urlscan.io logo urlscan.io
SecurityTrails logo

filecr.com Open in urlscan Pro
2606:4700:3031::6815:3106  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://filecr.com/windows/microsoft-office//?id=6320067552
Effective URL: https://filecr.com/windows/microsoft-office?id=6347414880
Submission: On February 09 via manual from IE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 73 IPs in 11 countries across 74 domains to perform 360 HTTP transactions. The main IP is 2606:4700:3031::6815:3106, located in United States and belongs to CLOUDFLARENET, US. The main domain is filecr.com. The Cisco Umbrella rank of the primary domain is 223315.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 11th 2021. Valid for: a year.
This is the only time filecr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 24 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
8 2.18.235.93 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
19 2a00:1450:400... 15169 (GOOGLE)
12 192.0.77.2 2635 (AUTOMATTIC)
3 94.31.29.32 33438 (HIGHWINDS2)
2 2a00:1450:400... 15169 (GOOGLE)
40 2a00:1450:400... 15169 (GOOGLE)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
9 142.250.186.34 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 185.255.84.150 200271 (IGUANE-)
2 5 37.252.172.37 29990 (ASN-APPNEX)
1 35.156.29.201 16509 (AMAZON-02)
3 35.174.217.176 14618 (AMAZON-AES)
3 35.157.246.167 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 51.89.9.253 16276 (OVH)
1 18.192.113.141 16509 (AMAZON-02)
10 54.194.68.215 16509 (AMAZON-02)
1 2602:803:c003... 26667 (RUBICONPR...)
1 178.250.0.165 44788 (ASN-CRITE...)
3 2a00:1450:400... 15169 (GOOGLE)
2 92.123.194.171 20940 (AKAMAI-ASN1)
52 2a00:1450:400... 15169 (GOOGLE)
1 104.107.160.24 16625 (AKAMAI-AS)
1 178.18.231.137 50952 (DATAIX-AS...)
2 4 2a00:1450:400... 15169 (GOOGLE)
7 104.102.28.29 20940 (AKAMAI-ASN1)
19 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
2 2a02:2638:1::3 44788 (ASN-CRITE...)
4 23.79.143.124 16625 (AKAMAI-AS)
1 151.101.1.108 54113 (FASTLY)
2 6 76.223.111.18 16509 (AMAZON-02)
1 2620:1ec:46::69 8068 (MICROSOFT...)
6 9 3.33.220.150 16509 (AMAZON-02)
1 1 34.102.163.6 15169 (GOOGLE)
6 13 172.217.18.98 15169 (GOOGLE)
1 2620:1ec:21::14 8068 (MICROSOFT...)
3 5 2a05:d018:d29... 16509 (AMAZON-02)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
2 4 209.54.176.128 16509 (AMAZON-02)
7 8 18.192.154.244 16509 (AMAZON-02)
3 3 50.31.142.255 23352 (SERVERCEN...)
2 104.16.200.58 13335 (CLOUDFLAR...)
1 34.242.212.194 16509 (AMAZON-02)
2 67.202.105.24 32748 (STEADFAST)
2 185.86.138.132 201081 (SMARTADSE...)
2 6 184.30.24.241 16625 (AKAMAI-AS)
2 2 216.52.2.39 30282 (AS-INAPCD...)
9 10 213.19.147.45 26120 (RHYTHMONE)
1 18.204.253.249 14618 (AMAZON-AES)
1 1 193.0.160.129 54312 (ROCKETFUEL)
1 1 147.75.61.140 54825 (PACKET)
2 2 3.126.56.137 16509 (AMAZON-02)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 3 69.173.144.165 26667 (RUBICONPR...)
5 69.173.144.138 26667 (RUBICONPR...)
5 5 185.29.132.241 30419 (MEDIAMATH...)
5 5 151.101.194.49 54113 (FASTLY)
2 35.244.174.68 15169 (GOOGLE)
2 2 2620:116:800d... 16509 (AMAZON-02)
1 52.12.81.72 16509 (AMAZON-02)
1 1 37.252.173.22 29990 (ASN-APPNEX)
1 16 54.76.105.117 16509 (AMAZON-02)
3 3 64.202.112.255 22075 (AS-OUTBRAIN)
1 192.132.33.46 ()
2 2 34.98.64.218 15169 (GOOGLE)
1 1 54.144.85.208 14618 (AMAZON-AES)
1 1 34.232.92.67 14618 (AMAZON-AES)
1 193.122.128.135 31898 (ORACLE-BM...)
1 169.197.150.7 398989 (DEEPINTENT)
1 1 104.90.192.27 16625 (AKAMAI-AS)
2 2 34.253.143.212 16509 (AMAZON-02)
1 1 47.252.78.131 45102 (CNNIC-ALI...)
1 1 198.148.27.139 19189 (PULSEPOINT)
2 5 185.86.139.89 201081 (SMARTADSE...)
1 1 188.34.190.28 24940 (HETZNER-AS)
2 184.30.24.198 16625 (AKAMAI-AS)
1 1 2.19.35.65 16625 (AKAMAI-AS)
1 18.195.155.181 16509 (AMAZON-02)
1 1 124.146.215.51 2514 (INFOSPHER...)
2 2 185.184.8.65 204995 (RTB-HOUSE...)
1 104.36.113.23 62713 (AS-PUBMATIC)
1 2 37.157.2.239 198622 (ADFORM)
4 185.64.189.110 62713 (AS-PUBMATIC)
3 198.47.127.20 62713 (AS-PUBMATIC)
3 104.36.113.17 62713 (AS-PUBMATIC)
1 169.50.137.182 36351 (SOFTLAYER)
1 1 2001:678:cb4:... 56396 (AMOBEE)
360 73
24    2606:4700:3031::6815:3106 (United States)

ASN13335 (CLOUDFLARENET, US)
filecr.com
2    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
8    2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com
contextual.media.net
1    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
19    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
12    192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com
i0.wp.com
i3.wp.com
i1.wp.com
3    94.31.29.32 (United Kingdom)

ASN33438 (HIGHWINDS2, US)
PTR: 94.31.29.32.IPYX-077437-ZYO.above.net
cdn4.buysellads.net
2    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
40    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
www.googletagservices.com
adservice.google.de
1    2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)
webcrx.io
9    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
partner.googleadservices.com
securepubads.g.doubleclick.net
1    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
5    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
2    2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)
script.4dex.io
1    185.255.84.150 (Paris, France)

ASN200271 (IGUANE-, FR)
hb-api.omnitagjs.com
5    37.252.172.37 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
1    35.156.29.201 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-29-201.eu-central-1.compute.amazonaws.com
tlx.3lift.com
3    35.174.217.176 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-174-217-176.compute-1.amazonaws.com
mantodea.mantisadnetwork.com
ecs.mantisadnetwork.com
3    35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
c2shb.ssp.yahoo.com
1    2606:4700::6812:372 (United States)

ASN13335 (CLOUDFLARENET, US)
mp.4dex.io
4    51.89.9.253 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu
onetag-sys.com
1    18.192.113.141 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-113-141.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
10    54.194.68.215 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-68-215.eu-west-1.compute.amazonaws.com
ads.servenobid.com
1    2602:803:c003:200::61 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
1    178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com
bidder.criteo.com
3    2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
c0c9f98d816a1ef8d4eddcc82c44813c.safeframe.googlesyndication.com
5664fd4311393cd13a07214003eee7eb.safeframe.googlesyndication.com
8fddf9bcc2612d49750f2d9dbdb437ac.safeframe.googlesyndication.com
2    92.123.194.171 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-194-171.deploy.static.akamaitechnologies.com
res-a.akamaihd.net
52    2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    104.107.160.24 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-107-160-24.deploy.static.akamaitechnologies.com
hblg.media.net
1    178.18.231.137 (Russian Federation)

ASN50952 (DATAIX-AS Peering Ltd., RU)
qsearch-a.akamaihd.net
4    2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
7    104.102.28.29 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-28-29.deploy.static.akamaitechnologies.com
cvision.media.net
19    2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
7    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
9    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
7    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
4    23.79.143.124 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-143-124.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
1    151.101.1.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
6    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
1    2620:1ec:46::69 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
public.servenobid.com
9    3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
1    34.102.163.6 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 6.163.102.34.bc.googleusercontent.com
ad.mrtnsvr.com
13    172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net
cm.g.doubleclick.net
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
5    2a05:d018:d29:3605:9b3d:59c:490d:6d21 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
4    209.54.176.128 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
8    18.192.154.244 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-154-244.eu-central-1.compute.amazonaws.com
x.bidswitch.net
3    50.31.142.255 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com
b1sync.zemanta.com
2    104.16.200.58 (None, )

ASN13335 (CLOUDFLARENET, US)
pixel.yabidos.com
1    34.242.212.194 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-212-194.eu-west-1.compute.amazonaws.com
g2.gumgum.com
2    67.202.105.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net
pixel.33across.com
ssc-cms.33across.com
2    185.86.138.132 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync.smartadserver.com
6    184.30.24.241 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-241.deploy.static.akamaitechnologies.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
2    216.52.2.39 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ce.lijit.com
10    213.19.147.45 (United Kingdom)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
1    18.204.253.249 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-204-253-249.compute-1.amazonaws.com
jadserve.postrelease.com
1    193.0.160.129 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
1    147.75.61.140 (Ashburn, United States)

ASN54825 (PACKET, US)
prebid.a-mo.net
2    3.126.56.137 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
2    2606:4700::6810:75c3 (United States)

ASN13335 (CLOUDFLARENET, US)
pre.glotgrx.com
3    69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
5    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
5    185.29.132.241 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
5    151.101.194.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
idsync.rlcdn.com
2    2620:116:800d:21:51e4:db4b:4436:b305 (United States)

ASN16509 (AMAZON-02, US)
pixel.quantserve.com
1    52.12.81.72 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-12-81-72.us-west-2.compute.amazonaws.com
dmp.brand-display.com
1    37.252.173.22 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
16    54.76.105.117 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
rtb.gumgum.com
3    64.202.112.255 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
sync.outbrain.com
1    192.132.33.46 (None, )

ASN- ()
bttrack.com
2    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
us-u.openx.net
1    54.144.85.208 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-85-208.compute-1.amazonaws.com
sync.srv.stackadapt.com
1    34.232.92.67 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-92-67.compute-1.amazonaws.com
sync.ipredictive.com
1    193.122.128.135 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
1    169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com
match.deepintent.com
1    104.90.192.27 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-192-27.deploy.static.akamaitechnologies.com
stags.bluekai.com
2    34.253.143.212 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-143-212.eu-west-1.compute.amazonaws.com
ad.360yield.com
1    47.252.78.131 (United States)

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co., Ltd., CN)
event.clientgear.com
1    198.148.27.139 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
5    185.86.139.89 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
1    188.34.190.28 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.28.190.34.188.clients.your-server.de
bidswitch-eu.splicky.com
2    184.30.24.198 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-198.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    2.19.35.65 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-35-65.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
1    18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
cs.emxdgt.com
1    124.146.215.51 (Shibuya, Japan)

