06:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92538
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2405
x-xss-protection
0
last-modified
Wed, 14 Sep 2022 10:35:04 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 02 Nov 2023 13:06:17 GMT
Enabler_01_247.js
s0.2mdn.net/879366/ Frame DD2E
118 KB
40 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=v5JKLw99cE&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=v5JKLw99cE&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 11:10:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13098
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 04 Nov 2022 11:10:17 GMT
1661867165592.js
s0.2mdn.net/sadbundle/9150192991151314574/ Frame DD2E
34 KB
11 KB
Script
General
Full URL
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=v5JKLw99cE&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4989bc93c351231cf57c606028d58c3c35ec23a469cfe4475195db035df17fd0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=v5JKLw99cE&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 18:58:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
244206
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11482
x-xss-protection
0
last-modified
Wed, 14 Sep 2022 10:35:04 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 31 Oct 2023 18:58:29 GMT
HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
pagead2.googlesyndication.com/bg/ Frame 5D9B
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 06:44:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
115467
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16118
x-xss-protection
0
last-modified
Thu, 20 Oct 2022 10:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Nov 2023 06:44:08 GMT
HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
pagead2.googlesyndication.com/bg/ Frame 7637
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 06:44:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
115467
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16118
x-xss-protection
0
last-modified
Thu, 20 Oct 2022 10:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Nov 2023 06:44:08 GMT
HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
pagead2.googlesyndication.com/bg/ Frame B679
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 06:44:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
115467
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16118
x-xss-protection
0
last-modified
Thu, 20 Oct 2022 10:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Nov 2023 06:44:08 GMT
logo.svg
s0.2mdn.net/sadbundle/9150192991151314574/ Frame 59AB
3 KB
1 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/9150192991151314574/logo.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 13:06:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92539
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1365
x-xss-protection
0
last-modified
Wed, 14 Sep 2022 10:35:04 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 02 Nov 2023 13:06:16 GMT
logo.svg
s0.2mdn.net/sadbundle/9150192991151314574/ Frame 7E1C
3 KB
1 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/9150192991151314574/logo.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 13:06:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92539
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1365
x-xss-protection
0
last-modified
Wed, 14 Sep 2022 10:35:04 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 02 Nov 2023 13:06:16 GMT
logo.svg
s0.2mdn.net/sadbundle/9150192991151314574/ Frame DD2E
3 KB
1 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/9150192991151314574/logo.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 13:06:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92539
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1365
x-xss-protection
0
last-modified
Wed, 14 Sep 2022 10:35:04 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 02 Nov 2023 13:06:16 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 3621
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsthrZ3FQmyZGldCUi2hOpfJBdLQqzkC8aI2klrlA9Zs9yprW7NFvJQcCFAeaqGNpfAha1EOZBOhHvP5NmANERsbth8hulk6_bNrGL4OkbfdjhA506TJOZyMHig8JHkUxMd92iGl3a29Sea3-L_U3IS-rIpKOTHD8PGSC8rtNsG5M4qYHONBFBi31V7d1ey7UgtJMPeqgpOJGPR8ujqfT121_6BtqXhHv2QHvuixhxNifxVavSNb8vkMU6GEpbdhovTohzQeRQeFaVSsXaf-znWPyGLqGB2nEhL0EMDCKPXfZiCzD6HMTzVsfyMRGiNOvh56uYF4ontDuGuLij_UtgFHpMIcyyibyQAPHWMNfTlU0tfNTRyLxbkJaLkRQY7zxmONJuZLxxTXDko9TeW2RJWqxKYS9ueGMQ8XceeqZ2zKZasHd04I55DHECIJW4m01StNWZJzV6mXFHtYyiWh6DKjgmrflqxH3K6YFckRri1OVpeHJPjNKPHjSbhc4nPSoAtVv-s76x63ZI0MXMFc11tk9v-QEpjC4RYAzqomirAxAWk8Z2QHgLZv6pcG3fx4RJ5O3Nv3TcuH1z2uXpu21k5GYBA1VvyJWQKgPdM7MUM1N9Fp4fl68FymwLv6sk_T-JHCMVPYquLQIHiczX2x54mfD2YSzkqzGR5Y78KbCvyHR2zLoqMvFsC1BoQ4tX6m8We84vjmUb4lflj77J66y8mNuZE4BVhErnWzf0VdF1DOUjmDFAKngL8pZErE6UO7ALsNKfrjCQboKRUKUYrmdWHxzTQ8k7v_NiJSPkpxhzbg_bzdQ1_qEA4z5bWO-aJ9bsVblH7B0gmBA5lLdMOuHm-DLFMNs-t-sPRJwRu9t-EWwXIiLud3uCa0HWiPfO00lZiUncNjor5aS0R9ZGI57HO1piCAUPIrCEx9lNsjoovQJQlMD-zPD_jWOB33-zlf0pQp1LwLXmHBbcX2lMSBwneMK_u7ebDsyZTNeK2CIfwJTu4P7NmV7qCQu2dWLYczXhn1NJrS2LSFj5exgx8cy5_Y-HSAwNZrXybRIKOcLBnjKUubPdK1m4Z62-YwOezwXea_gSzuHvXHJZq9MSsHECMX-XobBND6Clbf65sIrKVmplV9Rkzzk93fvrH_z8NwuuahH-He5FUpgwxDyeggJiWEe6pefE-oqiGpWy-QLG-0eKSYGbGPxNSKLplVBCFkU4YfoCOaVyVN5J5aSkZRGd95jZlZNNlLzw&sai=AMfl-YQCDgosfS4UzFdCSNb0uwfX16c2r7M_0yZOe0ecdm0zaW1tvlXmGJFbMG3kFwS12FR_R-F7vsA7CBxbSBV_qRnqmGu8UeiyAXDz3ZvUTXBKGkXSrzGfVDz93rnEgXKXXX_qF5kzt3Gh-D9swk65llGnMhVqiPDsJTUDeIKA314FIfCrIcMZimoIC251VRNNlxKkGTE4_bltSAuQmq0qRUo3XG87-Steww-kktW-CR2CDIHsnk5Q42gN1pTD4DtrnV_qkY4NBzayWnZSRkOx&sig=Cg0ArKJSzH8ppUvMAhHsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=427&vt=11&dtpt=256&dett=3&cstd=164&cisv=r20221101.96647&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:35 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Thu, 03 Nov 2022 14:48:35 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame F7E6
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu6Kxz4RaAPdBBIGkmJh-z7ugYIfW8ZyAAzFGbz1bakReaHFuJ42ODuPcuRCcuCdh_Dl6cUDqpjnZMSiOqcoGCPI4v2mt6hWixObR8QQKcoP0qmf-ticJRvw4sWzn7PdAgs-N85HnlZ_EpN_gr1uVYeQpkwDNXPo7DMfkZaDzA3YjZV2GCLBNJ2iXDGANl73JYJbePI81rhujuHhEneJnhWf98CatwCVA0AIklM4WyEzHPfOBagtcton3z4CpVmHJCEBhHq1mNtJY4n_ScfzDPu_7vVSDkga_pl4gUOtZ7NkCJ_Q-7pFjFkfwZkyEUfi2Omi2ql5M1IMMKR5n2xyeQScwQsVpcqhBR6F5NtaLOprTCgs12HpN24l_cyVv2hXzhWaSJwEGSKaGqQHIdncsckbcRXnL5vwnly9uKeUMoCZo7V0y1heJxyumR2q2-Pu5TwMdRHq6LmiSkU6kR0qPEpLjT3TU2rSakoi5GJGjKTEpvIK3XzIeNCJCLm-ta5rpuq0rp8VPqjcep_DfiLhV6LV15Phkc1TVufvy1N11XuJ7ak6yVWAmHDRbNnrzxYGIwE095vJ2PG4sjmNDMADsg9c5-D2OY5au5GknFcWrjNLs4lusjwF5OL0zdk-AfnxoppKF6-9zNZNUqLSnhlhwXxiEENFr6eVWtGvG1Q0F1bVZCTYgQpLiJ2_HDTHsDtZ4fUNDHdSMU1psxpwuKy2WL0IYfeluH3_IVylDfJNVenfGGh92Yk-aH8u4Uh6mAAJY9MP1jZeQebEQUAb5rFzilYlhPWZRLcwo8Cw7Sj3E4Q7yv-sAUtihNM1BwGJrGu6nmFbmNXm8L5mx5hrj1qSk81rtilbdL7VcwQ1Y5r7d0U8LZertrObvmNuKfntnVPRoG_G_KkIonTO7UCaWCjO4pz5KJpWvcHbYEldHYDYBn0ORlReUnxgDaK5lEvNpDMuuQtq3cViQj-caoJI1pxNXyfIjlyk4EHdXzl-hXrzI6dVVNzy1pGGnvqbdg49Jc93F8nZuO5-IZiiOrvaUQbTj2S_Kn4Yx-bSz5CQJlIKKseEEvKyuv_PH75J-VDwDBDlr8JzFIJZrmDFuXQowjYzq7QieRfneke-oRxzKb3bFYP2wJ5v3EOWTRbrAzTg0mjy26NZKqoJMlVMmLBGxS4q-zBkH38QXnAaGdndrh7pka01fU9OwFlfNV9oykrunAzVpUKHtI4YksVkXjPYTN_X6g-Aqu7zF1zGh3_zG4&sai=AMfl-YTgSuqybFNApq7je-JcrrcMp-mt9PmW0eixFN9133qtPhGQYkfD7d7ETutkib-OXX7Yk6nuSqKgUwnOrNwLkW7tvhk5BzsM893xcuXeeYyzsObj2eXkjYYuyPfRK7j1wORUDa5ImSqZUeQXlFtdPRzxHVhP2Dv0owR1QiB2lqW365X1SVIxhya0XyaQsnEFCRp-1y1Lf06u0zN_U-pMZBE_fjFNw8b840P6PJ7FcUgbG5f7Ty-C8Y0TJN25NcILE9Y7mFs9vvqjfxwJV0WU&sig=Cg0ArKJSzCkO5-cCihTmEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=431&vt=11&dtpt=249&dett=3&cstd=178&cisv=r20221101.36207&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:35 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Thu, 03 Nov 2022 14:48:35 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame B470
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstsiI9L7h6F9AMRnVa5n4T3EiBLfBIdxJ8KHb1odMhI9KNGla7IdSo8dja4AVL_XLV8k2b6q3YWb-eXeKVJWgnTfwp4LJE5ELQ-k4jgWSQYx6V-zcsYIOdpZWu23M8VTDNJuehhQb1FTvUxdffBPQ0-FtmLwETZ2T5NRZKNv5B_gFyoMGJV9dQ_SQGo9rlIAK9jVjTosJCb__K_6WdjO1ZyqStvbcDnKL01vZiwqEqAjfCfure-8L8OfHCZ_9l-c9b2Bum3r5Vbmhx2kvvh77S1rkAZLwV5KIWeboysyRKs2oZoFTJkcWqQlgyn5uwMeXP-ZVouFAGQa5STTN2_kD4OxZuyC2C90m9bCjAV0QGuYAct6tf8a8OvwjHEanK-dko5BYQcyjqtMqd2fsRDI_p6NPj0G9TufTPFs9mJkyiaMoqkEh2YHMDukNvPg1LBSi86LXpQYjvlIFjZ1-YNHpPAjeSQz-HtOZRsJnVQVCV5kwBHCRxCaUkRU1dWizCpi6_LuaWHSguotS_rMru8dfjrrpHKivw9r9kFw_gMrwBhS_2ha5nXhkVX9hMeTON3QvkT9WLl_Wqe7u0luOwurQ3pkyXZF5OELep7fwJnfK8cv5B7qetDLr6tcvYh9MUZ9ibLMlrFw3MOWlfHmvBPut_FBoVkOdQlwARtswZWhYtiiGoFpj1tWuHPZelKZcrubZjjoIFusnVgnAqnlLCKm-ra1JMF8W-ONHKCCu2Rx2JxfBKR5j-stGZlhzTaWIodjFiJCh5xsjw_DYC3jmx8qxW7f1uzNnkOjlFiWr_ZjkEGnLhHHOX2FOdfrzRH7qo4MJmvCUCDg8sUqrx3Q4xPgRbuhcWKg5NqpoeWAh5zrlZao4sP0AEOYXaErTQNz15QpNm10S_H_uET8PxU2suvcNFyDmZm9bNMz5oBNEriiEx-nyZHTB0WpFU6B3OtbGYMyyKYWJRtH1BFfylLKitZUvkVLCykCgAfKNHiVpLgqqOyTr9SInHHRYzs8B5QxaTSAdr-0tg4xzTN341iKp6laiXaLnVs4OK-9wz-LTfR3HNtMbYe3zRDt1AyyOAewI9uH6Grmr6N5gVfBfIfnETd4-GAy_RbRA7KIalaOex0DGc5lQTgZWQ6Bm0g1Lp451gbeCgxJipRSGe1qnTvUL-G_xw5M-A-uih8AOJuKeo1z3z6sp6OofZTMJ6i9qo1a_-VA37ki2YYwZj8Tq-_ohwxa2-SYuXlSdTtb5fuL28&sai=AMfl-YSFN5zjUVBv7AfrD9sZQcQiEFB0BC_wUHUBns6A0iibhOM0s45-RxQBG10uLdP4UDeN7WvH0kCUDJoNtDBfz1vGhE-Cg866F1Bfx2Yc3k8FgbHNrLVJeY_IhtxUUYekMOv0-GVoKRuaSySJ3u4n_aspCK2fs9y_Zg6ngGJDz3n4fHATgIXPoMSzA9BaLPze87BohbxTyycIEoQGvMlNpEotf0Ufr-C60-ore_PfEsr9WOHWBLrZItNqrNwAybnrKh_wwODfbmR4SEPsuUkq&sig=Cg0ArKJSzB505ReLopueEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=425&vt=11&dtpt=259&dett=3&cstd=162&cisv=r20221101.80979&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: www.file.io
URL: https://www.file.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:35 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Thu, 03 Nov 2022 14:48:35 GMT
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 59AB
13 KB
6 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 01 Nov 2022 12:05:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
182556
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5437
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Nov 2023 12:05:59 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 59AB
7 KB
6 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
30a6ae785e6cd932d468df3abe3a4083a6e03e0d7df9ea01da31cbec7c833c2d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5798
x-xss-protection
0
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1/ Frame DD2E
13 KB
5 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 01 Nov 2022 12:05:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
182556
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5437
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Nov 2023 12:05:59 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame DD2E
7 KB
5 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8560c8b4b9be64921206abb4f7bb91e6f408fd00ecd9314998e8b57c43898ecb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5606
x-xss-protection
0
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 7E1C
13 KB
5 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 01 Nov 2022 12:05:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
182556
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5437
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Nov 2023 12:05:59 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 7E1C
7 KB
6 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
550ab21efca931c1ceb70f6b54a221e27137c3556dfa2b9bb361410f36440a9b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5787
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 7E1C
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 03 Nov 2022 14:48:35 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame DD2E
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 03 Nov 2022 14:48:35 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 59AB
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 03 Nov 2022 14:48:35 GMT
congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 59AB
98 KB
98 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:40:34 GMT
x-content-type-options
nosniff
age
481
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100772
x-xss-protection
0
last-modified
Thu, 05 Aug 2021 09:13:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 03 Nov 2022 14:55:34 GMT
86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 59AB
57 KB
57 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:43:04 GMT
x-content-type-options
nosniff
age
331
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58447
x-xss-protection
0
last-modified
Wed, 15 Feb 2017 10:23:50 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 03 Nov 2022 14:58:04 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D9B
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BFO3mwtRjY9OUM-qwx_AP0ZGF8AUAAAAAOAHgBAI&bg=!-Pul-7_NAAZPh4lnb4c7ACkAdvg8Wq3waFu7-mmOWrG4TNLOQNhyJL4mzwEeujuzJoO1Vh33UcOjmAIAAADZUgAAAAJoAQcKAIJIYrYgr5GqBvVud5ziktojNBcU-jxDNveDV-UAY4MkXmv7mgc9eq73yQNcCV2iR_tpE7bYKwHRFZ4DUk_zt9uML7kBedHwOtLoqJkfR0WpsLyT0BQCfMofp3V1cw9h-zC2Ega_XTE5OAnqKiadH1-pK76e_e-o4F5QQI00mdUMEOYlmQLvgPIbxNzFyuiDWLyV7kKcIIl5_4e6SU1uRkeMhstLG5-6KXOjDWMs3bLX9S-dLJbpGj7c1swds6b0eaHem1gaoBzkFNNJXHcbhvlwp8FKEtiVmwQuz8EDC2s9UUxR-a5BTKdGlo_S-5up4PxttAvCYGpJAzDtSRtUJL9TN4QyYHU0Ek2wlDc3SUj_SUmlsnRqEDrIm14YhRN_2asTlr8ISvdWBZ_6OAKf93N0MJM9MIzrIb3F8lBmkH3yL8R5TBxj7GUI_0h7kOHGCPilmynF1bXyjT-E2DSM93DO35901G0W_1pgWh2FnKbFoBQjFu6-65YmVcRxuJz3ibfTjQZ62bJfs097cgE_djnzensK4apIaEFwimIz2aUuqogBS6s6OQy85JOzxl11YeiEptTF8uPi4eCfAoH88uJj3-PY3zeQk_wWF8yEo2Tb2jK6y0FBiGmRyIKarSYm-XQTUL6qSnwnj4p9mLHUMkvi7KWI4GLGnU6tgJi3a9oaFVM2Uln_ZgOhhyxOcVlgt8iP35D7w-OsZwePzzYJDFaFNSFaUzPBSK03Fd6NJBEH5gqewA9YFGObsjfPAkUwcnUJ4MEuw3DwUrRfCwr5TR-Nai-u9tdZncmruPLcXjgECyjbOPFsCf290YrzdI6AdrlHFELKI5sIaXNvaPxbOn5ROTuBHbUriCUxv3vBMKDlz2FuAfygkxz1rgSrmad2nCHWVIWxn5Nq3WtUIZuPqWcCXvIYxsefDD4oxzzvQ3t-ur768T1w1rnlY0RaGQQLXNxmNR0XJwg9WtMRbc_CU2G8r5eaKMYmq4NG9Umg1KgC2Jb6zq-jI8BamseL_45lU0gzKjSdL-e_tPpW75-FMFAcG601GLn7rfZK_fjRcwQNCP7y_OjLu4kQ0VsXDmOy-QcYBW4n9hJH2BTA9Fwu1iDe7kjb5HImkpNppt1LdhcPEikvYwUMtriYHzl1MwsmrI_xm66Tui8XQIo-uyoxjtpBi453zQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:35 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 7E1C
98 KB
98 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:40:34 GMT
x-content-type-options
nosniff
age
481
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100772
x-xss-protection
0
last-modified
Thu, 05 Aug 2021 09:13:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 03 Nov 2022 14:55:34 GMT
86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 7E1C
57 KB
57 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:43:04 GMT
x-content-type-options
nosniff
age
331
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58447
x-xss-protection
0
last-modified
Wed, 15 Feb 2017 10:23:50 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 03 Nov 2022 14:58:04 GMT
congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame DD2E
98 KB
98 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:40:34 GMT
x-content-type-options
nosniff
age
481
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100772
x-xss-protection
0
last-modified