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
tg.socdm.com
2    185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net
creativecdn.com
1    104.36.113.23 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
2    37.157.2.239 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
4    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
3    198.47.127.20 (United States)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
simage4.pubmatic.com
3    104.36.113.17 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
1    169.50.137.182 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b6.89.32a9.ip4.static.sl-reverse.com
um.simpli.fi
1    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
Apex Domain
Subdomains		 Transfer
74 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 100
c0c9f98d816a1ef8d4eddcc82c44813c.safeframe.googlesyndication.com
5664fd4311393cd13a07214003eee7eb.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 124
8fddf9bcc2612d49750f2d9dbdb437ac.safeframe.googlesyndication.com
1 MB
49 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 46
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184
cm.g.doubleclick.net — Cisco Umbrella Rank: 197
563 KB
24 filecr.com
filecr.com — Cisco Umbrella Rank: 223315
360 KB
19 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 324
346 KB
17 gumgum.com
g2.gumgum.com — Cisco Umbrella Rank: 1545
rtb.gumgum.com — Cisco Umbrella Rank: 1288
5 KB
16 gstatic.com
www.gstatic.com
fonts.gstatic.com
179 KB
16 media.net
contextual.media.net — Cisco Umbrella Rank: 516
lg3.media.net Failed
hblg.media.net — Cisco Umbrella Rank: 1546
cvision.media.net — Cisco Umbrella Rank: 8352
356 KB
14 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 467
eus.rubiconproject.com — Cisco Umbrella Rank: 541
token.rubiconproject.com — Cisco Umbrella Rank: 689
pixel.rubiconproject.com — Cisco Umbrella Rank: 312
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1095
24 KB
13 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 473
image6.pubmatic.com — Cisco Umbrella Rank: 595
simage2.pubmatic.com — Cisco Umbrella Rank: 552
image4.pubmatic.com — Cisco Umbrella Rank: 848
image2.pubmatic.com — Cisco Umbrella Rank: 1032
simage4.pubmatic.com
27 KB
12 wp.com
i0.wp.com — Cisco Umbrella Rank: 3215
i3.wp.com — Cisco Umbrella Rank: 46854
i1.wp.com — Cisco Umbrella Rank: 5313
164 KB
11 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 1823
public.servenobid.com — Cisco Umbrella Rank: 3540
8 KB
10 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 693
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 470
ups.analytics.yahoo.com — Cisco Umbrella Rank: 283
6 KB
9 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 329
4 KB
9 google.com
adservice.google.com — Cisco Umbrella Rank: 80
www.google.com — Cisco Umbrella Rank: 13
3 KB
8 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 287
4 KB
8 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 165
268 KB
7 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 528
4 KB
7 smartadserver.com
ssbsync.smartadserver.com — Cisco Umbrella Rank: 1372
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 578
3 KB
7 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47
6 KB
7 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 600
eb2.3lift.com — Cisco Umbrella Rank: 389
3 KB
7 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 241
acdn.adnxs.com — Cisco Umbrella Rank: 565
secure.adnxs.com — Cisco Umbrella Rank: 404
22 KB
6 casalemedia.com
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 520
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 590
8 KB
5 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 560
1 KB
5 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 421
3 KB
5 google.de
adservice.google.de — Cisco Umbrella Rank: 8028
1 KB
4 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 284
2 KB
4 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 1056
2 KB
3 outbrain.com
sync.outbrain.com — Cisco Umbrella Rank: 758
1 KB
3 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 905
1 KB
3 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 588
2 KB
3 akamaihd.net
res-a.akamaihd.net — Cisco Umbrella Rank: 5901
qsearch-a.akamaihd.net — Cisco Umbrella Rank: 1653
58 KB
3 mantisadnetwork.com
mantodea.mantisadnetwork.com — Cisco Umbrella Rank: 11970
ecs.mantisadnetwork.com — Cisco Umbrella Rank: 23153
958 B
3 4dex.io
script.4dex.io — Cisco Umbrella Rank: 2366
mp.4dex.io — Cisco Umbrella Rank: 2499
24 KB
3 buysellads.net
cdn4.buysellads.net — Cisco Umbrella Rank: 16454
192 KB
2 adform.net
c1.adform.net — Cisco Umbrella Rank: 608
960 B
2 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 698
695 B
2 360yield.com
ad.360yield.com — Cisco Umbrella Rank: 675
615 B
2 openx.net
us-u.openx.net — Cisco Umbrella Rank: 359
426 B
2 quantserve.com
pixel.quantserve.com — Cisco Umbrella Rank: 424
917 B
2 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 738
idsync.rlcdn.com — Cisco Umbrella Rank: 316
108 B
2 glotgrx.com
pre.glotgrx.com — Cisco Umbrella Rank: 6448
392 B
2 lijit.com
ce.lijit.com — Cisco Umbrella Rank: 816
1 KB
2 33across.com
pixel.33across.com — Cisco Umbrella Rank: 2343
ssc-cms.33across.com — Cisco Umbrella Rank: 877
2 yabidos.com
pixel.yabidos.com — Cisco Umbrella Rank: 6694
25 KB
2 criteo.net
static.criteo.net — Cisco Umbrella Rank: 645
57 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 42
20 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 227
33 KB
1 turn.com
ad.turn.com — Cisco Umbrella Rank: 770
518 B
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 745
610 B
1 socdm.com
tg.socdm.com — Cisco Umbrella Rank: 1948
688 B
1 emxdgt.com
cs.emxdgt.com — Cisco Umbrella Rank: 908
1 splicky.com
bidswitch-eu.splicky.com — Cisco Umbrella Rank: 22976
225 B
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 577
383 B
1 clientgear.com
event.clientgear.com — Cisco Umbrella Rank: 3454
263 B
1 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 510
1 KB
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 921
44 B
1 technoratimedia.com
sync.technoratimedia.com — Cisco Umbrella Rank: 1292
293 B
1 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 1187
428 B
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 973
579 B
1 bttrack.com
bttrack.com
380 B
1 brand-display.com
dmp.brand-display.com — Cisco Umbrella Rank: 1929
261 B
1 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1204
311 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 702
753 B
1 postrelease.com
jadserve.postrelease.com — Cisco Umbrella Rank: 1117
428 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 273
591 B
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 546
704 B
1 mrtnsvr.com
ad.mrtnsvr.com — Cisco Umbrella Rank: 2371
249 B
1 criteo.com
bidder.criteo.com — Cisco Umbrella Rank: 722
307 B
1 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1349
110 B
1 omnitagjs.com
hb-api.omnitagjs.com — Cisco Umbrella Rank: 4305
702 B
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 777
644 B
1 webcrx.io
webcrx.io
1 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78
36 KB
0 sonobi.com Failed
sync.go.sonobi.com Failed
360 74
Domain Requested by
52 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
googleads.g.doubleclick.net
cdn.ampproject.org
filecr.com
28 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
24 filecr.com 2 redirects filecr.com
19 cdn.ampproject.org googleads.g.doubleclick.net
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
19 pagead2.googlesyndication.com filecr.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
16 rtb.gumgum.com 1 redirects g2.gumgum.com
ads.pubmatic.com
13 cm.g.doubleclick.net 6 redirects eb2.3lift.com
filecr.com
ssum-sec.casalemedia.com
ssbsync.smartadserver.com
g2.gumgum.com
10 ads.servenobid.com cdn4.buysellads.net
public.servenobid.com
ssum-sec.casalemedia.com
g2.gumgum.com
ssbsync.smartadserver.com
9 match.adsrvr.org 6 redirects eb2.3lift.com
filecr.com
ssum-sec.casalemedia.com
9 www.gstatic.com googleads.g.doubleclick.net
8 x.bidswitch.net 7 redirects eb2.3lift.com
8 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
filecr.com
8 www.googletagservices.com cdn4.buysellads.net
filecr.com
googleads.g.doubleclick.net
8 contextual.media.net filecr.com
contextual.media.net
7 sync.1rx.io 7 redirects
7 fonts.gstatic.com fonts.googleapis.com
7 fonts.googleapis.com googleads.g.doubleclick.net
securepubads.g.doubleclick.net
7 cvision.media.net filecr.com
6 eb2.3lift.com 2 redirects cdn4.buysellads.net
eb2.3lift.com
6 i3.wp.com filecr.com
5 rtb-csync.smartadserver.com 2 redirects ssbsync.smartadserver.com
5 sync-tm.everesttech.net 5 redirects
5 sync.mathtag.com 5 redirects
5 pixel.rubiconproject.com filecr.com
eus.rubiconproject.com
5 pr-bh.ybp.yahoo.com 3 redirects ssum-sec.casalemedia.com
ads.pubmatic.com
5 ib.adnxs.com 2 redirects cdn4.buysellads.net
acdn.adnxs.com
5 adservice.google.com pagead2.googlesyndication.com
securepubads.g.doubleclick.net
5 adservice.google.de pagead2.googlesyndication.com
securepubads.g.doubleclick.net
5 i1.wp.com filecr.com
4 simage2.pubmatic.com ads.pubmatic.com
4 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
4 s.amazon-adsystem.com 2 redirects eb2.3lift.com
ssum-sec.casalemedia.com
4 eus.rubiconproject.com cdn4.buysellads.net
eus.rubiconproject.com
g2.gumgum.com
4 www.google.com 2 redirects tpc.googlesyndication.com
4 onetag-sys.com cdn4.buysellads.net
filecr.com
public.servenobid.com
3 image2.pubmatic.com ads.pubmatic.com
3 sync.outbrain.com 3 redirects
3 token.rubiconproject.com 3 redirects
3 sync.targeting.unrulymedia.com 2 redirects g2.gumgum.com
3 b1sync.zemanta.com 3 redirects
3 c2shb.ssp.yahoo.com cdn4.buysellads.net
3 cdn4.buysellads.net filecr.com
2 image4.pubmatic.com ads.pubmatic.com
2 c1.adform.net 1 redirects ads.pubmatic.com
2 creativecdn.com 2 redirects
2 ads.pubmatic.com g2.gumgum.com
ads.pubmatic.com
2 ad.360yield.com 2 redirects
2 us-u.openx.net 2 redirects
2 pixel.quantserve.com 2 redirects
2 pre.glotgrx.com mantodea.mantisadnetwork.com
2 ups.analytics.yahoo.com 2 redirects
2 ce.lijit.com 2 redirects
2 ssum-sec.casalemedia.com 1 redirects public.servenobid.com
2 ssbsync.smartadserver.com public.servenobid.com
g2.gumgum.com
2 pixel.yabidos.com mantodea.mantisadnetwork.com
pixel.yabidos.com
2 static.criteo.net cdn4.buysellads.net
static.criteo.net
2 res-a.akamaihd.net filecr.com
2 mantodea.mantisadnetwork.com cdn4.buysellads.net
2 script.4dex.io cdn4.buysellads.net
script.4dex.io
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 cdnjs.cloudflare.com filecr.com
cdnjs.cloudflare.com
1 simage4.pubmatic.com ads.pubmatic.com
1 ad.turn.com 1 redirects
1 um.simpli.fi ads.pubmatic.com
1 idsync.rlcdn.com ads.pubmatic.com
1 image6.pubmatic.com ads.pubmatic.com
1 tg.socdm.com 1 redirects
1 cs.emxdgt.com g2.gumgum.com
1 secure-assets.rubiconproject.com 1 redirects
1 ssc-cms.33across.com g2.gumgum.com
1 bidswitch-eu.splicky.com 1 redirects
1 bh.contextweb.com 1 redirects
1 event.clientgear.com 1 redirects
1 stags.bluekai.com 1 redirects
1 match.deepintent.com g2.gumgum.com
1 sync.technoratimedia.com g2.gumgum.com
1 sync.ipredictive.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 bttrack.com g2.gumgum.com
1 secure.adnxs.com 1 redirects
1 dmp.brand-display.com ssum-sec.casalemedia.com
1 id.rlcdn.com filecr.com
1 prebid.a-mo.net 1 redirects
1 p.rfihub.com 1 redirects
1 jadserve.postrelease.com public.servenobid.com
1 pixel.33across.com public.servenobid.com
1 g2.gumgum.com public.servenobid.com
1 ecs.mantisadnetwork.com mantodea.mantisadnetwork.com
1 c.bing.com eb2.3lift.com
1 px.ads.linkedin.com eb2.3lift.com
1 ad.mrtnsvr.com 1 redirects
1 public.servenobid.com cdn4.buysellads.net
1 acdn.adnxs.com cdn4.buysellads.net
1 8fddf9bcc2612d49750f2d9dbdb437ac.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 qsearch-a.akamaihd.net filecr.com
1 hblg.media.net filecr.com
1 5664fd4311393cd13a07214003eee7eb.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 c0c9f98d816a1ef8d4eddcc82c44813c.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 bidder.criteo.com cdn4.buysellads.net
1 fastlane.rubiconproject.com cdn4.buysellads.net
1 btlr.sharethrough.com cdn4.buysellads.net
1 mp.4dex.io cdn4.buysellads.net
1 tlx.3lift.com cdn4.buysellads.net
1 hb-api.omnitagjs.com cdn4.buysellads.net
1 partner.googleadservices.com pagead2.googlesyndication.com
1 webcrx.io filecr.com
1 i0.wp.com filecr.com
1 www.googletagmanager.com filecr.com
0 sync.go.sonobi.com Failed public.servenobid.com
0 lg3.media.net Failed filecr.com
contextual.media.net
360 110

This site contains links to these domains. Also see Links.

Domain
www.youtube.com
www.affordable-papers.net
www.microsoft.com
twitter.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-11 -
2022-06-10		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2021-04-12 -
2022-04-20		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-01-10 -
2022-04-04		 3 months crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2020-04-02 -
2022-07-05		 2 years crt.sh
*.buysellads.net
Sectigo RSA Domain Validation Secure Server CA		 2021-08-03 -
2022-09-03		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-01-10 -
2022-04-04		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-24 -
2022-06-23		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
*.3lift.com
Amazon		 2021-06-12 -
2022-07-11		 a year crt.sh
*.mantisadnetwork.com
Amazon		 2021-10-14 -
2022-11-11		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-10-14 -
2022-04-06		 6 months crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.sharethrough.com
Amazon		 2021-08-13 -
2022-09-11		 a year crt.sh
ads.servenobid.com
Amazon		 2021-06-28 -
2022-07-27		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-04		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-02-04 -
2022-05-03		 3 months crt.sh
a248.e.akamai.net
DigiCert SHA2 Secure Server CA		 2021-07-15 -
2022-07-20		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-01-10 -
2022-04-04		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-01-10 -
2022-04-04		 3 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2022-01-10 -
2022-04-04		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-02-02 -
2022-05-03		 3 months crt.sh
cdn.adnxs.com
GlobalSign Organization Validated CA - SHA256 - G4		 2021-05-10 -
2022-06-11		 a year crt.sh
public.servenobid.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-22 -
2022-05-22		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-12-06 -
2022-06-06		 6 months crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2021-12-22 -
2022-06-22		 6 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
*.gumgum.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-12-12 -
2022-12-13		 a year crt.sh
*.postrelease.com
Amazon		 2021-12-28 -
2023-01-25		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-01-18 -
2022-07-13		 6 months crt.sh
*.knorex.com
Amazon		 2021-08-26 -
2022-09-24		 a year crt.sh
*.technoratimedia.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-17 -
2022-10-05		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2020-04-09 -
2022-06-08		 2 years crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA		 2022-02-04 -
2023-02-03		 a year crt.sh
*.emxdgt.com
Go Daddy Secure Certificate Authority - G2		 2021-05-18 -
2022-06-19		 a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-27 -
2022-11-27		 a year crt.sh

This page contains 57 frames:

Primary Page: https://filecr.com/windows/microsoft-office?id=6347414880
Frame ID: 40675403A317FC65838D67C3B0D2C447
Requests: 87 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20190131/zrt_lookup.html
Frame ID: 4D39C978D955D546BB083CB6139EAB13
Requests: 1 HTTP requests in this frame

Frame: https://webcrx.io/extension/comm
Frame ID: E15DAD982492090BEAEC400D67CE2EB9
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CU5IBM9S&prvid=77%2C184%2C188%2C226%2C246%2C2033%2C3018&itype=HB-CM&rtime=9&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
Frame ID: 4E1F2B6D02DAA3E621569090445DAD24
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: D3186A70C23DF31319624D09A1F4C920
Requests: 8 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: 4E6EE5EAB012F0FC73E7B1F6D2D2F050
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&adk=1812271804&adf=3025194257&lmt=1644415945&plat=1%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944785&bpp=9&bdt=274&idt=469&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=736225061094&frm=20&pv=2&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=483
Frame ID: 1ECA063A89D461D1BA2074DFC3A693EA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
Frame ID: 5D90AA9B0B855C0AA453840B329E127F
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
Frame ID: 64168C6050833BF82AB5B20154FA670F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Frame ID: EB15C20EF5D4AA3F2FF3DB134E9356BB
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
Frame ID: D3C5AF76D0BF3BE212BB7E942F06F774
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Frame ID: E876B640E6093972E419C9C8AFA2B270
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502
Frame ID: E41DBBB6AD5697BB085FCF7D3CF57651
Requests: 12 HTTP requests in this frame

Frame: https://c0c9f98d816a1ef8d4eddcc82c44813c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 3968F5A8C1170538836E063BE8F669BF
Requests: 1 HTTP requests in this frame

Frame: https://5664fd4311393cd13a07214003eee7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 706BF10DA9D9EF9C467BBA2890D611EC
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/48/nrrV64488.js
Frame ID: FCB8610C5ABACCD1F62E6F97DAEC45D2
Requests: 5 HTTP requests in this frame

Frame: https://contextual.media.net/48/nrrV64488.js
Frame ID: BA539D7D2E6DD9299E2EF7EF205E8658
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9BF5CC13EE519A621693F2FA051BFCBC
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CDE40478CFCAD8EF358056423CCD16DA
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 45BCBEEC67ACDA2261503E6C573010AF
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C6819BC9649AF6B7BD311E57657D4E37
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Frame ID: 5629E41393C0D3E2325579F187DC6B55
Requests: 16 HTTP requests in this frame

Frame: https://8fddf9bcc2612d49750f2d9dbdb437ac.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 49DCC4A5CBF06BD0E25AEC4AEF0D3B04
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Frame ID: 92FEB468F2468ADABB9CA1C9AE95AA49
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VnTavz0N7mR8nqB23LNAZAPutaELHNP8vFQVuCwP3pA.js
Frame ID: 982AD369EA812B18DCDAE325920D79CB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E1E9F52A340878E51C8D22D06BF073F1
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Frame ID: B13E503D3A0ADB5E37DBE633CB2D7659
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 832A818792A045C7812EF84CAA1E684D
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VnTavz0N7mR8nqB23LNAZAPutaELHNP8vFQVuCwP3pA.js
Frame ID: 008590AE4AD8F92A32CF5C33FE7E6B0A
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 5786CE4E01A6E5AAD33EEB51257D51E4
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E3DDE32442A113FA01EFB014DFD0D5C2
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VnTavz0N7mR8nqB23LNAZAPutaELHNP8vFQVuCwP3pA.js
Frame ID: EDED739B1C954197FBAF888F104AAB6A
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 5995F2B31C92A8AED5482B249134BD9E
Requests: 10 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 85EEB125B8F3A553E8C9AB5C3CC3E474
Requests: 3 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1644415945955&secure=true&version=9&uuid=cd921020-f58b-411b-a73b-c0eecad3144a&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880
Frame ID: CAAB3EBEF98AC61F19942B9B394EB704
Requests: 6 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 12D446D576B98E9D93264871F64E0A58
Requests: 11 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1644415945668
Frame ID: C412179B7A00ACBF135CE7D29483E1FE
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: C22F53019D23E8323B710CB79475E424
Requests: 9 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: E082D980C0BC2EAA8A50A32F8AF7E821
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: 2667DF7BD6E52AD350C8E20DBF7183A0
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: E186CB4568003AD097DB0D7E722D8DEC
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 67A113D9115FF1704C7BCA2195635718
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Frame ID: 2E40356DE8917393522C83CCF5718F06
Requests: 10 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=0&gdpr_consent=
Frame ID: BDED11236A627280CD46D7BB82AA3E27
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YgPLzQAE8d2PLABH&gdpr=0&gdpr_consent=&_test=YgPLzQAE8d2PLABH
Frame ID: 7657DAD005295614A4333DE6A923635F
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV85ODMyMDRjZi02NTZiLTRhMDQtODc0MS1iNTM3NGQ5YjgwMzc=&gdpr=0&gdpr_consent=
Frame ID: CDA0C5537F77D38F38A7D68EB04D3C67
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 10F0EF39D13F4E19E543A3FCE7A9DE1B
Requests: 14 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: 517E0C168319BC4A2A2E94452E44D7C7
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f&t=1647007949
Frame ID: E671C7E4F572BAB380CA9AB07BE6EF41
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 7B04BF0D8C08041255DD3AE6E586BCC2
Requests: 3 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: DC51C7E525F55F42C97547985A4B9D37
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YgPLzcCo8XoAAJdTm3wAAAAA
Frame ID: 9A8D046EE9073AB1743A6D49D5DEE894
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=2QxZb0B33Xa6zXKzwEUT&pi=gumgum&tc=1
Frame ID: C0E7BDEF50A1112CC309C88D31A00BBC
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=0E75CF48-3D13-442F-AB98-88BCF9CF0EF3
Frame ID: 04E429EF3018B4F16DE368C77DEF6149
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YgPLzQAE8d2PLABH&gdpr=0&gdpr_consent=
Frame ID: B381B0E894507F325F4E1F33ADF78E93
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=0&gdpr_consent=
Frame ID: 8D77977BEB9411FE05883277DE1A3C05
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=pbm&i=0E75CF48-3D13-442F-AB98-88BCF9CF0EF3
Frame ID: 6B4772836988DB5E5F246915A8DD7A70
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Microsoft Office 2019 Pro Plus v2110 (Build 14527.20226)

Page URL History Show full URLs

  1. http://filecr.com/windows/microsoft-office//?id=6320067552 HTTP 301
    https://filecr.com/windows/microsoft-office//?id=6320067552 HTTP 302
    https://filecr.com/windows/microsoft-office?id=6347414880 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

360
Requests

86 %
HTTPS

28 %
IPv6

74
Domains

110
Subdomains

73
IPs

11
Countries

3980 kB
Transfer

9457 kB
Size

90
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://filecr.com/windows/microsoft-office//?id=6320067552 HTTP 301
    https://filecr.com/windows/microsoft-office//?id=6320067552 HTTP 302
    https://filecr.com/windows/microsoft-office?id=6347414880 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 243
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 260
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 270
  • https://eb2.3lift.com/sync HTTP 302
  • https://eb2.3lift.com/sync?&ld=1
Request Chain 275
  • https://ad.mrtnsvr.com/sync/triplelift HTTP 302
  • https://eb2.3lift.com/xuidmid=7976&xuid=BShsf8N4M&dongle=u6nf
Request Chain 277
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU1MDA0MTYyMjcwNjIzNzM5MTQwNA%3D%3D
Request Chain 279
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/4550041622706237391404?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-I8HnEnRE2oRY7KCu_kaVEcXuZWpx822OkBYZjkUpAQ--~A&dongle=0883
Request Chain 281
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4550041622706237391404 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4550041622706237391404&dcc=t
Request Chain 283
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Request Chain 287
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=rjrqv8k&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=rjrqv8k&ttd_tpi=1 HTTP 302
  • https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f
Request Chain 293
  • https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Request Chain 294
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
  • https://ads.servenobid.com/sync?pid=312&uid=3039027062740373425
Request Chain 295
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1 HTTP 302
  • https://ads.servenobid.com/sync?pid=310&uid=a76f4590e6bb5a0dfe5f96f5
Request Chain 296
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1644415949228 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4939325756 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003 HTTP 302
  • https://ads.servenobid.com/sync?pid=321&uid=RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
Request Chain 298
  • https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
  • https://ads.servenobid.com/sync?pid=324&uid=5108559722466015054
Request Chain 300
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
  • https://ads.servenobid.com/sync?pid=327&uid=7279797e-0105-4993-a357-41b26af11a6b&gdpr=0&gdpr_consent=&us_privacy=1YN-
Request Chain 301
  • https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
  • https://ads.servenobid.com/sync?pid=337&uid=y-bD7VY6RE2uE9DhUlD.VBLRoDAo2mKSTg3HOTf14-~A
Request Chain 304
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/xv2ifjZVI6gxoDe9fBoybQ?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6613879172942939373
Request Chain 305
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=6b496203-cbcc-4600-93e1-22dfe1cdbc1f
Request Chain 306
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NjgzMTI5NzdlNzlhYTc1MTVkMTYyZWM1NGUzMDlhZWE5MjMxNTM1ZA
Request Chain 307
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pGTVNPQUgtQy1BMUZC
Request Chain 308
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHz3E3BZHNHRhx8wWQ3WHpk&google_cver=1
Request Chain 310
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YgPLzQAE8VeMdwBH HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YgPLzQAE8VeMdwBH&_test=YgPLzQAE8VeMdwBH
Request Chain 314
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YgPLzUF7u2cMsIS9c0FRsAAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEObt6wSoSAGOs3GqFS2lA-U&google_cver=1&gdpr=1
Request Chain 315
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YgPLzUF7u2cMsIS9c0FRsAAABJYAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YgPLzUF7u2cMsIS9c0FRsAAABJYAAAAB&dcc=t
Request Chain 316
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=1&gdpr_consent=
Request Chain 317
  • https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=73zE_Losl6v0esCqu3fZ9uh6xq30epL8uC9GJhrO
Request Chain 321
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://rtb.gumgum.com/usersync?b=apn&i=3039027062740373425
Request Chain 322
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_983204cf-656b-4a04-8741-b5374d9b8037&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_983204cf-656b-4a04-8741-b5374d9b8037&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://pixel.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=gumgum2&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=gumgum2&&user_id=GxyRkk5MwsUAGpXETxeMmBwak8MAGseSTE_BZo0v HTTP 302
  • https://rtb.gumgum.com/usersync?b=bsw&i=aabc893a-bc02-4f41-91f0-5567ecc5d0d4
Request Chain 323
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%285Nps53TbAqWXqIQPKwEoutUxJHgmLlv8RQhVlCqubntBf1bVbY3bmLH3rivVOLq6%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%285Nps53TbAqWXqIQPKwEoutUxJHgmLlv8RQhVlCqubntBf1bVbY3bmLH3rivVOLq6%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_983204cf-656b-4a04-8741-b5374d9b8037&obuid=ENC(5Nps53TbAqWXqIQPKwEoutUxJHgmLlv8RQhVlCqubntBf1bVbY3bmLH3rivVOLq6) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://bttrack.com/Pixel/cookiesyncredir?rurl=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dbidtellect%26uid%3D%7Bglobalid%7D%26obUid%3D5Nps53TbAqWXqIQPKwEoutUxJHgmLlv8RQhVlCqubntBf1bVbY3bmLH3rivVOLq6
Request Chain 324
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=opx&i=8edf31ba-0189-4e94-9341-bc3229d673cf
Request Chain 325
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-a69c2b60-c10c-4969-5b21-4666edb38d90$ip$217.64.151.7
Request Chain 326
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=oth&i=y-9dgr_JdE2peSd.5N55ql6mwmPYE.MEYr.Bkq~A
Request Chain 327
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=vnt&i=50f01cef-89b2-11ec-b48a-0ba201ff5bd5
Request Chain 330
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_983204cf-656b-4a04-8741-b5374d9b8037&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://stags.bluekai.com/site/23178?id=sVB3o9znczEXHW_y6L0C&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT242WIIZW6OL2NZRXURKYJBLV66JWJQYEGJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT242WIIZW6OL2NZRXURKYJBLV66JWJQYEGJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=sVB3o9znczEXHW_y6L0C&us_privacy=1---
Request Chain 331
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=idi&i=a7a1f989-b9b2-4aa4-881f-86b0a64a8a31
Request Chain 332
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003&rndcb=6174852422 HTTP 302
  • https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=adconductor&bsw_custom_parameter=aabc893a-bc02-4f41-91f0-5567ecc5d0d4 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=257&user_id=mk9e4b4bb2-fa90-4129-b939-f78115b1a1e5&expires=7&user_group=5&ssp=adconductor&bsw_param=aabc893a-bc02-4f41-91f0-5567ecc5d0d4 HTTP 302
  • https://sync.1rx.io/usersync/bidswitch/aabc893a-bc02-4f41-91f0-5567ecc5d0d4?gdpr=&gdpr_consent= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
Request Chain 333
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://rtb.gumgum.com/usersync?b=pln&i=vbWjIECy6Cn9&ev=1&pid=558355
Request Chain 337
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f&gdpr=1&gdpr_consent=
Request Chain 338
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=76&partneruserid=GOOGLE_HOSTED_SI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_sc%26google_hm%3DSMART_USER_ID_B64&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=MTIyNjU0OTgzNzE4ODQ2OTg3OA==&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEI6CQNsdeY2rz8IFQtvplL4&gdpr=0&gdpr_consent=&google_cver=1
Request Chain 339
  • https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003&rndcb=6365868391 HTTP 302
  • https://bidswitch-eu.splicky.com/cm?bidswitch_ssp_id=adconductor&bsw_custom_parameter=aabc893a-bc02-4f41-91f0-5567ecc5d0d4 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=311&user_id=&user_group=2&ssp=adconductor&expires=10&bsw_param=aabc893a-bc02-4f41-91f0-5567ecc5d0d4 HTTP 302
  • https://sync.1rx.io/usersync/bidswitch/aabc893a-bc02-4f41-91f0-5567ecc5d0d4?gdpr=&gdpr_consent= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fpartnerid%3D113%26partneruserid%3DRX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003 HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
Request Chain 340
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=134&partneruserid=OB_OK&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmart_adserver_eb%26google_hm%3DSMART_USER_ID_B64&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=MTIyNjU0OTgzNzE4ODQ2OTg3OA==&gdpr=0&gdpr_consent=
Request Chain 341
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://rtb.gumgum.com/usersync?b=mmh&i=d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=0&gdpr_consent=
Request Chain 342
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YgPLzQAE8d2PLABH HTTP 302
  • https://rtb.gumgum.com/usersync?b=atm&i=YgPLzQAE8d2PLABH&gdpr=0&gdpr_consent=&_test=YgPLzQAE8d2PLABH
Request Chain 346
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=ttd&i=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f&t=1647007949
Request Chain 347
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 349
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=YgPLzcCo8XoAAJdTm3wAAAAA
Request Chain 350
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=2QxZb0B33Xa6zXKzwEUT&pi=gumgum&tc=1
Request Chain 354
  • https://c1.adform.net/serving/cookie/match?party=14&cid=0E75CF48-3D13-442F-AB98-88BCF9CF0EF3 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=0E75CF48-3D13-442F-AB98-88BCF9CF0EF3
Request Chain 355
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YgPLzQAE8d2PLABH&gdpr=0&gdpr_consent=
Request Chain 356
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=0&gdpr_consent=
Request Chain 358
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DnXPSD0TRC-rmIi8-c8O8w%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 360
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83
Request Chain 361
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MEU3NUNGNDgtM0QxMy00NDJGLUFCOTgtODhCQ0Y5Q0YwRUYz&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 362
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFud2lyvF4pnV9fWF8aPr8E&google_cver=1
Request Chain 364
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f
Request Chain 365
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3234945574012994077&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 367
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=0E75CF48-3D13-442F-AB98-88BCF9CF0EF3&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-quIkw6pE2uVxTQn0FCFLI170Tr3DDM4-~A&gdpr=0&gdpr_consent=
Request Chain 368
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3039027062740373425&gdpr=0&gdpr_consent=

360 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request microsoft-office
filecr.com/windows/
Redirect Chain
  • http://filecr.com/windows/microsoft-office//?id=6320067552
  • https://filecr.com/windows/microsoft-office//?id=6320067552
  • https://filecr.com/windows/microsoft-office?id=6347414880
215 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.27 PleskLin
Resource Hash
8c0449d149c1b09b9d15e7fe60b91be9e0fec28893b0890b2ba894fded336935