Thu, 05 Aug 2021 09:13:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 03 Nov 2022 14:55:34 GMT
86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame DD2E
57 KB
57 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:43:04 GMT
x-content-type-options
nosniff
age
331
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58447
x-xss-protection
0
last-modified
Wed, 15 Feb 2017 10:23:50 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 03 Nov 2022 14:58:04 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 7637
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BJ2ULwtRjY6q2NJOPgAfen7bQAwAAAAA4AeAEAg&bg=!gYKlgsbNAAZPh4lnb4c7ACkAdvg8Wst6-4nUOIspES4ZtEkovw6kr4mRxSSvI9xlcSXDpo4TuQoWxQIAAADXUgAAAANoAQeZAu-tXGDjpPkLzgxipQYxeOfrGzpWWL5s9pBa5kM84LX3pGgPON9qSHDGwsmIRy7gwSQ-5gzbWdlb_rz1yOM3WTmi3xG0_tyYo8rkFO0zpRWJ4cQbH_ji_RhLl0wqfdPosUGlApG3vlRg0PwGD2MkOw5wk6GMbf-JyDezx6KarqJEWJs_PJEzPHuNXX_EKDAUuhvKOTj-rmFWqJ6RD4J0-rNd6cAZW9zGJVlJz4lbx_M5ppSRC2zjBXVTLVXQwNChiMe7QDB2ZEpA-42131F1VpVz2bXW6b4WMf1uwW84GjyxmboanCZp_7IZL5bFeLYj_mGexOAbkdhk-fJmdWBo5Zr60Z1SfDyKINrjAjKCjyBNJ6VKKEwr2hf4_93pZgddCk5yIiY-ORVncHwc-jL-uKa3cMH38D2JaCyLWRzle6fY5BV4qQewLoZcxHSw5sxnBWj4IeSybj6R1Uwl_lOGhMieJWuh5QBvcxkDE7oYykhIylZewqcgTvfN703cFfcUqn_tMnqaqAD5w6dYR9qRyeY1za0HdA01_njsOB4QMdmGO4oMNUkQvIBKvWWW6iMl1uz7pGTUepErCSLeLcS4SBgHiahm_e6Mnxci1yoDdsPhF0BT-3Pt4yTWqHCLqrk22QidJBE8zZW30ThhQxzYsgGB1YNWxEheN7WUjoETXnXGPgwhnmoPq9nbZqT7_tB0DJ0qGkvXI2z_v3gSHaJ6wnmch-nTLYag1KPpfpAKe2Nzs_Sw_eutuArGpNtlNfKAVkfYASj0bK0UNKs111wCouoa4gV-ohsjlg786myIjFKyrf9BFru0cxu_GLPmPIIjwXWZTb8fgDu3k7dfVf-UhesufMmsiT8-XgyFlU83hzVzQ5fSzMhKD-ivl70i1RliUTnfs6gc-NCSnIvEzKEBXHbqnVYMv8p41ErBo4AD0Lh6iAyIlbUSQdsvJIcfXR-pbd0Z2hrcHMr07r2824XcAg3WinRW_UjjKXIn6KwpShEq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:35 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B679
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BWaoRwtRjY4LuNNizx_APz9Gd8AIAAAAAOAHgBAI&bg=!bW6lbirNAAZPh4lnb4c7ACkAdvg8Wjo9drvfsI0R3M3ey5mn99a20H6J2qinF1bwHe78DH_wxn_A5QIAAADJUgAAAAJoAQcKAGC0LoZYJLubPGPXtSIQjQB0NzXTAFU70KoMtXXsm4yoVthrulOHccia7AIS3l_o7aVsx-WTr5rvJH9FboBNbuHhDN5tZUL3yEzGXKvyJ99Y-eC5bPJNdCX3BiSu_hJ49jCZAuV1TZd89PsVWZS4HvotKanVo68Pi0I4qWEzEANI9rEZTMipAElUgo3-jajCMWiqV9rs2kOPUmdAVoSCTZCWhCmXTLBO0Z-Jg01UrFTsrcVKoJJaD31ot680MWu5c7uOPSkA9BIQa9pkX4iMwlnhnit4_2IvfLG2ytN3WwjsOLkFHrPs1MW6zLEW8ShENIkirzedDvN_GBtnpaL141RGUrfppbPMHhgLTKDE-fzj060B890EsTD-E5f6pCQ-K4UYD15BIAISfxWxO0-oYtgJCNLqYWG3mR7SP89KUPzQ8RmQD-Hp3yC7tukGATy5LcmngCj9OriHUO3hx20h3Xu4qh84EIKup2P0fJDlryHssQ1IxeY4wEnx0gk8xr5F2Sx_Ui_H3K56eimtJQBr0mbrlJjC3feNX95li2KrsPuJ3txpknJ5yJGgYFrsEFOiJcyO0wlQhy0ZwsCV6oNgslYhZaFNmY0NStXF4knQXj374g4zkVDKEP519SRnEwL71Bkw80ErbXOWZ2QPeDIWLBULZ9nYYe51aTwH5H6MctEN6CIR4bMYgKpySAxMrjdkAsV_g0zhoiPF1DeyYZmD3NSXN10d6QQsQ1nHJBwwPCMpPzN-i-Y7Xz1wHfioyWZwmomkuuY3XnVouEWxhihe8TXnMOxmt-d9lEHL9LRt90TC9XtxM_1_ATYMCFic8tndPz7mTLSHk0liFObws0uOoYc7W9GXsZ8GGc0xmYFgCYOX7Ew-cmu5CdY_3S3DANxHM_L0wRqjzHIUbDuc-o2mjxpcU5cAf3LfCjd4a2QX9cosGWISu-i7i6bylSZhuB2BupEbs9o4PJ2t9BMe-2A3YP6tQrMOhmUVqCvVWyzaesdtXDrPAV_7TKr3dukhycLktJa8haaHMgZxZ76RsjvACtSCIu_ZS1KiPSmxG7fsEWkk2hNyirycAqk1aQaFBbT2Nq7F_H9pFpPTA-bJ4CXtCd4R2GiB5r2pxnY
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:35 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
pagead2.googlesyndication.com/bg/ Frame E17C
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 06:44:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
115467
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16118
x-xss-protection
0
last-modified
Thu, 20 Oct 2022 10:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Nov 2023 06:44:08 GMT
HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
pagead2.googlesyndication.com/bg/ Frame 6831
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 06:44:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
115467
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16118
x-xss-protection
0
last-modified
Thu, 20 Oct 2022 10:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Nov 2023 06:44:08 GMT
HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
pagead2.googlesyndication.com/bg/ Frame FBC6
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 06:44:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
115467
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16118
x-xss-protection
0
last-modified
Thu, 20 Oct 2022 10:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Nov 2023 06:44:08 GMT
lv_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
s0.2mdn.net/4528404/ Frame 59AB
131 KB
131 KB
Image
General
Full URL
https://s0.2mdn.net/4528404/lv_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d31608fffd7815c6e08ee7491a4379337711eea27e25815793d885cc0115dbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=2XFlhVqEF4&t=1&renderingType=2&ev=01_247
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 08:13:25 GMT
x-content-type-options
nosniff
age
23710
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
134345
x-xss-protection
0
last-modified
Thu, 13 Oct 2022 11:22:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 04 Nov 2022 08:13:25 GMT
09302022-090225761-l720x610_stoerer-gbplusdd45da6a-b9ac-4a7c-9506-d902c6e1e866.png
s0.2mdn.net/4528404/ Frame 59AB
51 KB
51 KB
Image
General
Full URL
https://s0.2mdn.net/4528404/09302022-090225761-l720x610_stoerer-gbplusdd45da6a-b9ac-4a7c-9506-d902c6e1e866.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4f957b6c62240993ac2d71892a49ca5485164fc9e18668368d11f4ea690f00b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=2XFlhVqEF4&t=1&renderingType=2&ev=01_247
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 07:00:05 GMT
x-content-type-options
nosniff
age
28110
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52002
x-xss-protection
0
last-modified
Fri, 30 Sep 2022 16:02:25 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 04 Nov 2022 07:00:05 GMT
lv_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
s0.2mdn.net/4528404/ Frame 7E1C
131 KB
131 KB
Image
General
Full URL
https://s0.2mdn.net/4528404/lv_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d31608fffd7815c6e08ee7491a4379337711eea27e25815793d885cc0115dbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=CCfblklzsh&t=1&renderingType=2&ev=01_247
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 08:13:25 GMT
x-content-type-options
nosniff
age
23710
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
134345
x-xss-protection
0
last-modified
Thu, 13 Oct 2022 11:22:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 04 Nov 2022 08:13:25 GMT
09302022-090225761-l720x610_stoerer-gbplusdd45da6a-b9ac-4a7c-9506-d902c6e1e866.png
s0.2mdn.net/4528404/ Frame 7E1C
51 KB
51 KB
Image
General
Full URL
https://s0.2mdn.net/4528404/09302022-090225761-l720x610_stoerer-gbplusdd45da6a-b9ac-4a7c-9506-d902c6e1e866.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4f957b6c62240993ac2d71892a49ca5485164fc9e18668368d11f4ea690f00b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=CCfblklzsh&t=1&renderingType=2&ev=01_247
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 07:00:05 GMT
x-content-type-options
nosniff
age
28110
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52002
x-xss-protection
0
last-modified
Fri, 30 Sep 2022 16:02:25 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 04 Nov 2022 07:00:05 GMT
lv_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
s0.2mdn.net/4528404/ Frame DD2E
131 KB
131 KB
Image
General
Full URL
https://s0.2mdn.net/4528404/lv_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d31608fffd7815c6e08ee7491a4379337711eea27e25815793d885cc0115dbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=v5JKLw99cE&t=1&renderingType=2&ev=01_247
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 08:13:25 GMT
x-content-type-options
nosniff
age
23710
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
134345
x-xss-protection
0
last-modified
Thu, 13 Oct 2022 11:22:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 04 Nov 2022 08:13:25 GMT
09302022-090225761-l720x610_stoerer-gbplusdd45da6a-b9ac-4a7c-9506-d902c6e1e866.png
s0.2mdn.net/4528404/ Frame DD2E
51 KB
51 KB
Image
General
Full URL
https://s0.2mdn.net/4528404/09302022-090225761-l720x610_stoerer-gbplusdd45da6a-b9ac-4a7c-9506-d902c6e1e866.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4f957b6c62240993ac2d71892a49ca5485164fc9e18668368d11f4ea690f00b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=v5JKLw99cE&t=1&renderingType=2&ev=01_247
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 07:00:05 GMT
x-content-type-options
nosniff
age
28110
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52002
x-xss-protection
0
last-modified
Fri, 30 Sep 2022 16:02:25 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 04 Nov 2022 07:00:05 GMT
lv_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
s0.2mdn.net/4528404/ Frame 59AB
131 KB
131 KB
Image
General
Full URL
https://s0.2mdn.net/4528404/lv_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d31608fffd7815c6e08ee7491a4379337711eea27e25815793d885cc0115dbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=2XFlhVqEF4&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 08:13:25 GMT
x-content-type-options
nosniff
age
23710
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
134345
x-xss-protection
0
last-modified
Thu, 13 Oct 2022 11:22:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 04 Nov 2022 08:13:25 GMT
lv_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
s0.2mdn.net/4528404/ Frame DD2E
131 KB
131 KB
Image
General
Full URL
https://s0.2mdn.net/4528404/lv_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d31608fffd7815c6e08ee7491a4379337711eea27e25815793d885cc0115dbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=v5JKLw99cE&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 08:13:25 GMT
x-content-type-options
nosniff
age
23710
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
134345
x-xss-protection
0
last-modified
Thu, 13 Oct 2022 11:22:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 04 Nov 2022 08:13:25 GMT
lv_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
s0.2mdn.net/4528404/ Frame 7E1C
131 KB
131 KB
Image
General
Full URL
https://s0.2mdn.net/4528404/lv_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9150192991151314574/1661867165592.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d31608fffd7815c6e08ee7491a4379337711eea27e25815793d885cc0115dbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9150192991151314574/index.html?e=69&leftOffset=0&topOffset=0&c=CCfblklzsh&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 08:13:25 GMT
x-content-type-options
nosniff
age
23710
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
134345
x-xss-protection
0
last-modified
Thu, 13 Oct 2022 11:22:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 04 Nov 2022 08:13:25 GMT
page-data.json
www.file.io/page-data/login/
0
619 B
Other
General
Full URL
https://www.file.io/page-data/login/page-data.json
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.file.io/
Origin
https://www.file.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 06:39:00 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-request-id
TDTZ25AQBX5EJSGW
x-amz-cf-pop
FRA2-C1
age
29376
x-cache
Hit from cloudfront
content-length
135
x-amz-id-2
2jlVRRpzl5+m4qbA4nnbYicGEF/ECYDt9DteVRSPBSPV6a406VHupHXDdh0Eg0XjjF8qbxEq8XY=
last-modified
Mon, 24 Oct 2022 09:05:44 GMT
server
AmazonS3
etag
"4f561e1f747160f0e60849c13facafec"
vary
Accept-Encoding
content-type
application/json
cache-control
public, max-age=0, s-maxage=86400
accept-ranges
bytes
x-amz-cf-id
TLWKoSwF4ODIf75ItUaQmetgOkO963uyotfxjM_JqaYNoy8kS6x-4Q==
page-data.json
www.file.io/page-data/plans/
0
626 B
Other
General
Full URL
https://www.file.io/page-data/plans/page-data.json
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.file.io/
Origin
https://www.file.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 06:01:39 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-request-id
3XWCEG4WHQNFCQ23
x-amz-cf-pop
FRA2-C1
age
31617
x-cache
Hit from cloudfront
content-length
141
x-amz-id-2
KYTeSyxN9KTx2P9FSry+SxMGlsq74YQ77+yKkMDV6JUFkJCh1pYdcUXEfabkanheZiCOxN70QRw=
last-modified
Mon, 24 Oct 2022 09:05:44 GMT
server
AmazonS3
etag
"1022652c2bef86b84cb16cd11c50b2ca"
vary
Accept-Encoding
content-type
application/json
cache-control
public, max-age=0, s-maxage=86400
accept-ranges
bytes
x-amz-cf-id
viK5iPyn69z1-Ll-YXfohrMTkxkcHmdIj1q4gQcqdX4mYxLgB744ew==
page-data.json
www.file.io/page-data/developers/
0
649 B
Other
General
Full URL
https://www.file.io/page-data/developers/page-data.json
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.file.io/
Origin
https://www.file.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 06:01:39 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-request-id
3XW5PGC9GJ2A3BYC
x-amz-cf-pop
FRA2-C1
age
31617
x-cache
Hit from cloudfront
content-length
163
x-amz-id-2
jno2lC0qZ38OS4HCF+ITV1WpSqSkgXCt3OvCqSpI/yGM0LhC/NsUBPM2PxNLbSmFn3qkM+s6P18=
last-modified
Mon, 24 Oct 2022 09:05:44 GMT
server
AmazonS3
etag
"d7bc956a5292f7440e9ca53e421dd579"
vary
Accept-Encoding
content-type
application/json
cache-control
public, max-age=0, s-maxage=86400
accept-ranges
bytes
x-amz-cf-id
0FpgjS0LIl_MDdwK6Gnw8u08bFQcf1vCixAgGnOMwrrSXejui8UUig==
page-data.json
www.file.io/page-data/signup/
0
621 B
Other
General
Full URL
https://www.file.io/page-data/signup/page-data.json
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.file.io/
Origin
https://www.file.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 04:43:26 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-request-id
7NG3D4RX9EWTTKKG
x-amz-cf-pop
FRA2-C1
age
36310
x-cache
Hit from cloudfront
content-length
137
x-amz-id-2
BJCQVc+rdFZGM2ONKmbMeRpziL4nS82iEixBYKSTWATNHSitYtUlKhxs6VARZmYdjip77aacxYo=
last-modified
Mon, 24 Oct 2022 09:05:44 GMT
server
AmazonS3
etag
"68baf9ac2f5dcaef64744f1f45d71de0"
vary
Accept-Encoding
content-type
application/json
cache-control
public, max-age=0, s-maxage=86400
accept-ranges
bytes
x-amz-cf-id
i0W4cTA81igBiV4YNIvB73oNnV7B63MDWE3OENyHwUg1-AGtkjaDOg==
page-data.json
www.file.io/page-data/developers/
163 B
649 B
XHR
General
Full URL
https://www.file.io/page-data/developers/page-data.json
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3d24d1573c1b136838cd4bafda3617fdd7eaf262737f1b491a0067d12de8f68d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 06:01:39 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-request-id
3XW5PGC9GJ2A3BYC
x-amz-cf-pop
FRA2-C1
age
31617
x-cache
Hit from cloudfront
content-length
163
x-amz-id-2
jno2lC0qZ38OS4HCF+ITV1WpSqSkgXCt3OvCqSpI/yGM0LhC/NsUBPM2PxNLbSmFn3qkM+s6P18=
last-modified
Mon, 24 Oct 2022 09:05:44 GMT
server
AmazonS3
etag
"d7bc956a5292f7440e9ca53e421dd579"
vary
Accept-Encoding
content-type
application/json
cache-control
public, max-age=0, s-maxage=86400
accept-ranges
bytes
x-amz-cf-id
QGKrU1qsF6Hr4ZP6rrtK2STRmMMkU3R1GSi2Q78R9Sc5X0O3umwoOg==
page-data.json
www.file.io/page-data/signup/
137 B
621 B
XHR
General
Full URL
https://www.file.io/page-data/signup/page-data.json
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e04fac291ed7390663cdbe1edec4d3565b60f84191a9827009bcb75b823dc635

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 04:43:26 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-request-id
7NG3D4RX9EWTTKKG
x-amz-cf-pop
FRA2-C1
age
36310
x-cache
Hit from cloudfront
content-length
137
x-amz-id-2
BJCQVc+rdFZGM2ONKmbMeRpziL4nS82iEixBYKSTWATNHSitYtUlKhxs6VARZmYdjip77aacxYo=
last-modified
Mon, 24 Oct 2022 09:05:44 GMT
server
AmazonS3
etag
"68baf9ac2f5dcaef64744f1f45d71de0"
vary
Accept-Encoding
content-type
application/json
cache-control
public, max-age=0, s-maxage=86400
accept-ranges
bytes
x-amz-cf-id
GnY9kfP5Y0wBYGthQlrcSf0CbVKYJpUPzY4tTncjpH6SQhhdIK3I-g==
page-data.json
www.file.io/page-data/plans/
141 B
625 B
XHR
General
Full URL
https://www.file.io/page-data/plans/page-data.json
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9ce5f47fb6595364ea9e3e39c26a32068095811aa5f761c095390abcbde493ed

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 06:01:39 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-request-id
3XWCEG4WHQNFCQ23
x-amz-cf-pop
FRA2-C1
age
31617
x-cache
Hit from cloudfront
content-length
141
x-amz-id-2
KYTeSyxN9KTx2P9FSry+SxMGlsq74YQ77+yKkMDV6JUFkJCh1pYdcUXEfabkanheZiCOxN70QRw=
last-modified
Mon, 24 Oct 2022 09:05:44 GMT
server
AmazonS3
etag
"1022652c2bef86b84cb16cd11c50b2ca"
vary
Accept-Encoding
content-type
application/json
cache-control
public, max-age=0, s-maxage=86400
accept-ranges
bytes
x-amz-cf-id
BsepcQ1_hAoL9TlVpBBCeeVze2MyJH-8n7lAT9V-WsCwUD7cIcY8MQ==
component---src-pages-signup-js-1a83f5fd1238ade6fa23.js
www.file.io/
0
7 KB
Other
General
Full URL
https://www.file.io/component---src-pages-signup-js-1a83f5fd1238ade6fa23.js
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 09:08:15 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:42 GMT
server
AmazonS3
x-amz-request-id
B7RBSF5MRZCDY1HQ
x-amz-cf-pop
FRA2-C1
etag
W/"095f55f0ba100895ad857054e6e6b681"
age
884421
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
nPo-metCxpkDXVFIdFsBDyfgjwBTNJhgDq6BKRWj_13rzb2p64fmQg==
x-amz-id-2
RH8kvY01kCV8Ls4t5OiglMqKDBWGxen+vK7RSB5lQhuQHWXFGWxAqt8GWeCjaAJVYyrualRTXcs=
component---src-pages-developers-index-js-bb30e90ccc1dc87181bd.js
www.file.io/
0
169 KB
Other
General
Full URL
https://www.file.io/component---src-pages-developers-index-js-bb30e90ccc1dc87181bd.js
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 00:49:57 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:40 GMT
server
AmazonS3
x-amz-request-id
B6KJAEQS9M5P41CX
x-amz-cf-pop
FRA2-C1
etag
W/"173768e620742d36cc9423a97819e683"
age
655119
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
Y-ffQL4tgyi9C_-BVnzpue_tXxYHAdlSY_ZfxMWUxft64coX75BmZA==
x-amz-id-2
zp2Vs4ldiDIECQHhPy2VnblhEmkdw9EJGTxyAJ1Lm9VbesJRhZoGG0SjaL/nzp/sSKnaZKhkEej1fLWSjlX13g==
component---src-pages-plans-index-js-96d405d5fd543f9313a9.js
www.file.io/
0
939 B
Other
General
Full URL
https://www.file.io/component---src-pages-plans-index-js-96d405d5fd543f9313a9.js
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 07:18:23 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:41 GMT
server
AmazonS3
x-amz-request-id
HVX0NSBE59A75QN5
x-amz-cf-pop
FRA2-C1
etag
"8139bb6ed64141936a03214f930ef478"
age
286213
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
473
x-amz-id-2
4GHxeJDUbvroFbH2d/wXoJwM3ytEyMmFw0fTDM1PDihEb6ybSa2UdKGi4VrI87cYElTXPiqPj2Y=
x-amz-cf-id
A1gj-U7ON3fowzgO2SlUvYKG-va4q3OV1aRevcr-qiFlM7eSXyq6ow==
page-data.json
www.file.io/page-data/login/
135 B
619 B
XHR
General
Full URL
https://www.file.io/page-data/login/page-data.json
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
62242328d378c674e8a96cf868969dbcb45f278c5750be3981d7bdb2b5a00c68