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.4.27 PleskLin
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
link
<https://filecr.com/wp-json/>; rel="https://api.w.org/", <https://filecr.com/wp-json/wp/v2/posts/3860>; rel="alternate"; type="application/json", <https://filecr.com/?p=3860>; rel=shortlink
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2Fm%2B5zilhs5xr58mjt2FR0qNdCtThmvDaLnwp593XWaxKZnhcpiS%2BYcTJTWVrHHD6VTjLwCRUChRB6uG6ipskGbuhbn6VRPPYCFlOUjeIbF06xsbW%2BtP%2BkbqJB4uOn%2BZPFpNvXCPjLXP"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6dadb14388595a07-MXP
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-type
text/html; charset=UTF-8
location
https://filecr.com/windows/microsoft-office?id=6347414880
x-powered-by
PHP/7.4.27 PleskLin
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
x-redirect-by
WordPress
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdN9hJE4VJi2yMagngrQHnXzYYXwB%2Bsga01MZt2pOQoJzPLGiMlJj8%2BD40A%2FrDfkftQRnHzQURaT3hseLCUEy%2BGO0wx92PhkU%2Fm%2BZgDEQTfLzPRaXZmOkrvs7hxa2qMiubqosU4s8Tj7"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6dadb1424cb95a07-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
simple-line-icons.css
cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.5.5/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.5.5/css/simple-line-icons.css
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f903b0e68ac1cb80ad56c6da32fa545314baa698fb8f2e6a65b8e33fca427d96
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://filecr.com/
Origin
https://filecr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
12181494
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2222
timing-allow-origin
*
last-modified
Mon, 10 Aug 2020 15:57:38 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f316e72-32ad"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2FoikIbZKgln0g0wtvM2Xp8vx7sHpolRuRtA7R96KYnhLGu4e5suhTnWgLOJPfM%2B8VwQJEUTYENFKKFjpd2EGUTw79QpEXwozMXIjyklXV8bCNHQtsAZrUZrXv%2F%2BvVJZFAr5fOs%2Fjg0TXBLbx13sAEOZ"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6dadb145ad200f56-MXP
expires
Mon, 30 Jan 2023 14:12:24 GMT
style.min.css
filecr.com/wp-includes/css/dist/block-library/ 		77 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
7b6fef0a63424245b31b293b1a3bfd074c9da482e28fb9e920e1cf306e54e8a2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6431
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 26 Jan 2022 21:21:40 GMT
server
cloudflare
etag
W/"61f1bb64-1357b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=felczgu0lSXuHMWk%2F5VdhtmIoSu%2BYPlh49V7hacdCwTLB3yRbKp4SKff33W4fHjD4HEVclKFAJSN1nf%2Bxjy22M%2FoIEkFutYDUf7EXZeftKX1%2FHE9YMoJXLyZKJ9mVvXbGYiew3fSn7RI"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31536000
cf-ray
6dadb14569a7746c-LHR
style.css
filecr.com/wp-content/themes/filecr/ 		61 B
706 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/style.css?ver=5.9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
574f5dc48c403fa7ede2cb0e9bcbc979c2cdf658c2268a4744140f5f174d3e93

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6431
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"19c-5cc72c9e32d40-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aiXybDRxpn7%2BoAGnOXtvFxBaCFhLNfkJp4KIWTwMyFZYNgXckndqLlypv4G1FHPv6hNiPbneb1Qjf7ZkMGIRJwLipnzGTvOS0z5a0qFAxRN9%2Bf%2BBN5MHsv0ZDgyfS3WjN7VS%2F8YjGvHS"}],"group":"cf-nel","max_age":604800}
content-type
text/css
x-accel-version
0.01
cache-control
max-age=31536000
cf-polished
origSize=412
cf-ray
6dadb14569aa746c-LHR
cf-bgj
minify
style.min.css
filecr.com/wp-content/themes/filecr/assets/css/ 		107 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/css/style.min.css?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
a99d9a63bc96ec98b7e05f106603236b4d6f5b53bd9d4ebabb25543047b35bef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1570
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-1adb3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zu%2BO%2BGIOU%2Ff0Ht5ipyRfBGo7iqnm%2FHWu0Ii1tB%2F9GYMieXVoNLQYukbSb5UoR%2FJq3xOsotiHpkaOOuaaQyq2MK9dOC%2BNfFlQ3Yhm0E81w8fRILonEYdO8onZ9EY1%2BEEsR%2F%2Bi8QM9HTBd"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31536000
cf-ray
6dadb14569ac746c-LHR
main.js
filecr.com/wp-content/plugins/wp-custom-parameter/js/ 		245 B
777 B 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/plugins/wp-custom-parameter/js/main.js?ver=1.0
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
be5f701f37218795787c585bdac8050f748447d710da0bdf08a22f15ee7b119e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6424
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 22 Sep 2021 13:43:35 GMT
server
cloudflare
etag
W/"10e-5cc95b36c8687-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f6VdpH%2Bh76s7J0f3qDxBzQuwTuQtIeBtr1jN%2Bo4dFRPg0CiakZ9s5Kw%2BJXGBtSATx1Df1vYnJV9FiXuce62pwO7yIxHcqL52mv%2Boced4MzOdXUP4wxRSKgkNowXlLr0DEEBoUS715yDo"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-accel-version
0.01
cache-control
max-age=31536000
cf-polished
origSize=270
cf-ray
6dadb14569ae746c-LHR
cf-bgj
minify
jquery.min.js
filecr.com/wp-includes/js/jquery/ 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6424
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 27 Jul 2021 13:25:43 GMT
server
cloudflare
etag
W/"61000957-15db1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sTwMc334LCucDI5v385x6Q0M22lPJtOwkuROA1zMWNx9i0t2ZNmcx9HaxyJrY2pKc1DHpbhdyTmIs6p4ANv20uzyhjGSGmkQdbJTduFafTrFiSNbdz%2BmBP18jjLAm2p0m0BRfJTp2I1E"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb14569b0746c-LHR
jquery-migrate.min.js
filecr.com/wp-includes/js/jquery/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6424
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 18 Nov 2020 09:06:06 GMT
server
cloudflare
etag
W/"5fb4e3fe-2bd8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wf0HrHQ8ujXkOtoArFFccyFCtBrdRRmM%2BlALtIEvJShYWIBkYO2QBf%2B%2FIwrhhCYkscj2CMZvF0noQiAFuNImjOXWA8A4jPHakNmESKjkpu0qsrjFTxSAm3cJHlAdex5vtsY3552B4jNm"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb14569b2746c-LHR
advanced.min.js
filecr.com/wp-content/plugins/advanced-ads/public/assets/js/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/plugins/advanced-ads/public/assets/js/advanced.min.js?ver=1.31.1
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
f5ef63bcd883c3e6ecca9a17785b10ee897b51aec76328706887ceb220742d71

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6027
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Feb 2022 21:42:05 GMT
server
cloudflare
etag
W/"61fc4c2d-29e9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p5JP%2Bz6pVcfNpmKk7QmR9C4FADbmos7THLsHHYc%2FntL5LzLMxVHZqruN7U4oQCvZe3HHCVw218JK5QZv5gerZOkvNVZOY7PkLLY4zEWSWlzZbdbrDtWNhIlmYLylBnMHHn4vORww9SRu"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb14569b3746c-LHR
dmedianet.js
contextual.media.net/ 		430 KB
138 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f8f99b94f1507b48d8e7820b7844586fb084f7506e141dc573ebfa45693c6b07
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-mnt-h
8-16
content-encoding
gzip
server
Apache
etag
"ba37658bddc1ae63c7e8e1771db7d1ab"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=300
date
Wed, 09 Feb 2022 14:12:24 GMT
strict-transport-security
max-age=604800
x-mnt-w
8-21
expires
Wed, 09 Feb 2022 14:17:24 GMT
js
www.googletagmanager.com/gtag/ 		90 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-139662474-1
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8dca9599c3166a46d38498fb4cc3712492404a26ab4c91abd7d5abeef3eb59c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36079
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 09 Feb 2022 14:12:24 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		153 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3553508983172692
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
838d4931e1182683da9b6951a0d99d942e26adb0077f05f4b1647522f734735c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://filecr.com/
Origin
https://filecr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53653
x-xss-protection
0
server
cafe
etag
16554103111795683511
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 09 Feb 2022 14:12:24 GMT
Microsoft-Office-2019-Professional-Plus-Free-Download.png
i0.wp.com/filecr.com/wp-content/uploads/2019/06/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/filecr.com/wp-content/uploads/2019/06/Microsoft-Office-2019-Professional-Plus-Free-Download.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
53c9feea97fea966c734faafd720ace56546a27de93d2f723d2baffe6423a784
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Wed, 09 Feb 2022 14:12:24 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:10:18 GMT
server
nginx
etag
"6bc6af431961189b"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2019/06/Microsoft-Office-2019-Professional-Plus-Free-Download.png>; rel="canonical"
content-length
42526
expires
Fri, 31 Mar 2023 01:10:18 GMT
Scr1_Microsoft-Office_free-download.jpg
i3.wp.com/filecr.com/wp-content/uploads/2018/12/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i3.wp.com/filecr.com/wp-content/uploads/2018/12/Scr1_Microsoft-Office_free-download.jpg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
b7f6b382321b107a47d93df38d0dae0c1bfa3488df9125d5c555498200f9b024
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 09 Feb 2022 14:12:24 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:10:20 GMT
server
nginx
etag
"7ab033cc0e84a013"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2018/12/Scr1_Microsoft-Office_free-download.jpg>; rel="canonical"
content-length
20068
expires
Fri, 31 Mar 2023 01:10:20 GMT
Scr2_Microsoft-Office_free-download.jpg
i1.wp.com/filecr.com/wp-content/uploads/2018/12/ 		65 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/filecr.com/wp-content/uploads/2018/12/Scr2_Microsoft-Office_free-download.jpg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
EXPIRED hhn 1
date
Wed, 09 Feb 2022 14:12:25 GMT
server
nginx
content-type
text/html; charset=utf-8
Scr3_Microsoft-Office_free-download.jpg
i3.wp.com/filecr.com/wp-content/uploads/2018/12/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i3.wp.com/filecr.com/wp-content/uploads/2018/12/Scr3_Microsoft-Office_free-download.jpg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
ccfb13f080c34a055931e40ffe53d5821ea75abca78e9e22863f862134e5fb28
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 09 Feb 2022 14:12:24 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:10:20 GMT
server
nginx
etag
"d6b1c0acecba8438"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2018/12/Scr3_Microsoft-Office_free-download.jpg>; rel="canonical"
content-length
19308
expires
Fri, 31 Mar 2023 01:10:20 GMT
Scr4_Microsoft-Office_free-download.jpg
i3.wp.com/filecr.com/wp-content/uploads/2018/12/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i3.wp.com/filecr.com/wp-content/uploads/2018/12/Scr4_Microsoft-Office_free-download.jpg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
2a0871fd53f2a0dd8aa6c9b4992ef79173a92abd3e3eb50d735f387a5480fe02
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 09 Feb 2022 14:12:24 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:14:26 GMT
server
nginx
etag
"12ee6ef1873b9435"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2018/12/Scr4_Microsoft-Office_free-download.jpg>; rel="canonical"
content-length
19784
expires
Fri, 31 Mar 2023 01:14:26 GMT
Microsoft-Office-Professional-Plus-2019-Free-Download.jpg
i3.wp.com/filecr.com/wp-content/uploads/2019/05/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i3.wp.com/filecr.com/wp-content/uploads/2019/05/Microsoft-Office-Professional-Plus-2019-Free-Download.jpg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
9cdfe09791d2560f2b183c76ff6504e28187ba36ffd71f90edb919391c98a88b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Wed, 09 Feb 2022 14:12:24 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:10:21 GMT
server
nginx
etag
"ac31c92d10403e98"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2019/05/Microsoft-Office-Professional-Plus-2019-Free-Download.jpg>; rel="canonical"
content-length
36552
expires
Fri, 31 Mar 2023 01:10:21 GMT
icon-avatar.svg
filecr.com/wp-content/themes/filecr/assets/images/ 		570 B
936 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://filecr.com/wp-content/themes/filecr/assets/images/icon-avatar.svg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
a83b1f3e821e72ac43110a8762ab91f070fca6c426c95e30c845b6c894f8848f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4091
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"23a-5cc72c9e32d40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t9MqBuv%2FyIORgxD4EOd81rhTqCJwWS%2B55XlRh%2F9VBoPw%2Ffv4DkQfXuMxfWqoWNPloYTqcOXzFXoHKVynjCbURuTgOkHJnX4%2Bthp82r5cw55EPqC6Fq%2F5aCDFMiHJMQoRZZf%2F4moRFqq2"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
x-accel-version
0.01
cache-control
max-age=31536000
cf-ray
6dadb1463ae4746c-LHR
adobe-robohelp.png
i3.wp.com/filecr.com/wp-content/uploads/2021/03/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i3.wp.com/filecr.com/wp-content/uploads/2021/03/adobe-robohelp.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
7ad41489fea53c41286c8548a22aeabc91438558b2fbc10866d8b56321ad114f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 09 Feb 2022 14:12:24 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:22:04 GMT
server
nginx
etag
"da3bd1562b0824b4"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2021/03/adobe-robohelp.png>; rel="canonical"
content-length
3244
expires
Fri, 31 Mar 2023 01:22:04 GMT
doro-pdf-writer-logo.png
i1.wp.com/filecr.com/wp-content/uploads/2020/09/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/filecr.com/wp-content/uploads/2020/09/doro-pdf-writer-logo.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
5a1e1ea4371d2ed657a43e16e36e1f3dc272d51711d5af9c80fec27663333413
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 09 Feb 2022 14:12:24 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 14:21:59 GMT
server
nginx
etag
"dda0e6bd5e84d03c"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2020/09/doro-pdf-writer-logo.png>; rel="canonical"
content-length
2808
expires
Fri, 31 Mar 2023 02:21:59 GMT
Affinity_Publisher_Logo.png
i3.wp.com/filecr.com/wp-content/uploads/2020/10/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i3.wp.com/filecr.com/wp-content/uploads/2020/10/Affinity_Publisher_Logo.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
25b496003bedfabd2cf715329e2601f329ab5fc39ec66418684ae58e33439fc2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Wed, 09 Feb 2022 14:12:24 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:02:23 GMT
server
nginx
etag
"020b1689786d02eb"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2020/10/Affinity_Publisher_Logo.png>; rel="canonical"
content-length
5118
expires
Fri, 31 Mar 2023 01:02:23 GMT
modern-csv-logo.png
i1.wp.com/filecr.com/wp-content/uploads/2020/04/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/filecr.com/wp-content/uploads/2020/04/modern-csv-logo.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
37517faf41bdf9781fae236c13b3d855c3f4b233f2adf8e2f96b4f180f3304ee
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Wed, 09 Feb 2022 14:12:24 GMT
x-content-type-options
nosniff
last-modified
Thu, 01 Apr 2021 04:51:20 GMT
server
nginx
etag
"d11ca0f54c5a5ba2"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2020/04/modern-csv-logo.png>; rel="canonical"
content-length
3314
expires
Sat, 01 Apr 2023 16:51:20 GMT
pdfcompressor-cl-logo.png
i1.wp.com/filecr.com/wp-content/uploads/2020/07/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/filecr.com/wp-content/uploads/2020/07/pdfcompressor-cl-logo.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
fd8748fa72d75a8bf30df88eb29b37837a46a38318cd0b21a649d16aad82cbbc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Wed, 09 Feb 2022 14:12:24 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:32:56 GMT
server
nginx
etag
"a421bbb115a7c6f6"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2020/07/pdfcompressor-cl-logo.png>; rel="canonical"
content-length
1906
expires
Fri, 31 Mar 2023 01:32:56 GMT
extension-feature-image.png
i1.wp.com/filecr.com/wp-content/themes/filecr/assets/images/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/filecr.com/wp-content/themes/filecr/assets/images/extension-feature-image.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
0e88ad62ff0a0c72ef67e1daf40764b12861d27f3c7d1ddce8e7124d69621d59
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 09 Feb 2022 14:12:24 GMT
x-content-type-options
nosniff
last-modified
Mon, 24 May 2021 11:51:17 GMT
server
nginx
etag
"d80f3bfe22caf697"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/themes/filecr/assets/images/extension-feature-image.png>; rel="canonical"
content-length
10528
expires
Wed, 24 May 2023 23:51:17 GMT
script.js
filecr.com/wp-content/plugins/advanced-ads-responsive/public/assets/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/plugins/advanced-ads-responsive/public/assets/js/script.js?ver=1.10.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
8af0b5fd87f0cf0c57915fb6094244ca5c108f21c063fd6917ee809259ae3a97