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 06:39:00 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-request-id
TDTZ25AQBX5EJSGW
x-amz-cf-pop
FRA2-C1
age
29377
x-cache
Hit from cloudfront
content-length
135
x-amz-id-2
2jlVRRpzl5+m4qbA4nnbYicGEF/ECYDt9DteVRSPBSPV6a406VHupHXDdh0Eg0XjjF8qbxEq8XY=
last-modified
Mon, 24 Oct 2022 09:05:44 GMT
server
AmazonS3
etag
"4f561e1f747160f0e60849c13facafec"
vary
Accept-Encoding
content-type
application/json
cache-control
public, max-age=0, s-maxage=86400
accept-ranges
bytes
x-amz-cf-id
OyUMQFCS1OcCdbtLm1GJuzuOwMsDqUnB_cBVrV5Ko3UYgCQSvd-seg==
component---src-pages-login-js-8b4ef13d8d99765162da.js
www.file.io/
0
6 KB
Other
General
Full URL
https://www.file.io/component---src-pages-login-js-8b4ef13d8d99765162da.js
Requested by
Host: www.file.io
URL: https://www.file.io/app-438588750f6b6905c6ff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-97.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.file.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 09:08:15 GMT
content-encoding
br
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 09:05:41 GMT
server
AmazonS3
x-amz-request-id
B7R1SJGZTRXMPQZX
x-amz-cf-pop
FRA2-C1
etag
W/"42d35658c40d04d6d2845a41aded67f8"
age
884422
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
r0FQevoG3r1gjV3sXkPls0RDCYWUuUd9OVAY0eiRg3_e4oWee3DD9g==
x-amz-id-2
+5abAOeyBkZnZRrQ+EvIMb02ALT/cm4+O6c6tudEYBdHnXW5BHzFN0wUvZj7z1gGQqGJeBjdOTE=
activeview
pagead2.googlesyndication.com/pcs/ Frame 3621
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv5yCpqGyxqlLl5DpnyaDsEfDMAPaQB3wiBqdDUCg-U2iAB8HEoOiQkocjX6Pdw0xkZWn_o4cXQ3qnXq3wublF27Dfh6j9emYDycPmJQyLsQBe-DHykepRrX54ik0B0N9wlvZZOinA&sai=AMfl-YT5OGjxdIpEuK_ou8rBB4ZskOAIvfJXVAlm7SMkOH8s04LWcgMA47XDK8Qt4pfewAwTzHKEsVkEty3bGFKiZc6u-Y3pyNm0Evd1je2WKOVRa0htLSE4JHu-mn5so0wT2A&sig=Cg0ArKJSzFVHyDABdY0hEAE&cid=CAQSPgDq26N9o1qNCJKbap5XTFWn5fPdy-dkSIc06EsTAPjGe4zxG55c5zIABEt2SXmAO5BZVGtjhf9rtx65S8YOGAEgDg&id=lidar2&mcvt=1000&p=328,652,368,693&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221102&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2093335146&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1667486914521&rpt=476&isd=0&lsd=0&met=ie&wmsd=0&pbe=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:36 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame B470
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu_YodZXaq6YDqRYBhafrpfhxbM5gr8a27p9d6FaWhekusOB-45nemKS1vVUsXjJ2GzuREiASOleSYP_6yRKhWV9m-efYB_dDmLMYpmFwBbz-WwI7LFHQGSMZ7lNMkJeB9urhP5624&sai=AMfl-YQhELj5cM5Rp_7BnENkl9FSlq-nJBS-fVWaEYJFjJ3Xfacy0LTtRgNXtIQ1_Ibh3vI8gaLktH4rea-JQFkt8OHVX3nctUI_NpkDe4iEyQEv0LK0xg6K0rHYbOvvE2gMGg&sig=Cg0ArKJSzBAyOxfDKdmKEAE&cid=CAQSPgDq26N9o1qNCJKbap5XTFWn5fPdy-dkSIc06EsTAPjGe4zxG55c5zIABEt2SXmAO5BZVGtjhf9rtx65S8YOGAEgDg&id=lidar2&mcvt=1000&p=328,1478,368,1519&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221102&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2065559030&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1667486914530&rpt=526&isd=0&lsd=0&met=ie&wmsd=0&pbe=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:36 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame F7E6
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss3Im3iLpZMZeNge95KEy5UBzacU1xCUh85D7gYs-kiuTYXNQ97VX2nlijNg6-J3PVfCDpiKe57PHC0_-90aCiO5qEw96Mt4Ye2mshYCSy241iA15ExAfrngCYT3FnQ7iVlSNY-f0A&sai=AMfl-YQVoGSUVYAmcyuu_BfKdvvlebecY6yQGGr8_9l0-9U4wIzc9eDXnYXgdWj9dxEY3xm9MrS5fWjd_jO0_G7HHCBsafF2QcAvvXuGzZroJkimIC3z8-xOYhwj9r5on3gHYQ&sig=Cg0ArKJSzPOGlYJf1EgqEAE&cid=CAQSPgDq26N9o1qNCJKbap5XTFWn5fPdy-dkSIc06EsTAPjGe4zxG55c5zIABEt2SXmAO5BZVGtjhf9rtx65S8YOGAEgDg&id=lidar2&mcvt=1006&p=328,1065,368,1106&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20221102&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3306312227&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1667486914524&rpt=511&isd=0&lsd=0&met=ie&wmsd=0&pbe=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:36 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pbjs
sync.quantumdex.io/usersync/ Frame 3599
4 KB
1 KB
Document
General
Full URL
https://sync.quantumdex.io/usersync/pbjs
Requested by
Host: www.file.io
URL: https://www.file.io/scripts/prebid7.18.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ce2eb70b5b6ac581034575808ff00ed9033c1d952c11ca37d9520b3377f9708

Request headers

Referer
https://www.file.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
7645e96a18b8bb97-FRA
content-encoding
gzip
content-type
text/html
date
Thu, 03 Nov 2022 14:48:36 GMT
server
cloudflare
setuid
sync.quantumdex.io/ Frame 3599
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58424/occ
  • https://ups.analytics.yahoo.com/ups/58424/occ?verify=true
  • https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-0XkTGqNE2uHtE2Pe92GWmuecYph9TGzqw8lc1G0-~A
43 B
94 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-0XkTGqNE2uHtE2Pe92GWmuecYph9TGzqw8lc1G0-~A
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
H2
Server
2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:36 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
7645e96baca8bb97-FRA
content-length
43
content-type
image/gif

Redirect headers

location
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-0XkTGqNE2uHtE2Pe92GWmuecYph9TGzqw8lc1G0-~A
date
Thu, 03 Nov 2022 14:48:36 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.25
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
/
s.ad.smaato.net/c/ Frame 3599
0
241 B
Image
General
Full URL
https://s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:6400:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:36 GMT
cache-control
no-cache, must-revalidate
via
1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
57ADSM-c2jJZJ23Zzra-1VBY7xBNCOYowpxtQ3hgYAgbMbpxlpnQUA==
x-cache
FunctionGeneratedResponse from cloudfront
setuid
sync.quantumdex.io/ Frame 3599
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
  • https://sync.quantumdex.io/setuid?bidder=appnexus&uid=4641496546696765454
43 B
105 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=4641496546696765454
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
H2
Server
2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:36 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
7645e96b1b41bb97-FRA
content-length
43
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:36 GMT
AN-X-Request-Uuid
3054e026-b1db-40d8-80e6-8f524a844fe4
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=4641496546696765454
Connection
keep-alive
X-Proxy-Origin
217.114.215.133; 217.114.215.133; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
sync.quantumdex.io/ Frame 3599
Redirect Chain
  • https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
  • https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1
  • https://sync.quantumdex.io/setuid?bidder=between&uid=e1a76d75-437a-5233-ac6f-9beecf0c4f2a
43 B
94 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=between&uid=e1a76d75-437a-5233-ac6f-9beecf0c4f2a
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
H2
Server
2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:36 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
7645e96bbcc4bb97-FRA
content-length
43
content-type
image/gif