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6389
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 07 Jul 2021 11:56:39 GMT
server
cloudflare
etag
W/"60e59677-b92"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6sy3grreQsh1oLTgA8c%2FRFEfMmMFw9QGUv8O5zL2accAiYcw1lJ7vLAEg95HRwo1rF94Mero89Y4MATkS%2BPpADGadYSrAvbEooOm4lPh1OMiTJZ3qYO%2FO6HueB0rNTiWP0%2BD2EQaj1%2BR"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=2962
cf-ray
6dadb1462abc746c-LHR
cf-bgj
minify
ads.js
filecr.com/wp-content/plugins/deblocker/js/ 		126 B
697 B 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/plugins/deblocker/js/ads.js?ver=3.1.0
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
3dbfe6eda0abf69eb1901f4696d5daf4e276cb6dd8c30dfaa26b724b60251635

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6423
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sun, 21 Mar 2021 11:33:20 GMT
server
cloudflare
etag
W/"33f-5be0a50e9c000-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sXd2BgLE4A611weApRX%2FKTMdaWheDBnMeKwS7Y0hTKCk5LRLwiClwlitd1W3%2BoG5iDVqM0W9vqsbJVNa0ByfEvgaPy%2Bm43p%2B%2BlDkWZ93E%2FOKkSm%2FXj3OzuYn8NQevFcy8xEOmDixo0gc"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-accel-version
0.01
cache-control
max-age=31536000
cf-polished
origSize=831
cf-ray
6dadb1462ac0746c-LHR
cf-bgj
minify
advanced-ads-pro.min.js
filecr.com/wp-content/plugins/advanced-ads-pro/assets/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/plugins/advanced-ads-pro/assets/js/advanced-ads-pro.min.js?ver=2.16.0
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
308c252b2381b887baf74268990c582643dbdaad9e9b332d158112745e2c65ea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6026
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Feb 2022 21:42:10 GMT
server
cloudflare
etag
W/"61fc4c32-1620"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=al%2FkQRv8vfmedFBKxwDsRkyQvnQLdJfpy1y2fejZ6cFudGFK3VJ2mKlgyLNPIIO3EuB2RV6BWA%2BuxRJbgomQ5QdqyTEljQCBKVsGIi%2BuvSntF2ilwa%2FbrmK05jgTy101qP%2FIcjBAET4I"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb1463ad5746c-LHR
comment-reply.min.js
filecr.com/wp-includes/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-includes/js/comment-reply.min.js?ver=5.9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1256
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 26 Jan 2022 21:21:40 GMT
server
cloudflare
etag
W/"61f1bb64-ba3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VGUufD3oevWg6Gscsqr4cN63L265vhsTNr7dAdHhEV7fVR8vF%2Ftbvn5L9bHVvGjveFW01YeNEgk19A%2Fu1lTaH4YIrWPtWee5CWJ74ysWA6PMnpcovN%2F8InF0VdZCX8ROvHBBfEhl2jp3"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb1463ad6746c-LHR
script.js
filecr.com/wp-content/themes/filecr/assets/js/ 		272 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/js/script.js?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
11cd1e1d49bf0a95c35aeb868dd4673260a225078ed2e054ed0fa6a8cb64e99e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4092
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-4d0f6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZgZEh5b6Rs33YaAx1OdjvEH9sHFwBih%2BUHSJG7XKMRg8VtJlaQ4H6%2Fnen6ig6euGyRAvW%2FH1bFbIq%2F%2Ba2LaNZFKjHfZwVCMX2zzFa7gNrWSS0onRJEocU%2BtVJt5L2U2Y5I04F1E4IXtI"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=315638
cf-ray
6dadb1463ad8746c-LHR
cf-bgj
minify
ratings.js
filecr.com/wp-content/themes/filecr/assets/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/js/ratings.js?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
3e4609b61e3f7b1135d9d5dac5113fdeccf8085478d37cea8ea11cf63034e8af

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5687
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-f89"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xud3y%2Ba7gAijTl72YtcZ8lbsCrSfg0oKWW09UTUcGSGBiUa3WV%2BEZNVUyqGL4ZMAmt7jYMWK1Pn0xhS5BLs8JoitKI7d0ZWJw%2BvExoDw504F3zWPfgOvDYX0EHR%2Bn%2Fo54yAzWxBsP96Z"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=3977
cf-ray
6dadb1463ad9746c-LHR
cf-bgj
minify
confirm.js
filecr.com/wp-content/themes/filecr/assets/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/js/confirm.js?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
89e267039d32f778ee14f762d623290ef56cc3965c0d8843a9f81d5748322d72

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5687
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-842"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yQfSngp9yzqA4GK%2B80A0uMYlY26GosKiIi7FlLw%2F7GBV94NWqF0pFd1pTR8OeNg2C26R6KcOkA%2F5%2BG7tlq2rqsYGhm5qpgJgj7E2asKdn7fr8rkO%2BJJRQAQypqNdackvGc%2FUZ6%2BfdJa6"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=2114
cf-ray
6dadb1463adc746c-LHR
cf-bgj
minify
ext-notification.js
filecr.com/wp-content/themes/filecr/assets/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/js/ext-notification.js?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
15e116457c9d49a0e37d9128e98dd0da56c3413408aeb2e49903e490e98fc7c7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6423
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-88e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pwnvGL5WLa0r81lgUFEhgRd7nRWNSTUoTnTIyYSTvrNHPGiPOkryQdhUikVAgP%2BX0ex7IZvIBBeoshHgyLGVJFjXQboMSrDJkw3oPL59lHB978LQnrjOwNp6Wwmx66fmC%2FvfXcJbnn4S"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=2190
cf-ray
6dadb1463add746c-LHR
cf-bgj
minify
custom-front.js
filecr.com/wp-content/themes/filecr/assets/js/ 		13 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/js/custom-front.js?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
e2b0c644e90d90d54a55d3c7dd7dde3f8897a92f18ee6d69d74d5cab0167405e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5687
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-47ff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a01iFrYgEFtGSsMPiVQ%2FhXz7mnXiOeCxuN41xtGLel2nqYvjbXO49cFX%2Bq1ezOW5gDJxxdbHooi03rkARMCOFl7LBvCRIc8UmlOZFzeer4GSEeDFq95YDq8rksw12vv2ljzfN0IxFPW2"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=18431
cf-ray
6dadb1463ade746c-LHR
cf-bgj
minify
ext.js
filecr.com/wp-content/themes/filecr/assets/js/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/js/ext.js?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
e60ebb7a34b9e7d06c9c4ddf4a44eb523b03f2826b34159f04a86996625c0a21

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5687
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-36a2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1C7Ur1Zc4NJFMH%2Be40Js2%2BdiXz4iH4lzWZN8xhGhSeNAoc20D9kv8MEqXKnLZqCfWIWadKpZODfk1b8YlBEdAY1kK433rGxOQ6tcZCchg0xOPJQl6EqrQIPBja%2Ff2Hrud%2BHKZo2HfuC5"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=13986
cf-ray
6dadb1463ae1746c-LHR
cf-bgj
minify
base.min.js
filecr.com/wp-content/plugins/advanced-ads-pro/assets/js/ 		72 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/plugins/advanced-ads-pro/assets/js/base.min.js?ver=2.16.0
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
e0a340168a7bd755ec03f037b0890a5963c7d4e01a371f818828de8e009bf818

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6026
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Feb 2022 21:42:10 GMT
server
cloudflare
etag
W/"61fc4c32-11e76"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zjl65oFCejrIu341CKkYOX%2BHcgPbJuiWKn4H6bYg5FvLiSnCloaxTPZ1zJ%2BoNZOvPlNICsQFUXXvNA0n83shFKw4c%2FBiTufgXkEtB6sf78CoCVmROCcPRgDAFlqcshNk6pN%2Fx9NFA3Mr"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb1463ae2746c-LHR
wp-emoji-release.min.js
filecr.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6423
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 27 Jul 2021 13:25:43 GMT
server
cloudflare
etag
W/"61000957-4705"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B0ZJ%2FjZGvUUjhXL9NAxvy2cp8PEAwf58nmNhR86sfM8ia5%2B1xdsQNT6WXPWk2UDdWV7Mjqbmtc5jw4ACvk3%2F23JLlXVJwiWg4axIzCnNaCo5JlTnU3b1Ddcck6QsLSu3rxras3Bkx%2FN2"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb1463ae5746c-LHR
filecr.js
cdn4.buysellads.net/pub/ 		561 KB
191 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.31.29.32 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS
94.31.29.32.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
2cf0d2564f162230fdc845a7a56be4a41d5846bf8443af42e367722f6889548e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
gzip
last-modified
Tue, 08 Feb 2022 23:08:55 GMT
server
NetDNA-cache/2.2
x-amz-request-id
A1GCJYB9Q867P8K5
etag
W/"2facaa4268d4dfe4ec2a259c809bae25"
x-cache
HIT
content-type
application/javascript
cache-control
max-age=31104000
x-amz-id-2
82sXnkVRySz0zZ1VM4Jq0xTxd9EKk/v74V2Z8L7Wff4xxkOBFh9M0Vc+it8DW1RM32ur0dVqcjQ=
expires
Sat, 04 Feb 2023 14:12:24 GMT
section_headline_bg.png
filecr.com/wp-content/themes/filecr/assets/images/ 		127 KB
127 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://filecr.com/wp-content/themes/filecr/assets/images/section_headline_bg.png
Requested by
Host: filecr.com
URL: https://filecr.com/wp-content/themes/filecr/assets/css/style.min.css?ver=1.1.2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:3106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
1a41c5e9b082e36f905dac595fd7455bea77ddb041fa520320ada039522e55ec

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/wp-content/themes/filecr/assets/css/style.min.css?ver=1.1.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5568
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
129753
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
"6148e94d-1fad9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F3HuIU%2BUQmC1nSs5bONAbGrOh7%2F8UzBFZHsxqoNd7F272DjfGrLd%2FDbuAvlkZVEamSP8g%2FzTKUvFbGCXXYnOyLnHZX0uIrrMmQ8yAdaIbeiaJdMn7DWB3qAHXNLwfCmgzXoQQpeb4PTA"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
6dadb1464aee746c-LHR
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-139662474-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
452
date
Wed, 09 Feb 2022 14:04:52 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 09 Feb 2022 16:04:52 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/ 		289 KB
104 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3553508983172692
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d6b53be4a70b8548138a6bdb8e2667fb5df6b36cd28f35069b64c9c2420bb05d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
106377
x-xss-protection
0
server
cafe
etag
695211056848758975
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 09 Feb 2022 14:12:24 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7a31b0310331c8959b07a0fffd3bcbc1d7b67100ad78576323a5a0136146a080