Redirect headers

location
https://sync.quantumdex.io/setuid?bidder=between&uid=e1a76d75-437a-5233-ac6f-9beecf0c4f2a
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
pixel
ap.lijit.com/ Frame 3599
0
277 B
Image
General
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 03 Nov 2022 14:48:36 GMT
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
0.gif
id5-sync.com/i/495/ Frame 3599
43 B
1 KB
Image
General
Full URL
https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.65 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216659.ip-141-95-98.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type
image/gif;charset=UTF-8
date
Thu, 03 Nov 2022 14:48:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding
chunked
p3p
CP="CAO PSA OUR"
v1
match.sharethrough.com/FGMrCMMc/ Frame 3599
0
36 B
Image
General
Full URL
https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.59.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-59-146.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:36 GMT
setuid
sync.quantumdex.io/ Frame 3599
Redirect Chain
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dmedianet%26uid%3D%3C...
  • https://sync.quantumdex.io/setuid?bidder=medianet&uid=0000EEA
43 B
94 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=medianet&uid=0000EEA
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
H2
Server
2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:36 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
7645e96bcce6bb97-FRA
content-length
43
content-type
image/gif

Redirect headers

pragma
no-cache
strict-transport-security
max-age=86400 ; includeSubDomains, max-age=604800
date
Thu, 03 Nov 2022 14:48:36 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
location
https://sync.quantumdex.io/setuid?bidder=medianet&uid=0000EEA
content-type
text/html
cache-control
max-age=0, no-cache, no-store
content-length
154
x-mnet-hl2
E
expires
Thu, 03 Nov 2022 14:48:36 GMT
setuid
sync.quantumdex.io/ Frame 3599
Redirect Chain
  • https://ssp.disqus.com/redirectuser/?partner=valueimpression&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dzeta-global%26uid%3DBUYERUID
  • https://sync.go.sonobi.com/us?gdpr=0&gdpr_consent=&us_privacy=&loc=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D18%26buyeruid%3D%5BUID%5D%26r%3DCid1YS0zYTZiYzFkYS1kYmQzLTM2OGUtYjkyNS03YjZjMDMwMD...
  • https://ssp.disqus.com/match?bidder=18&buyeruid=c1e20704-75da-478f-a098-75759a614b48&r=Cid1YS0zYTZiYzFkYS1kYmQzLTM2OGUtYjkyNS03YjZjMDMwMDk0ZWIqYGh0dHBzOi8vc3luYy5xdWFudHVtZGV4LmlvL3NldHVpZD9iaWRkZX...
  • https://sync.quantumdex.io/setuid?bidder=zeta-global&uid=ua-3a6bc1da-dbd3-368e-b925-7b6c030094eb
43 B
118 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=zeta-global&uid=ua-3a6bc1da-dbd3-368e-b925-7b6c030094eb
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
H2
Server
2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:37 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
7645e9733ef4bb97-FRA
content-length
43
content-type
image/gif

Redirect headers

location
https://sync.quantumdex.io/setuid?bidder=zeta-global&uid=ua-3a6bc1da-dbd3-368e-b925-7b6c030094eb
pragma
no-cache
date
Thu, 03 Nov 2022 14:48:37 GMT
cache-control
no-store
content-length
0
vary
origin
expires
0
usermatch
ssum-sec.casalemedia.com/ Frame A6F1
2 KB
1 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.19.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8d37c18367154bfd466d2934976b52528d52339ab310dc21d9856524c732914

Request headers

Referer
https://sync.quantumdex.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
7645e96b4fe96919-FRA
content-encoding
br
content-type
text/html
date
Thu, 03 Nov 2022 14:48:36 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PgssDxRxXYQX5%2BcBxDpSryktSK9Tb%2Bhsus3Tbo30oLKhYqRWUL7zZit2ORC4yLC36LBsLkLLHtGazrgxbLCC3S2xyK2SDUr7Dfz1oHYULGOOKSNEHW35ldc%2BOYDQhmVyXb3rn%2FmGnOLTqg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame D1ED
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://sync.quantumdex.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=75444
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Thu, 03 Nov 2022 14:48:36 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Fri, 04 Nov 2022 11:46:00 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame 5F84
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-valueimpression&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://sync.quantumdex.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 03 Nov 2022 14:48:36 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Thu, 03 Nov 2022 14:48:36 GMT
location
https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
server
AkamaiGHost
/
onetag-sys.com/usync/ Frame F6D4
0
0
Document
General
Full URL
https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://sync.quantumdex.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
strict-transport-security
max-age=15552000
pbsync
usermatch.targeting.unrulymedia.com/ Frame 8820
0
0
Document
General
Full URL
https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.45 Amsterdam, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://sync.quantumdex.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Thu, 03 Nov 2022 14:48:36 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame D1ED
3 KB
3 KB
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=20882715&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
301caa520b87b8bc7a12d39bd865650e8e74ed619d45c6ed0dabde717f7c7dcb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
date
Thu, 03 Nov 2022 14:48:35 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
dcm
s.amazon-adsystem.com/ Frame A6F1
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y2PUwioVRxd9kzhyr6s4ngAADGAAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y2PUwioVRxd9kzhyr6s4ngAADGAAAAAB&dcc=t
43 B
855 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y2PUwioVRxd9kzhyr6s4ngAADGAAAAAB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:36 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
RV4Z2YP9159WEHN07ZT4
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:36 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
XVHG4KHFBVEVDW8GGFAD
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y2PUwioVRxd9kzhyr6s4ngAADGAAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame A6F1
70 B
265 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/casale
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 03 Nov 2022 14:48:36 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usermatchredir
ssum-sec.casalemedia.com/ Frame A6F1
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Y2PUwioVRxd9kzhyr6s4ngAADGAAAAAB&gdpr_consent=&us_privacy=&gdpr=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEJfXZG6UUrZg-4HcFxQb85A&google_cver=1
43 B
876 B
Image
General
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEJfXZG6UUrZg-4HcFxQb85A&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
H3
Server
104.18.19.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64gOAMmtQncrZeTe0VxhEWifxYCf3EMnMeEFNyGr52UTyyswuKxA6WJmWwhodaFrTeRLU%2FPM5sdh2swol5McISbQlUrPVsg6C2uIXKSb7k4yaTmFfKCrGYv2lqeJHSf6gdJSDiq0LwUqew%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
7645e96c4aa5bb7a-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:36 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEJfXZG6UUrZg-4HcFxQb85A&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
342
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Y2PUwioVRxd9kzhyr6s4ngAADGAAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame A6F1
43 B
603 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/Y2PUwioVRxd9kzhyr6s4ngAADGAAAAAB?gdpr_consent=&us_privacy=&gdpr=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:6ee:8b56:8f25:1314 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:36 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
tp_out
d.adroll.com/cm/index/ Frame A6F1
42 B
182 B
Image
General
Full URL
https://d.adroll.com/cm/index/tp_out?advertisable=3GMDZMBFQREVBC75SYYKWH
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.33.112.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-112-15.eu-west-1.compute.amazonaws.com
Software
nginx/1.22.0 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:36 GMT
cache-control
no-transform,public,max-age=300,s-maxage=900
server
nginx/1.22.0
content-length
42
vary
Cookie
content-type
image/gif
crum
dsum-sec.casalemedia.com/ Frame A6F1
Redirect Chain
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:36 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]
date
Thu, 03 Nov 2022 14:48:36 GMT
access-control-allow-credentials
true
x-powered-by
Express
keep-alive
timeout=5
vary
Origin
content-length
0
rum
dsum-sec.casalemedia.com/ Frame A6F1
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=Y2PUxAAAAOhjuwAT
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y2PUxAAAAOhjuwAT&_test=Y2PUxAAAAOhjuwAT
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y2PUxAAAAOhjuwAT&_test=Y2PUxAAAAOhjuwAT
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:36 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

x-served-by
cache-hhn4024-HHN
pragma
no-cache
date
Thu, 03 Nov 2022 14:48:36 GMT
via
1.1 varnish
server
Varnish
x-timer
S1667486917.636911,VS0,VE0
x-cache
HIT
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y2PUxAAAAOhjuwAT&_test=Y2PUxAAAAOhjuwAT
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
crum
dsum-sec.casalemedia.com/ Frame A6F1
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=4641496546696765454
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=4641496546696765454
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:36 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

Pragma
no-cache
Date
Thu, 03 Nov 2022 14:48:36 GMT
AN-X-Request-Uuid
42d44d81-f9cb-4404-9c59-45d7629ebf8d
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=4641496546696765454
Connection
keep-alive
X-Proxy-Origin
217.114.215.133; 217.114.215.133; 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
sync.quantumdex.io/ Frame A6F1
43 B
94 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=ix&uid=Y2PUwioVRxd9kzhyr6s4ngAADGAAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:36 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
7645e96bed1cbb97-FRA
content-length
43
content-type
image/gif
usync.js
eus.rubiconproject.com/ Frame 5F84
33 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
62db81777c2035dfb45fe032a8c60d09f8939b276a9f3088224a2116a684ad17