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/svg+xml
Simple-Line-Icons.woff2
cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.5.5/fonts/ 		29 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.5.5/fonts/Simple-Line-Icons.woff2?v=2.4.0
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.5.5/css/simple-line-icons.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b139d2871e745eeca0ed22ce994df828a96faefe86aa5e47d06c58184845445
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.5.5/css/simple-line-icons.css
Origin
https://filecr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
499112
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
30064
timing-allow-origin
*
last-modified
Mon, 10 Aug 2020 15:57:38 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f316e72-7570"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=amIZf0%2FJyNbZYU1YzSC8Z9%2BODONOzTDOjP7gxMM8fGOy7SRpevu2VWnlzNOwe9SukOM%2BEQK5T%2B3su2yQfZrprY%2FKiG8BN%2Fh9W2KWKgMVUf6U9zXRi%2FEOqaQYEndP9ar%2BTO%2F%2FeLEEwqqwUCNnnq5%2B4W0%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6dadb147285b839a-MXP
expires
Mon, 30 Jan 2023 14:12:24 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220207/r20190131/ Frame 4D39 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220207/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3553508983172692
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4612
x-xss-protection
0
date
Tue, 08 Feb 2022 18:49:46 GMT
expires
Tue, 22 Feb 2022 18:49:46 GMT
cache-control
public, max-age=1209600
age
69758
etag
18247940800414524076
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gpt.js
www.googletagservices.com/tag/js/ 		79 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
da5241bc17f546e5ec891bd51d921431e6ac9b162ab52af93948f2666ba0b3fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27132
x-xss-protection
0
server
sffe
etag
"1126 / 44 of 1000 / last-modified: 1644408561"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 09 Feb 2022 14:12:25 GMT
acceptable.gif
cdn4.buysellads.net/ 		43 B
368 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn4.buysellads.net/acceptable.gif?ch=1&rn=6.211541789530192
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.31.29.32 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS
94.31.29.32.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
last-modified
Fri, 19 Jul 2019 16:45:51 GMT
server
NetDNA-cache/2.2
x-amz-request-id
J0M5TSJA4TX3XNNB
etag
"b4491705564909da7f9eaf749dbbfbb1"
x-cache
MISS
content-type
image/gif
cache-control
max-age=31104000
accept-ranges
bytes
content-length
43
x-amz-id-2
J4opKlSKkN2dEvh4USVpUQ4HxaRk45A8XuQHZmRBNIhVCRZ898g2LNTdKJrkjNrf1vFDj6pUfog=
expires
Sat, 04 Feb 2023 14:12:25 GMT
acceptable.gif
cdn4.buysellads.net/ 		43 B
368 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn4.buysellads.net/acceptable.gif?ch=2&rn=6.211541789530192
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.31.29.32 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS
94.31.29.32.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
last-modified
Fri, 19 Jul 2019 16:45:51 GMT
server
NetDNA-cache/2.2
x-amz-request-id
J0M7G01G5YR8WZKC
etag
"b4491705564909da7f9eaf749dbbfbb1"
x-cache
MISS
content-type
image/gif
cache-control
max-age=31104000
accept-ranges
bytes
content-length
43
x-amz-id-2
+OPJ3YS7/sZAEvOTaYQVwG4qPvBTRIz2iC7qsQsqozp4NW5eTH5LY9NAUByC+JDuSrilFMAztxA=
expires
Sat, 04 Feb 2023 14:12:25 GMT
comm
webcrx.io/extension/ Frame E15D 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://webcrx.io/extension/comm
Requested by
Host: filecr.com
URL: https://filecr.com/wp-content/themes/filecr/assets/js/ext.js?ver=1.1.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a969b6aad84c69a5a60aa38b1dc211818c0b713f020ae274424e7546c4169501
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-type
text/html; charset=utf-8
x-dns-prefetch-control
off
strict-transport-security
max-age=15552000; includeSubDomains
x-download-options
noopen
x-content-type-options
nosniff
x-xss-protection
1; mode=block
access-control-allow-origin
*
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kE0p6qi9qyUDEARLvgFOD3dKrZjiEJdiScAv28vVzr8HaKvu1gW75MTtS40AwClJJACGHBYzbQw95YbTcoCVHgII8sVU09MYFJcwYIixlYm6Q9m2aatdsxGIF%2FoHTddvQmh6%2BKGqajY%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6dadb14938b03747-MXP
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		153 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1f962975afbcd526f4b0c7aca653c645350b53849552c38fd839b76ef9a74b4e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53669
x-xss-protection
0
server
cafe
etag
8951223146956038626
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 09 Feb 2022 14:12:25 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1042172742&t=pageview&_s=1&dl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&ul=en-us&de=UTF-8&dt=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=273240178&gjid=956174637&cid=752414008.1644415945&tid=UA-139662474-1&_gid=429487929.1644415945&_r=1&gtm=2ou270&z=992014467
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:25 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://filecr.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
checksync.php
contextual.media.net/ Frame 4E1F 		21 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CU5IBM9S&prvid=77%2C184%2C188%2C226%2C246%2C2033%2C3018&itype=HB-CM&rtime=9&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
93bb566051f9f593daa37a036a4d9c8d64c82394911c0aa519f81f654d44b9bd
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Fri, 11 Feb 2022 14:12:25 GMT
date
Wed, 09 Feb 2022 14:12:25 GMT
content-length
7832
rtbsmpubs.php
contextual.media.net/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/rtbsmpubs.php?&gdpr=1&gdprconsent=0&usp_enf=0&usp_status=0&cid=8CU5IBM9S&region=nv&ptrid=8PR6J4JSU&requestString=427153974*9%7C270x416%7C8CU709Q2E%7C158962444%7C&crid=427153974&sd=-1&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&bl=1&rt=5&dn=https://filecr.com&https=1&act=headerBid&prvReqId=185066908794066971644415945211&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.04942953412828599&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A5485%7D&itype=HB-CM&cc=DE&rc=HE&ct=FRANKFURT&bt=1&gcp=1&isRefresh=0&callback=window.hbCMBidxc.rtbsheaderBid3S0
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5cf7f3955d0914e13f87bd8b102f2ebdd67153eb9111ad01101f5d550b00895c
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Wed, 09 Feb 2022 14:12:25 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*
content-length
973
x-mnet-hl2
E
expires
Wed, 09 Feb 2022 14:12:25 GMT
fcmain.js
contextual.media.net/2312347176/ 		93 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/2312347176/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU709Q2E&cpcd=J4KyVMDqN4ojQ3TohxUIjg%3D%3D&crid=158962444&size=270x416&cc=DE&chnm=Filecr&https=1&vif=1&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&nse=5&vi=1644415944504256994&lw=1&ugd=4&rtbs=1&hlt=1&dfp=1&nb=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
78764511d26b95603faa6e3ebee8a8f23df0cd2b694f7a0966d7720f53fe65e7
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
x-mnt-hl2
8-35
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
date
Wed, 09 Feb 2022 14:12:25 GMT
x-mnt-w
8-18
content-length
25974
expires
Wed, 09 Feb 2022 14:12:25 GMT
gpt.js
www.googletagservices.com/tag/js/ Frame D318 		79 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05c212f90103f69a4500957f49c6a92f82f755e0c08188eb4ecbe243d03bd7fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27136
x-xss-protection
0
server
sffe
etag
"1126 / 618 of 1000 / last-modified: 1644408561"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 09 Feb 2022 14:12:25 GMT
rtbsmpubs.php
contextual.media.net/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/rtbsmpubs.php?&gdpr=1&gdprconsent=0&usp_enf=0&usp_status=0&cid=8CU5IBM9S&region=nv&ptrid=8PR6J4JSU&requestString=943717648*9%7C300x600%7C8CU709Q2E%7C855267286%7C&crid=943717648&sd=-1&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&bl=1&rt=5&dn=https://filecr.com&https=1&act=headerBid&prvReqId=203352195219172671644415945223&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.8883822979390361&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A5485%7D&itype=HB-CM&cc=DE&rc=HE&ct=FRANKFURT&bt=1&gcp=1&isRefresh=0&callback=window.hbCMBidxc.rtbsheaderBid4S0
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
102cba718e1d43a5bc72e19330595ed8e9fb022cdf86e7d9d9f4340a406da15b
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Wed, 09 Feb 2022 14:12:25 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*
content-length
1737
x-mnet-hl2
E
expires
Wed, 09 Feb 2022 14:12:25 GMT
fcmain.js
contextual.media.net/2312347176/ 		80 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/2312347176/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU709Q2E&cpcd=J4KyVMDqN4ojQ3TohxUIjg%3D%3D&crid=855267286&size=300x600&cc=DE&chnm=Filecr&https=1&vif=1&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&nse=5&vi=1644415944811828296&lw=1&ugd=4&rtbs=1&hlt=1&dfp=1&nb=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1d85b430ebc4bda8d9852b759a7eaeed811726c0893c256eca1a140dc8342f67
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
x-mnt-hl2
8-35
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
date
Wed, 09 Feb 2022 14:12:25 GMT
x-mnt-w
8-19
content-length
16250
expires
Wed, 09 Feb 2022 14:12:25 GMT
gpt.js
www.googletagservices.com/tag/js/ Frame 4E6E 		79 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05c212f90103f69a4500957f49c6a92f82f755e0c08188eb4ecbe243d03bd7fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27136
x-xss-protection
0
server
sffe
etag
"1126 / 606 of 1000 / last-modified: 1644408561"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 09 Feb 2022 14:12:25 GMT
bping.php
lg3.media.net/ 		0
0
bping.php
lg3.media.net/ 		0
0
cookie.js
partner.googleadservices.com/gampad/ 		214 B
644 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=filecr.com&callback=_gfp_s_&client=ca-pub-3553508983172692
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
fd838d775534e1d2eef7b894fdd1a43b2ab6a10e22a7d1e01fee489ee683d9d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
200
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=filecr.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=filecr.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&tn=DIV&id=site-alert&cls=alert%20fixed&ign=false&pw=1600&ph=1200&x=1575&y=1175
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:25 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 1ECA 		159 KB
44 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&adk=1812271804&adf=3025194257&lmt=1644415945&plat=1%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944785&bpp=9&bdt=274&idt=469&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=736225061094&frm=20&pv=2&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=483
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2e0d3d947e352263e2f0fce1851654d434e04ec6d6dd16ac16da195a87dd2bb6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:12:26 GMT
server
cafe
content-length
44587
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:12:26 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 5D90 		86 KB
31 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
64bd840051fe9afbe7981b1bd8f9e637936c9d6279225792c12777f9a45806c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:12:25 GMT
server
cafe
content-length
31486
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:12:25 GMT
cache-control
private
pubads_impl_2022020301.js
securepubads.g.doubleclick.net/gpt/ 		351 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
sffe /
Resource Hash
05ed7424c6f3c3d2aec5dfe7fa92e5f617afe58a01666c1c584d342a8b57a0e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 12:32:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6002
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122037
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 09:34:49 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 09 Feb 2023 12:32:23 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		29 B
681 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=filecr.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
f312a20c6132b5c1b0ea46ee9d034b4ad198ceefbcf46b8e22672d4604182da5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45
x-xss-protection
0
expires
Wed, 09 Feb 2022 14:12:25 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 6416 		57 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b880838d99cc0b9b97b8d416226cc78a0006e7fcec7b1b17753c1ef5619b3bce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-expose-headers
x-google-amp-ad-validated-version
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:12:25 GMT
server
cafe
content-length
12242
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:12:25 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame EB15 		89 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a358037cf18c7e7f0f4b43b021713716ca3716cf13fb660475880f1ddd5189e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:12:26 GMT
server
cafe
content-length
23473
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:12:26 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame D3C5 		69 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25ef19f52907680cb9b29f6416c5232ee1ed0e56e54e3c1c063ce12952d64cd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-expose-headers
x-google-amp-ad-validated-version
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:12:25 GMT
server
cafe
content-length
17544
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:12:25 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame E876 		129 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
14f9a668e447705f6a189ebcd556ff41d49630cfc8501d50aa6c422f6427c9a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:12:26 GMT
server
cafe
content-length
34233
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:12:26 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame E41D 		65 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3ad4ed8891fc05ebc7e86fc94c8fdd5fcbd1a9fd7c32c45488e77e49165a25d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:12:25 GMT
server
cafe
content-length
20813
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:12:25 GMT
cache-control
private
pubads_impl_2022020301.js
securepubads.g.doubleclick.net/gpt/ Frame 4E6E 		351 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
sffe /
Resource Hash
05ed7424c6f3c3d2aec5dfe7fa92e5f617afe58a01666c1c584d342a8b57a0e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 12:32:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6002
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122037
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 09:34:49 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 09 Feb 2023 12:32:23 GMT
pubads_impl_2022020301.js
securepubads.g.doubleclick.net/gpt/ Frame D318 		351 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
sffe /
Resource Hash
05ed7424c6f3c3d2aec5dfe7fa92e5f617afe58a01666c1c584d342a8b57a0e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 12:32:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6002
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122037
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 09:34:49 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 09 Feb 2023 12:32:23 GMT
localstore.js
script.4dex.io/ 		483 B
940 B 		Script
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1207254
x-amz-request-id
txfd1c77a515734f94831ab-0061f15fee
x-amz-id-2
txfd1c77a515734f94831ab-0061f15fee
last-modified
Wed, 26 Jan 2022 14:43:29 GMT
server
cloudflare
etag
W/"922cffdd75f7192f75231d92684885aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M5ZIoXrsEi56AgAvpKM8tswrS4JgVHQAPcCTonoefJ%2Bx%2BkyFcjrctUGd35zUNeqyeAtqjJY5G%2BJ2UxyrwUzxrAZkQlkHAUGhZb0cDdvzvZ5cthQjaBAM6X4MVsdFmi3gx2UYbBQSo9EhniPK"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=1800
x-amz-version-id
1643208209303360
cf-ray
6dadb14c683959f5-MXP
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		356 B
702 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&CanonicalUrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%2F&PublisherDomain=https%3A%2F%2Ffilecr.com
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.255.84.150 Paris, France, ASN200271 (IGUANE-, FR),
Reverse DNS
Software
ayl-lb-fra02 /
Resource Hash
c7c64db5541d36c15a5943febaa583a41956f9036aca8d4018fc30bfaff7d282
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:25 GMT
x-content-type-options
nosniff
server
ayl-lb-fra02
vary
Accept-Encoding
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://filecr.com
access-control-max-age
3600
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
12
access-control-allow-headers
Accept-Encoding, Content-Type
content-length
356
expires
0
prebid
ib.adnxs.com/ut/v3/ 		144 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
7f60440f795d0babe149abcf7d0c65bc1a92690091a6c38ea876125e9382f659
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:25 GMT
X-Proxy-Origin
217.64.151.7; 217.64.151.7; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
6b1b49b5-7cc9-4d9c-b5e4-bca8dcec6bf7
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://filecr.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
auction
tlx.3lift.com/header/ 		19 B
276 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=4.43.0&referrer=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&tmax=900
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.29.201 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-29-201.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:25 GMT
x-auction-status
12
content-type
application/json; charset=utf-8
access-control-allow-origin
https://filecr.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
display
mantodea.mantisadnetwork.com/prebid/ 		56 B
336 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/display?tz=0&buster=1644415945560&secure=true&version=9&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&measurable=true&bids[0][bidId]=108f6ea177008fb&bids[0][config][property]=6115725d81c45d000f945f3e&bids[0][config][zone]=FileCR_S2S_Leaderboard_ROS_ATF&bids[0][sizes][0][width]=728&bids[0][sizes][0][height]=90&bids[0][sizes][1][width]=970&bids[0][sizes][1][height]=90&bids[0][sizes][2][width]=970&bids[0][sizes][2][height]=250&property=6115725d81c45d000f945f3e&foo
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.174.217.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-174-217-176.compute-1.amazonaws.com
Software
/ Express
Resource Hash
1596e3a78579af92e80d3c0925bc63dd76f53a030d57c6d9f9d103ed5370eb04

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:25 GMT
x-powered-by
Express
etag
W/"38-I0apwJWgR4toPm0MTWNffE1ctdQ"
vary
Origin
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://filecr.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
56
expires
-1
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969544017c7c276e6e27f4ecfe0019&pos=8a9691a0017c7c276934280b04cd001d&cmd=bid&secure=1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
106e6c2a3fd264d24879fe3df09967c85891d0dde07eadca2d31f238a98edde2

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://filecr.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969544017c7c276e6e27f4ecfe0019&pos=8a969544017c7c276e6e280a57d4001b&cmd=bid&secure=1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
27515e7afe6e418b001b5bc8a8f01ffaf0b81a7c6994b03291ef695516cee1bc

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://filecr.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
288 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969544017c7c276e6e27f4ecfe0019&pos=8a969d17017c7c2764ee2809e73b0016&cmd=bid&secure=1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
ddc3772d74cdeb770e11649cd2679380f1ec494f1b2df549a20ed283bb8a3f88

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://filecr.com
access-control-allow-credentials
true
content-length
62
prebid
mp.4dex.io/ 		99 B
571 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae56c6f105f24f8bad1d41c33577c2e023bef42a7bb9c181d8e4acfd99ee65aa

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

cf-ray
6dadb14c890159a1-MXP
pragma
no-cache
date
Wed, 09 Feb 2022 14:12:25 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://filecr.com
expires
0
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-encoding
gzip
x-err
Validating the Prebid Request adunits. Sampled or No valid non-debug AdUnits
prebid-request
onetag-sys.com/ 		15 B
357 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin
https://filecr.com
cache-control
no-transform, no-cache
access-control-allow-credentials
true
content-type
application/json
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
110 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.192.113.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-113-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://filecr.com
date
Wed, 09 Feb 2022 14:12:25 GMT
access-control-allow-credentials
true
vary
Origin
adreq
ads.servenobid.com/ 		645 B
679 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/adreq?cb=6953
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.68.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-68-215.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b3b3cf311d2b774d91ca43aa14f3b72a59c125b9896d6c395e29fd201aa971e4

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://filecr.com
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
fastlane.json
fastlane.rubiconproject.com/a/api/ 		306 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=386922&zone_id=2155654&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!buysellads.com,13694,1,,,&rf=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&tk_flint=pbjs_lite_v4.43.0&x_source.tid=f7a25628-331e-4bf1-8418-66f324fa1c3a&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7440733451330865
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
6b009f75c514b89017144dcf804575cb6dd93a8f26ec93abe801a6b6772cc2e7

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:25 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://filecr.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
306
Expires
Wed, 17 Sep 1975 21:32:10 GMT
cdb
bidder.criteo.com/ 		18 B
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.43.0&cb=85849592294
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://filecr.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
44
integrator.js
adservice.google.de/adsid/ Frame D318 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=filecr.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame D318 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=filecr.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame D318 		480 B
311 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=870105772489136&correlator=4028408188741702&output=ldjh&impl=fif&eid=44752541%2C44758228&vrg=2022020301&ptt=17&npa=1&sc=1&sfv=1-0-38&ecs=20220209&iu_parts=45361917%2C8CU709Q2E-158962444-Filecr_Subpage_KW_Unit_2_Imagizer&enc_prev_ius=%2F0%2F1&prev_iu_szs=240x400&prev_scp=crid%3D158962444%26mnet_segment%3D0.00%26mnet_variant%3D50%26pub_domain%3Dfilecr.com%26mnet_cc%3DDE&eri=4&cookie=ID%3Dfad8f577559e4736-2219d0163bcd00f5%3AT%3D1644415945%3ART%3D1644415945%3AS%3DALNI_MbPF5RblASjlZMcGOmwW8WKN6WFhg&cdm=filecr.com&bc=31&abxe=1&dt=1644415945616&dlt=1644415945215&idt=304&ea=0&frm=23&biw=1600&bih=1200&isw=240&ish=400&oid=2&adxs=1103&adys=2737&adks=1402028754&ucis=jknx1440yb9m&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&nhd=1&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&loc=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&top=filecr.com&vis=1&scr_x=0&scr_y=0&psz=240x0&msz=240x0&ga_vid=752414008.1644415945&ga_sid=1644415946&ga_hid=274853148&ga_fc=true&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
70eb9820f1f0bb51f7c41cf924adc95b5fe18c0584c3d87763c7a2dd0588df34
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
281
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://filecr.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame D318 		13 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022020301&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9f7b253187b439b02425274f9d72a7257207e19f92adf5758ac7eeb6e2f5cb2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9797
x-xss-protection
0
container.html
c0c9f98d816a1ef8d4eddcc82c44813c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3968 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c0c9f98d816a1ef8d4eddcc82c44813c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Wed, 09 Feb 2022 14:12:25 GMT
expires
Thu, 09 Feb 2023 14:12:25 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
integrator.js
adservice.google.de/adsid/ Frame 4E6E 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=filecr.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 4E6E 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=filecr.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame 4E6E 		494 B
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3279863451780736&correlator=4195250815089337&output=ldjh&impl=fif&vrg=2022020301&ptt=17&npa=1&sc=1&sfv=1-0-38&ecs=20220209&iu_parts=45361917%2C8CU709Q2E-855267286-Filecr_Homepage_KW_Unit_2_Right_Trail_Text_Only&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&prev_scp=crid%3D855267286%26mnet_segment%3D0.08%26mnet_variant%3D99%26pub_domain%3Dfilecr.com%26mnet_cc%3DDE&eri=4&cookie=ID%3Dfad8f577559e4736-2219d0163bcd00f5%3AT%3D1644415945%3ART%3D1644415945%3AS%3DALNI_MbPF5RblASjlZMcGOmwW8WKN6WFhg&cdm=filecr.com&bc=31&abxe=1&dt=1644415945645&dlt=1644415945225&idt=304&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=600&oid=2&adxs=1077&adys=3747&adks=3155232644&ucis=8wlsyweemded&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&nhd=1&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&loc=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&top=filecr.com&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&ga_vid=752414008.1644415945&ga_sid=1644415946&ga_hid=211087878&ga_fc=true&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
3c84439f49338eeb46b690c91605ff57d01ba38fad6bdb038833d1ef14e6fda8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
291
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://filecr.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 4E6E 		13 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022020301&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
34012066e84b48862a3bf8e20dd58b5df7ab54625ea46060c9f2827e0da2d80a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9924
x-xss-protection
0
container.html
5664fd4311393cd13a07214003eee7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 706B 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://5664fd4311393cd13a07214003eee7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Wed, 09 Feb 2022 14:12:25 GMT
expires
Thu, 09 Feb 2023 14:12:25 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
nrrV64488.js
contextual.media.net/48/ Frame FCB8 		91 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/48/nrrV64488.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
593ebc50af967aed389190da039e98318c661c139e628260d7f28bdc0612c195
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"d92bed54b54112a3f1dff6910592e8ef"
vary
Accept-Encoding
x-mnet-h
8-32
content-type
text/javascript; charset=utf-8
cache-control
max-age=1209600
date
Wed, 09 Feb 2022 14:12:25 GMT
content-length
30029
expires
Wed, 23 Feb 2022 14:12:25 GMT
truncated
/ Frame FCB8 		430 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc037f53507ee9ef7b334b632b85b88a4ed22128458f100200289626f159d67a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame FCB8 		107 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
Titillium_Regular.woff
res-a.akamaihd.net/__media__/fonts/Titillium_Regular/ Frame FCB8 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://res-a.akamaihd.net/__media__/fonts/Titillium_Regular/Titillium_Regular.woff
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
92.123.194.171 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-194-171.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
75308b2efe76fc8e98d623d0ade7ab164b8bfebfe00d1fc36687a0f50109f263

Request headers

Referer
https://filecr.com/
Origin
https://filecr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 09 Feb 2022 14:12:26 GMT
Last-Modified
Mon, 16 May 2016 10:39:41 GMT
Server
nginx
ETag
"5739a36d-74b0"
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
29872
sodar2.js
tpc.googlesyndication.com/sodar/ Frame D318 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:12:25 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 4E6E 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:12:25 GMT
nrrV64488.js
contextual.media.net/48/ Frame BA53 		91 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/48/nrrV64488.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
593ebc50af967aed389190da039e98318c661c139e628260d7f28bdc0612c195
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"d92bed54b54112a3f1dff6910592e8ef"
vary
Accept-Encoding
x-mnet-h
8-32
content-type
text/javascript; charset=utf-8
cache-control
max-age=1209600
date
Wed, 09 Feb 2022 14:12:25 GMT
content-length
30029
expires
Wed, 23 Feb 2022 14:12:25 GMT
log
hblg.media.net/ 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hblg.media.net/log?logid=awlog&pid=8PR6J4JSU&itype=HB-CM&dn=filecr.com&cid=8CU5IBM9S&svr=2022020912_198&servname=hbcm_na&gdpr=1&csex=2&suc=0&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=0&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001644415945718036448888327564&vsid=&sd=-1&gtd=400&inid=0&gfd=&cc=DE&sc=HE&ct=FRANKFURT&abte=gcp_w&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=0&vw=1600&vh=1200&pht=5485&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&lbr=0&floc_id=&floc_ver=&id_details=&mnkv=&pabte=&pbcm=0&pvid=9&prvAccId=855267286&prvApiId=8CU709Q2E&exid=31&pcId=0000EEA&pseat=&mowxReqId=203352195219172671644415945223&crid=943717648&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&plcmtt=0&rtime=60&dtc=nydc&rtbsv2=&mp_seg%3C%3E=44629%23%2344632%23%2344635%23%2360232%23%2346948%23%2315607%23%2315610%23%2315613%23%2317212%23%2317243%23%2324022%23%2354934%23%2353492%23%2360148%23%2361085%23%237685%23%237688%23%237691%23%2317152%23%2317191%23%2360208&apid=1&wsip=c10-mowx-web-31&ltime=414&abs=0&ae=0&ftr%3C%3E=&ssregion=&ssreqid=&sssvnm=&bdp=0.08&cbdp=0.08&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=unknown&dfpBd=0.08&nms=1&di=&dt=O&epc=855267286&ogbdp=0.08&s=1&snm=success&dbf=1&bdata=bid%3D0.08%7C%7Cvv%3D0%7C%7Css%3D1600x1200%7C%7Cogbid%3D0.08%7C%7Ccbdp%3D0.08%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cdtc%3Dnydc%7C%7Cabte%3Dgcp_w%7C%7Chsw%3D%25%25HAS_SECOND_WINNER%25%25&cmpid=148113&bId=&pcrid=8CU709Q2E-855267286-6-12&ruct=0&brs=&brr=&iurl=https%3A%2F%2Fiurl-a.akamaihd.net%2Fybntag%3F%26cid%3D8CU709Q2E%26crid%3D855267286%26size%3D300x600%26requrl%3Dhttps%253A%252F%252Ffilecr.com%252Fwindows%252Fmicrosoft-office%253F%2526query%253Dquery%252520value%2526id%253D6347414880&htps=0&ptype=27&pbidflr=0.00&exp=sce%3D1%7CssProfile%3D0%7Csfl%3Dfalse%7Cmd_rp%3D1%7CssBucket%3D0%7Cbfl%3D-100%7Cclt%3D0%7Cfl_rl%3D1%7Cdbr%3D1%7Ctkd%3Dnull&bfs=0&seat=&nbr=0&ba=79&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=0.08&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=82348763305905384_1558921479_943717648191&dStat=0&ogbid=0.08&acid=111774924011645641644415945223&act=headerBid&dtfdl=&dspltime=&ttfd=&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&adj1=0&adj0=0&adj2=0&adj3=0&patkey=&patint%3C%3E=&pc=&spSource=0&spIvt=3&spId=&spFst=0&spIsReq=3&spTo=3&top=0&btm=0&lft=0&rght=0&mx_SD=&mx_PC=1&mx_SPRIG=1&mx_UCC=2&mx_lr_seg_cnt=0&mx_GCID=0&mx_IAB2=1&mx_ip_exp_verd=&mx_vsGap=&mx_epbc=8CU709Q2E&mx_bsBucket=0&mx_ssProfile=0&mx_lr=0&mx_g_one_uid_sent=None&mx_uid_sent=0&mx_yhs_enabled=&mx_SC=1&mx_lr_seg_deal=0&mx_yhs_target_bidders=&mx_g_uid_cvrg=&mx_mrpp_key=adcode_hbcm&mx_maq_call=false&mx_divid=&mx_dfpadpath=&mx_g_uid_sent%3C%3E=&mx_BCN_BF=&mx_BCE=&mx_BCI=&mx_BCT=&mx_BCN_YHS=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=0&mx_supply_path=&mx_sbp=-10&mx_yhs_selected_deal=&mx_tgs=300x600&mx_TAS=&mx_asset_id=&mx_adnm=&mx_aurl_hc=0&mx_yhs_deal_sent=&mx_aqcpl_crid=4&mx_aabpc=0&mx_adid=&mx_nsz=1&mx_isLossNtf=false&mx_aurt=0&mx_gpid_sent=false&pgcatiab=IAB3-4&pgcatiab2=602&pgcatsprig=1344&gFunDl=false&ngFunDl=false&rDl=false&actltime=415&auMxTm=&brf=0&dcs=&dfpDiv=&dfpPos=&dfpAdPath=&lper=1&td=r%3Dstr%7Cab%3D0%7C&oyaf=0&sbdrid=98&ra_sz=300x600&tk=&sc_pvid=&sc_ogbdp=0&sc_adj1=0&sc_adj0=0&sc_adj2=0&sc_prspt=&sc_act=&sc_bdata=&sc_bdp=0&sc_cbdp=0&sc_bId=&sc_cat=&sc_cmpid=&sc_advId=&sc_advNm=&sc_advUrl=&udc=&rti=-1&rme=ADPTR&bbdrid=&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&kwrf=&epurl=
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.107.160.24 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-107-160-24.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.35.v20201120) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:25 GMT
server
Jetty(9.4.35.v20201120)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Wed, 09 Feb 2022 14:12:25 GMT
/
qsearch-a.akamaihd.net/log/ 		35 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qsearch-a.akamaihd.net/log/?logid=kfk&evtid=ybnwl&aid=c6b3a063f87d400fa203f4ad0d988c85&domain=filecr.com&price=0.08&cgid=26444&cid=148113&rid=3070704&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&cc=DE&td=c%3D148113%3B+dma%3D%3B+ugd%3D4%3B+ua%3DGOOGLE_CHROME%3B+bid%3D0.08%3B+r%3D&lid=&t=1644415945509&_ls=ybnca-manual-prod-687ff75779-znd8m
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
178.18.231.137 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:26 GMT
Server
Jetty(9.4.35.v20201120)
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
35
Expires
Wed, 09 Feb 2022 14:12:26 GMT
truncated
/ Frame BA53 		107 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
adagio.js
script.4dex.io/ 		71 KB
23 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7447c1664f6a06328cd895a4914acad40ad47827ebe00becbd570138ff7e785c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1207248
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-request-id
tx986efc69e6ee4096a9fbd-0061f15ff5
x-amz-id-2
tx986efc69e6ee4096a9fbd-0061f15ff5
last-modified
Wed, 26 Jan 2022 14:43:28 GMT
server
cloudflare
etag
W/"88567a823cfd2840dd0a3198b929d466"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1QEb0HEJYOmVG2TDf%2Fnpf2BWUznlJ50RcxqRT5ucT2xWUErm6ZLdndSmgewjwHkrcb5gkBsCpAO1piV2EVi%2B%2FrlXt9V%2BkHxTdl21BU5auvg0KK0U9jIhWQ4Fvs2lY9ehyJpOtq0M0j0A%2FfhE"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800
access-control-allow-credentials
true
x-amz-version-id
1643208208262354
cf-ray
6dadb14d3ce359b9-MXP
access-control-allow-headers
Authorization
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9BF5 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Wed, 09 Feb 2022 14:07:00 GMT
expires
Thu, 09 Feb 2023 14:07:00 GMT
cache-control
public, max-age=31536000
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
content-type
text/html
age
325
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame CDE4 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a2b961cdbeb5891ec78025c48044449471b83ff15667bdcd7322eaeac9817ae0
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-wTNEvuRbmmURQFK3yIIgYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Wed, 09 Feb 2022 14:12:25 GMT
date
Wed, 09 Feb 2022 14:12:25 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-wTNEvuRbmmURQFK3yIIgYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
512
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
TitiliumWebRegular.woff
res-a.akamaihd.net/__media__/fonts/TitiliumWebRegular/ Frame BA53 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://res-a.akamaihd.net/__media__/fonts/TitiliumWebRegular/TitiliumWebRegular.woff
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
92.123.194.171 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-194-171.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2f1779d6d7ce15adeb7dff619526eae00fadb9dfdd48de710c9c53af10980bf8