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Thu, 03 Nov 2022 14:48:36 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Nov 2022 21:42:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=24799
Connection
keep-alive
Content-Length
9883
Expires
Thu, 03 Nov 2022 21:41:55 GMT
match
c1.adform.net/serving/cookie/ Frame ECE2
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=5634CC78-DA28-47AF-B932-36CFA8AD99FE&gdpr=0&gdpr_consent=
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5634CC78-DA28-47AF-B932-36CFA8AD99FE&gdpr=0&gdpr_consent=
35 B
477 B
Document
General
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5634CC78-DA28-47AF-B932-36CFA8AD99FE&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
image/gif
date
Thu, 03 Nov 2022 14:48:36 GMT
expires
-1
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Thu, 03 Nov 2022 14:48:36 GMT
expires
-1
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5634CC78-DA28-47AF-B932-36CFA8AD99FE&gdpr=0&gdpr_consent=
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
Pug
image2.pubmatic.com/AdServer/ Frame 828A
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2608005241808991919
42 B
274 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2608005241808991919
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 03 Nov 2022 14:48:34 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

content-length
0
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2608005241808991919
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
Pug
simage2.pubmatic.com/AdServer/ Frame BA0A
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d1226363-d4c5-4500-be25-b93bd0ab20ff&gdpr=0&gdpr_consent=
42 B
326 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d1226363-d4c5-4500-be25-b93bd0ab20ff&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 03 Nov 2022 14:48:36 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Thu, 03 Nov 2022 14:48:36 GMT
Expires
Thu, 03 Nov 2022 14:48:35 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4629 97bee97 master zrh-pixel-x9 config:1.0.0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d1226363-d4c5-4500-be25-b93bd0ab20ff&gdpr=0&gdpr_consent=
usersync.aspx
dis.criteo.com/dis/ Frame 4799
43 B
363 B
Document
General
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache
content-type
image/gif
cross-origin-resource-policy
cross-origin
date
Thu, 03 Nov 2022 14:48:36 GMT
expires
Thu, 03 Nov 2022 00:00:00 GMT
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
629405
strict-transport-security
max-age=31536000; preload;
x-errorlevel
0
dcm
aax-eu.amazon-adsystem.com/s/ Frame 8C70
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=5634CC78-DA28-47AF-B932-36CFA8AD99FE&redir=true&gdpr=0&gdpr_consent=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=5634CC78-DA28-47AF-B932-36CFA8AD99FE&redir=true&gdpr=0&gdpr_consent=&dcc=t
43 B
855 B
Document
General
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=5634CC78-DA28-47AF-B932-36CFA8AD99FE&redir=true&gdpr=0&gdpr_consent=&dcc=t
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.122.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Thu, 03 Nov 2022 14:48:36 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
24B5W3QC46DYZT6YZ6H1

Redirect headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Date
Thu, 03 Nov 2022 14:48:36 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=5634CC78-DA28-47AF-B932-36CFA8AD99FE&redir=true&gdpr=0&gdpr_consent=&dcc=t
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
KW5T43PABDMZ3MKPZVM5
Pug
image2.pubmatic.com/AdServer/ Frame 2776
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4641496546696765454&gdpr=0&gdpr_consent=
42 B
299 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4641496546696765454&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 03 Nov 2022 14:48:35 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

AN-X-Request-Uuid
cf13df24-07d7-4c16-af62-d669e2abb8f1
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Thu, 03 Nov 2022 14:48:36 GMT
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4641496546696765454&gdpr=0&gdpr_consent=
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma
no-cache
Server
nginx/1.21.3
X-Proxy-Origin
217.114.215.133; 217.114.215.133; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection
0
setuid
sync.quantumdex.io/ Frame 5420
43 B
94 B
Document
General
Full URL
https://sync.quantumdex.io/setuid?bidder=pubmatic&uid=5634CC78-DA28-47AF-B932-36CFA8AD99FE
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
7645e96c3db3bb97-FRA
content-length
43
content-type
image/gif
date
Thu, 03 Nov 2022 14:48:36 GMT
server
cloudflare
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame D1ED
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=VjTMeNooR6-5MjbPqK2Z_g%3D%3D&gdpr=0&gdpr_consent=
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
15 KB
15 KB
Image
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:36 GMT
content-encoding
gzip
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
server
Apache
etag
"1300708-3de4-5d6ef246ef4cf"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=75444
accept-ranges
bytes
content-length
5549
expires
Fri, 04 Nov 2022 11:46:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:36 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame D1ED
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=f8196363-d4c4-4400-bff0-fb0a04d4dd3e
0
261 B
Image
General
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=f8196363-d4c4-4400-bff0-fb0a04d4dd3e
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:34 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 03 Nov 2022 14:48:36 GMT
Server
MT3 4629 97bee97 master zrh-pixel-x26 config:1.0.0
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=f8196363-d4c4-4400-bff0-fb0a04d4dd3e
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 03 Nov 2022 14:48:35 GMT
generic
match.adsrvr.org/track/cmf/ Frame D1ED
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=5634CC78-DA28-47AF-B932-36CFA8AD99FE&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0
70 B
265 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 03 Nov 2022 14:48:36 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0
content-length
0
Pug
image2.pubmatic.com/AdServer/ Frame D1ED
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NTYzNENDNzgtREEyOC00N0FGLUI5MzItMzZDRkE4QUQ5OUZF&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
246 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Thu, 03 Nov 2022 14:48:35 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:36 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame D1ED
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEIKvw9bqe2_YVpI35KCkQfE&google_cver=1
42 B
301 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEIKvw9bqe2_YVpI35KCkQfE&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Thu, 03 Nov 2022 14:48:35 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:36 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEIKvw9bqe2_YVpI35KCkQfE&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame D1ED
43 B
615 B
Image
General
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.204.158.49 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.158.204.35.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 14:48:36 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Wed, 02 Nov 2022 14:48:36 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame D1ED
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3487740793890318401
42 B
449 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3487740793890318401
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Thu, 03 Nov 2022 14:48:36 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 03 Nov 2022 14:48:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3487740793890318401
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
generic
match.adsrvr.org/track/cmf/ Frame D1ED
70 B
266 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 03 Nov 2022 14:48:36 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
khaos.jpg
token.rubiconproject.com/ Frame 5F84
284 B
536 B
Image
General
Full URL
https://token.rubiconproject.com/khaos.jpg?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/jpg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
284
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Verdicts & Comments Add Verdict or Comment

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| GoogleAnalyticsObject function| ga string| pagePath string| ___webpackCompilationHash object| ___chunkMapping object| __LOADABLE_LOADED_CHUNKS__ object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| regeneratorRuntime number| __mobxInstanceCount object| __mobxGlobals object| asyncRequires object| ___emitter object| ___loader function| ___push function| ___replace function| ___navigate object| pbjsChunk object| pbjs object| _pbjsGlobals object| googletag object| ggeac object| google_js_reporting_queue undefined| google_measure_js_timing object| slots object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| GoogleGcLKhOms object| google_image_requests

52 Cookies

Domain/Path Name / Value
.file.io/ Name: _ga
Value: GA1.2.1716036296.1667486912
.file.io/ Name: _gid
Value: GA1.2.202236746.1667486912
.file.io/ Name: _gat
Value: 1
.quantumdex.io/ Name: uid
Value: a23a42c6-3e84-429b-afba-1d9c1a157aab
.file.io/ Name: __gads
Value: ID=3a121f525a29d031-22c0a6b691d600a7:T=1667486913:S=ALNI_Mb22y3euuuY-XI-eu57iPUOD0nWGg
.file.io/ Name: __gpi
Value: UID=00000b1a9b35a837:T=1667486913:RT=1667486913:S=ALNI_Mbxs14t_y3AG1TFRDCzfmzgmfYfKQ
.doubleclick.net/ Name: IDE
Value: AHWqTUmqqIdB9cjJakJA_BpAEEAmtVUoLwUte2QW5cKKcF-dd2Ozizx7sCOUi7TFwp0
.casalemedia.com/ Name: CMID
Value: Y2PUwioVRxd9kzhyr6s4ngAA
.casalemedia.com/ Name: CMPS
Value: 3168
.casalemedia.com/ Name: CMPRO
Value: 3168
.adnxs.com/ Name: uuid2
Value: 4641496546696765454
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2HaRL2>K$!@wnfH8K6pQK`!5=E<*L5?%K3gMKs^7%/^mmH@u)kip.f3B=o.?wM2kws5-$%nugO%v4VB%nm2E)ldr$
.id5-sync.com/ Name: cf
Value:
.id5-sync.com/ Name: cip
Value:
.id5-sync.com/ Name: cnac
Value:
.id5-sync.com/ Name: car
Value:
.id5-sync.com/ Name: gdpr
Value:
.id5-sync.com/ Name: callback
Value:
.ads.pubmatic.com/ Name: KCCH
Value: YES
.yahoo.com/ Name: A3
Value: d=AQABBMTUY2MCECrZ5h3Op7Ghhe7fbjo9-F0FEgEBAQEmZWNtYwAAAAAA_eMAAA&S=AQAAAlPOroIS_N7SxAWKCUFM0_Q
.betweendigital.com/ Name: dc
Value: lux1
.betweendigital.com/ Name: tuuid
Value: e1a76d75-437a-5233-ac6f-9beecf0c4f2a
.betweendigital.com/ Name: ss
Value: 1
.analytics.yahoo.com/ Name: IDSYNC
Value: 192w~2832
.betweendigital.com/ Name: ut
Value: Y2PUxAAGQZCKtDi0ocpgvHS8pTL__0GuVAQYrg==
.media.net/ Name: data-pbs
Value: setstatuscode~~1
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 5634CC78-DA28-47AF-B932-36CFA8AD99FE
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: pi
Value: 0:2
.pubmatic.com/ Name: DPSync3
Value: 1668643200%3A197_219_201%7C1667520000%3A174
.pubmatic.com/ Name: SyncRTB3
Value: 1668643200%3A3_21_13_7_56_220_161_54_251%7C1668729600%3A35
.onaudience.com/ Name: cookie
Value: a2c8e639ba121490
.onaudience.com/ Name: done_redirects147
Value: 1
.mathtag.com/ Name: uuid
Value: d1226363-d4c5-4500-be25-b93bd0ab20ff
.simpli.fi/ Name: suid
Value: FC688AF8DEBD4F65B834BBD5CCE79EA9
.adform.net/ Name: C
Value: 1
.de17a.com/ Name: guid
Value: 1.2608005241808991919
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Y2PUxAAAAOhjuwAT
.casalemedia.com/ Name: CMTS
Value: 5121
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-4641496546696765454&KRTB&23339-4641496546696765454
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEIKvw9bqe2_YVpI35KCkQfE&KRTB&16514-CAESEIKvw9bqe2_YVpI35KCkQfE&KRTB&23025-CAESEIKvw9bqe2_YVpI35KCkQfE&KRTB&23386-CAESEIKvw9bqe2_YVpI35KCkQfE
.adform.net/ Name: uid
Value: 4002662023021397695
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-2608005241808991919
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-3487740793890318401&KRTB&23263-3487740793890318401
.pubmatic.com/ Name: PugT
Value: 1667486916
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:d1226363-d4c5-4500-be25-b93bd0ab20ff&KRTB&16736-uid:d1226363-d4c5-4500-be25-b93bd0ab20ff&KRTB&23019-uid:d1226363-d4c5-4500-be25-b93bd0ab20ff&KRTB&23208-uid:d1226363-d4c5-4500-be25-b93bd0ab20ff
.pubmatic.com/ Name: SPugT
Value: 1667486914
.disqus.com/ Name: zeta-ssp-user-id
Value: ua-3a6bc1da-dbd3-368e-b925-7b6c030094eb
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.amazon-adsystem.com/ Name: ad-id
Value: A4qp7HFkAUuVhDcb9j16rAU
.go.sonobi.com/ Name: __uis
Value: c1e20704-75da-478f-a098-75759a614b48
.go.sonobi.com/ Name: HAPLB8S
Value: s85185|Y2PUy

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

399ad978548c4850e19c4e2f70cbfa75.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
ads.betweendigital.com
ads.pubmatic.com
adservice.google.com
adservice.google.sk
ajax.googleapis.com
ap.lijit.com
bid.glass
c1.adform.net
cm.g.doubleclick.net
d.adroll.com
d5p.de17a.com
dis.criteo.com
dsum-sec.casalemedia.com
eus.rubiconproject.com
file.io
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hbx.media.net
ib.adnxs.com
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
match.adsrvr.org
match.sharethrough.com
onetag-sys.com
pagead2.googlesyndication.com
pixel.onaudience.com
pr-bh.ybp.yahoo.com
s.ad.smaato.net
s.amazon-adsystem.com
s0.2mdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
ssp.disqus.com
ssum-sec.casalemedia.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.adotmob.com
sync.go.sonobi.com
sync.mathtag.com
sync.quantumdex.io
token.rubiconproject.com
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
useast.quantumdex.io
usermatch.targeting.unrulymedia.com
www.file.io
www.google-analytics.com
www.google.com
www.googletagservices.com
104.18.19.126
13.224.189.97
141.94.171.216
141.95.98.65
142.250.186.34
151.101.194.49
178.250.0.163
18.156.0.31
185.183.112.155
185.29.132.245
185.64.189.110
185.64.189.115
185.64.190.80
185.64.190.81
185.80.39.216
188.42.196.115
2001:4860:4802:32::178
213.155.156.168
213.19.147.45
216.58.212.130
23.205.235.133
23.35.228.23
23.35.236.201
2600:9000:20eb:6400:1b:5138:8a40:93a1
2606:4700:10::ac43:2ac9
2a00:1450:4001:800::200a
2a00:1450:4001:803::2004
2a00:1450:4001:806::2001
2a00:1450:4001:808::2006
2a00:1450:4001:80f::2002
2a00:1450:4001:811::2001
2a00:1450:4001:827::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a00:1450:400c:c08::9c
2a05:d018:d29:3602:6ee:8b56:8f25:1314
3.127.59.146
3.213.81.213
3.225.128.227
3.33.220.150
35.204.158.49
37.157.6.247
37.252.173.38
37.252.173.62
51.75.86.98
52.46.143.56
52.95.122.74
63.33.112.15
64.20.35.44
69.166.1.12
69.173.144.138
72.251.249.9
96.16.141.156
0081ebc6259e90b38bd84a9474508b1f3982ec53e0f9b5a2564881690be27bc9
0b72eb0324a818be910dabcb01ca472955f5218045548cae5a2d116c91e4f599
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c26538c0de1d47480d898d2ef153cd6207cfea4f14933d0f0e7a4313b292386
10dcaaf69bd430ace51c25e2c8a0d676faaedf2bce0acabaa1def47c7bcc0ad3
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
15a6c1f335e08bfbef5ddca3572088dfa897eaa5a7c020885e33a73e769e2833
17a9b1943f50a130af854afbd05878dc7f26f835a127531ee7c785522731818b
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
19358326caaeb1ae753c10b461bdd9a6ea351654ed4608a643f2e85ff4a77959
1973c59776e5bbd8b11fa3fab9b12ba5ab1fb670a71e7768ae54d43d79c0e92f
1cd6dc991527a540b47fcb612476b56efeff3beff9ddd260d31af7e1a0939b8c
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d
1febd05863543deec054ba709e090a74a7e17cccad0cc4c18a3d9aa42be2de29
2030e278a681663d2dedd6ed24b6cc0baba1da3df22a5db62d3d428c2cf0bcfc
2348071df1fe1bc293b01b8bc017b9c03c3c63bf2509612dc8ecc4e767e8bd7c
27b75a7887b7fd3716f7abff1ede95e77201eab7cbb4cc167d250c2082a56871
280d9cb374b03e01072f2db3b7f1dd3c2d767e601c52212d7393f4f7158a08dd
2b97688e60e96072449ce8af99618b05a0fff71a94bc1f8905f876bd9318c93d
2c6c40892eeac45630835e71ea88a7bee39454223bc54fdeae25ed642cb11a6f
301caa520b87b8bc7a12d39bd865650e8e74ed619d45c6ed0dabde717f7c7dcb
30a6ae785e6cd932d468df3abe3a4083a6e03e0d7df9ea01da31cbec7c833c2d
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
36e52c23f9b0829f02c4cf7524cab2891d4f8dfdd123e8f4d20500625e1656b1
3bfbb8f42b3e79f5e8093d4459dbc75d1c9cb481c5c13c31b34ffc1890f0b787
3d24d1573c1b136838cd4bafda3617fdd7eaf262737f1b491a0067d12de8f68d
3d31608fffd7815c6e08ee7491a4379337711eea27e25815793d885cc0115dbd
3da0e43e9cf8fa4cf33b0e8aa683493281ed4734ebdc152e7ba9a90f4d2cd0f9
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4989bc93c351231cf57c606028d58c3c35ec23a469cfe4475195db035df17fd0
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f957b6c62240993ac2d71892a49ca5485164fc9e18668368d11f4ea690f00b2
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5467779bb4c774feb582e4066d9bc4d4f7798fed06a721ef5ab2e527ac4dcfbe
550ab21efca931c1ceb70f6b54a221e27137c3556dfa2b9bb361410f36440a9b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58174fa028b2681d2f4ca49c97cca5ec0967c1429ac25487826ccf0e2f8afc0f
5ebd2e1b961bbef77f1bf08b08af4dad8e349dfdf2bfcf7272d314c49cf23276
5f1a813444a601137953bf9b281a3c1f6ff0a37914eb8a51b521e95295c0c607
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62242328d378c674e8a96cf868969dbcb45f278c5750be3981d7bdb2b5a00c68
62db81777c2035dfb45fe032a8c60d09f8939b276a9f3088224a2116a684ad17
6a1aa3bcfd973ebc6bf69ae5551f82e379e0f362be2b09c3381857b41b1d97f3
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ce2eb70b5b6ac581034575808ff00ed9033c1d952c11ca37d9520b3377f9708
6e09a6d66cea44aed01cd3c0e4224d8ec505d0ef42af7a3184f6e7523bc5b462
71d49d865114d9bb25bfdfc0272b738cdfd771749b21360ce5fb40eee3b4d986
73223b29ef8f9997f60ee62fc27ab501a9fd59db27f8f180ad726071cd659b14
74c145c786d91070055b7dbb15449cb26fea942f6af265ef4aaaaca0758f024a
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
8560c8b4b9be64921206abb4f7bb91e6f408fd00ecd9314998e8b57c43898ecb
85f08b5f51e36ca7e961a033c6bb61d7f0e44aa0984646383ecac648e98fdcc8
870981ad8d93bcec8b2a487ee4efb161adf0241410ecec1fcb33c14a994555e8
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e64ece70e36a6959f180c175b0bfee4d46960579cb7e56d19fdeb4839d4c9d1
94a057fa3a8cb5ddac308191c23926e496ed8874cc71e6640806a09760e6732a
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
9ce5f47fb6595364ea9e3e39c26a32068095811aa5f761c095390abcbde493ed
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1dc61a1ec299faace8c3bdc4de4993df47b4ac8e513c15cb0da57ecd8eb4681
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3ada068479e37083f09e08e6d1784a3355c9cf16c6b4d78909dc606220ce7ef
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d044ee74f8fa3db2665169beb777c84298dfcf3576597e286173ba1c77981eb7
d2b39ffcc4994277d64afbdc2fdf1f9320dd33207dba07a324f21a1bb67d4a27
d4827b4382942d50b4fde2add4cef0d770dd3ba602e5a5906c9134f215fbfc09
d8cb7fbdd1d95c5e5945676dab0a6572eea9ac679815e863e3c1a25abe149769
d8d37c18367154bfd466d2934976b52528d52339ab310dc21d9856524c732914
e04fac291ed7390663cdbe1edec4d3565b60f84191a9827009bcb75b823dc635
e2d1a983992cae01535892ae16448262c8f161d1d51804dd726df4901355f66c
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ec350dbc6117aa7cbe6795c6dc5697e26a6e936ba871a2266a1422f52e131a7a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fb26ba7d6c1e90849f333847be322f55b4de508d294467d7c8a7f1cd70d366f0
fbd144a071030b8e0ed1ceba65c6b245ceed3bcceb9b2e427992e931eff9ccfc