Request headers

Referer
https://filecr.com/
Origin
https://filecr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 09 Feb 2022 14:12:26 GMT
Last-Modified
Wed, 31 Aug 2016 16:41:12 GMT
Server
nginx
ETag
"57c708a8-6e80"
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
28288
92eebef1-5397-4602-946c-0b85d642112c.jpg
cvision.media.net/new/175x95/2/34/16/249/ Frame BA53 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/2/34/16/249/92eebef1-5397-4602-946c-0b85d642112c.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.102.28.29 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-29.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2b83e5bd7cd902d9d3e7fded60ac87e91040f56dd300a94bf93975ee3ce37b1b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
last-modified
Sat, 09 Nov 2019 05:39:56 GMT
server
nginx
accept-ranges
bytes
etag
"5dc6512c-3956"
content-length
14678
content-type
image/jpeg
0a4502f7-c165-4e41-9031-dd5235401e37.jpg
cvision.media.net/new/175x95/2/151/31/184/ Frame BA53 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/2/151/31/184/0a4502f7-c165-4e41-9031-dd5235401e37.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.102.28.29 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-29.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
dbfcc6490f64e44df4da2b366c50e819abc68cacdfcd81f8ec7f91c7ab35ff27

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
last-modified
Sat, 10 Oct 2020 14:00:15 GMT
server
nginx
accept-ranges
bytes
etag
"5f81be6f-3ba0"
content-length
15264
content-type
image/jpeg
39185a10-e37e-4dbe-ae64-74ff38fc0cae.jpg
cvision.media.net/new/175x95/2/76/13/28/ Frame BA53 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/2/76/13/28/39185a10-e37e-4dbe-ae64-74ff38fc0cae.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.102.28.29 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-29.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
074920ae6776d1b091a0f272dbc5394a6110c44bfbcbcaf0d03b1e1a7542bb4f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
last-modified
Sun, 18 Mar 2018 15:45:08 GMT
server
nginx
accept-ranges
bytes
etag
"5aae8984-315c"
content-length
12636
content-type
image/jpeg
7973bfc9-8e7c-4e57-acdf-3343fbdcef73.jpg
cvision.media.net/new/175x95/2/30/80/11/ Frame BA53 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/2/30/80/11/7973bfc9-8e7c-4e57-acdf-3343fbdcef73.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.102.28.29 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-29.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ca82c6fa96b1a93d64373634ea45406a6e35fdbb33e098f6356d3a68b95a05e8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
last-modified
Wed, 21 Mar 2018 03:19:23 GMT
server
nginx
accept-ranges
bytes
etag
"5ab1cf3b-3adf"
content-length
15071
content-type
image/jpeg
a4218008-4e5e-4613-846d-0a4e7204ef30.jpg
cvision.media.net/new/175x95/2/191/69/35/ Frame BA53 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/2/191/69/35/a4218008-4e5e-4613-846d-0a4e7204ef30.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.102.28.29 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-29.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
14b9d1a73f30fca18435b89371578edf53a3d609619a202f120e1085f93f8a08

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
last-modified
Sun, 22 Jul 2018 18:23:05 GMT
server
nginx
accept-ranges
bytes
etag
"5b54cb89-389c"
content-length
14492
content-type
image/jpeg
2393da97-3be1-4446-95e9-a7ccad450cce.jpg
cvision.media.net/new/175x95/2/132/44/160/ Frame BA53 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/2/132/44/160/2393da97-3be1-4446-95e9-a7ccad450cce.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.102.28.29 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-29.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
cfefa3f6b8f0bce5ce58f349d7b1dc101554c35b4e35c923b0c6db08cc79095a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
last-modified
Thu, 12 Aug 2021 13:28:01 GMT
server
nginx
accept-ranges
bytes
etag
"611521e1-406f"
content-length
16495
content-type
image/jpeg
7f309b72-d077-4387-9970-85558e203f8e.jpg
cvision.media.net/new/175x95/2/227/181/231/ Frame BA53 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/2/227/181/231/7f309b72-d077-4387-9970-85558e203f8e.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.102.28.29 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-29.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d8d01b8fe3135b49303b3241f2443d1911075ed546902965de0367d0b5544820

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
last-modified
Sun, 18 Mar 2018 21:32:33 GMT
server
nginx
accept-ranges
bytes
etag
"5aaedaf1-491e"
content-length
18718
content-type
image/jpeg
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 45BC 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Wed, 09 Feb 2022 14:07:00 GMT
expires
Thu, 09 Feb 2023 14:07:00 GMT
cache-control
public, max-age=31536000
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
content-type
text/html
age
325
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame C681 		783 B
743 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
734e4f290f94cfe581964eb14325a77b38b4f1c3204aeba975f3a9ecfc4b860a
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-SxWdXoL1H6+6cRfj+6dHTg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Wed, 09 Feb 2022 14:12:25 GMT
date
Wed, 09 Feb 2022 14:12:25 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-SxWdXoL1H6+6cRfj+6dHTg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012201141909000/ Frame 5629 		220 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8ade0d94aaf4b3d52776b75609e8d1c31995677a0a033a6fa2408425da07740
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
19410
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61542
x-xss-protection
0
server
sffe
date
Wed, 09 Feb 2022 08:48:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"00d9ef7efeb287da"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 09 Feb 2023 08:48:55 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 5629 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cb696ecd7c4f31fdd7c7c1cc37e8efc29614fbcbadf74f455aa496d72ce33250
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504067
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5698
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"919adc590e0ff503"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 5629 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-analytics-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc83fe6d180fd859f448bacd040799bf379ee7e0d9b1e6c3f19499c1c4358864
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504067
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29570
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"c52208c2e07002d5"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 5629 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-fit-text-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea29de07cdb14f2c6c59c06fdcd4ec30c2030b3ba8ee6a0aa325085496b9a94d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
48602
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1851
x-xss-protection
0
server
sffe
date
Wed, 09 Feb 2022 00:42:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"76a8c96b6aaec2c9"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 09 Feb 2023 00:42:23 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 5629 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-form-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7d040d5e84706dac2d471ad33830bd0ae361ca06e53e72e817701478c6d5afa
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
104619
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13611
x-xss-protection
0
server
sffe
date
Tue, 08 Feb 2022 09:08:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"7aefe3fe93cc7383"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 08 Feb 2023 09:08:46 GMT
amp-gwd-animation-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 5629 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-gwd-animation-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
521a8eaf8c4a2ba9501acfdf35b7d1ebb4bbb4c7aca2d4ee43e01984d73991e5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504067
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2661
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d259f7ea2431535d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
css
fonts.googleapis.com/ Frame 5629 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Noto+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6823285eb46b5b3f5c60cedb96d66a4d18bdc335096705d9f9c72aa681ddab5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 14:04:00 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Feb 2022 14:12:25 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Feb 2022 14:12:25 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5629 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
16247
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5629 		295 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
15560
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:53:05 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 5629 		0
21 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CwscnycsDYqnQFp2EnsEP-L2R2Aug8rzqYcGV1Z23D7_epZaPDhABINXClHVgleKQgqAHoAGp1ezCAsgBCakCncU3kVQosz6oAwHIAwiqBOcBT9BXkcGlx9UoVorqiEH83hD2Tm98Bp6T7FB7E7R5WfPi6POQE98W5ATf3YUUINYcP4LrxSy9YgaDMmrNO29JsKhyH3K83E2gQXq7sgHYsnu3XlcBV9exXyI7K4ppsgFMagUEssE8HcE9eIS8KILdy7b7n9M-Gy7tAZFKhBzyW8SsbLF62f4fpN1JYf3jnl0GzY9u1RKOESWuNovSfODUDyKdMVeKpHj89tkryK2b1sepnKxNjxpcr8BmgLZeqid4pAEdu8q293zCbW5L82sZGdANMgvia1ZInvQvzL8z_KRwTl_5u0DNwATI9srSrwOSBQQIBBgBkgUECAUYBKAGLoAHv6qTvQGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBDshxHSCAkIgOGAEBABGB-ACgHICwHYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItMzU1MzUwODk4MzE3MjY5MhgA&sigh=zc2gXsjrCTA&uach_m=[UACH]&template_id=419
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:25 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Wed, 09 Feb 2022 14:12:25 GMT
5f9ae9f190dbfc0010f28960.png
tpc.googlesyndication.com/sadbundle/7316940882382349146/ Frame 5629 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/7316940882382349146/5f9ae9f190dbfc0010f28960.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=332601648&adf=2102077386&pi=t.ma~as.8163293761&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=472&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=3645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=SeB9sbtk1d&p=https%3A//filecr.com&dtd=475
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47168af81d6da682065294d09fdd18596989831eee323959ac7d0646f7746a12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 13:18:18 GMT
x-content-type-options
nosniff
age
435247
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4889
x-xss-protection
0
last-modified
Fri, 18 Dec 2020 13:50:58 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 04 Feb 2023 13:18:18 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame C681 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022020301&jk=3279863451780736&rc=
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ Frame CDE4 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022020301&jk=870105772489136&rc=
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers
css
fonts.googleapis.com/ Frame 5D90 		6 KB
743 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 13:06:32 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Feb 2022 14:12:25 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Feb 2022 14:12:25 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 5D90 		1 KB
875 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:01:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
671
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
848
x-xss-protection
0
server
cafe
etag
2277666839114365613
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:01:14 GMT
VnTavz0N7mR8nqB23LNAZAPutaELHNP8vFQVuCwP3pA.js
pagead2.googlesyndication.com/bg/ Frame 9BF5 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/VnTavz0N7mR8nqB23LNAZAPutaELHNP8vFQVuCwP3pA.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5674dabf3d0dee647c9ea076dcb3406403eeb5a10b1cd3fcbc5415b82c0fde90
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 11:12:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
10794
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13746
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 11:12:31 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/ Frame 5D90 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:59:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
781
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7817
x-xss-protection
0
server
cafe
etag
7051432691878289762
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:59:24 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 5D90 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:51:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1263
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:51:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 5D90 		124 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cecd27ce9737114e23fa8dda3be3041f7c36cdafd31822d2e5bae793669bd13f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644237382599929"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:12:25 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 5D90 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:49:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1347
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:49:58 GMT
ff20f166b0acb5bbc58563e896201b58.js
www.gstatic.com/mysidia/ Frame 5D90 		27 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/ff20f166b0acb5bbc58563e896201b58.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
60b6fb70c39877b90333526914dbc0d47052cd8c4c298c421aaee2f9d6b48bcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 05:35:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
30990
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11452
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 06:53:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 10 May 2022 05:35:55 GMT
VnTavz0N7mR8nqB23LNAZAPutaELHNP8vFQVuCwP3pA.js
pagead2.googlesyndication.com/bg/ Frame 45BC 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/VnTavz0N7mR8nqB23LNAZAPutaELHNP8vFQVuCwP3pA.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5674dabf3d0dee647c9ea076dcb3406403eeb5a10b1cd3fcbc5415b82c0fde90
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 11:12:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
10794
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13746
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 11:12:31 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 5D90 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CD9_XycsDYtTPFta6kdUPzMKWuAvBku-EaLyyy53GDuaZx7zUDhABINXClHVgleKQgqAHoAGp1ezCAsgBCakCncU3kVQosz6oAwHIA8sEqgTrAU_Qz_YuGrtySkrJLeBX6RBEI_SuTjFTExD35c8EO1JRFUuwNj1brRPS3EjT_g8Thw0nud6XeucQyy08ewi_wYOA79pWxzKcpZf7pcYxiZYb8DMOc8UkYzI76bG8uJfOiWm-ytwFWu1gHnRyG6w2U3BBPQsPem_kTMBE2zdXakzuDTxKVP-4AAAjUl6W278w3RLAoawx2dYZsIOu5-djY9KQ0frJ_XyzRYag8ctD2opROBo51RPCCug_8bJqvti3AGb4EyJXehakDWB9UN7zT-tvkbViC3VjT6kXuwt7Z7Em9mBdkPVSamG1clLABOjKztnxA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAe_qpO9AagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcFEN7TjwHSCAkIgOGAEBABGB-ACgHICwHYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItMzU1MzUwODk4MzE3MjY5MhgA&sigh=HvIVraSNEYQ&uach_m=[UACH]&template_id=484
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:25 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Wed, 09 Feb 2022 14:12:25 GMT
truncated
/ Frame 5629 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2b0734b4baa03d37a2ef25d13b14bc89868bc5762dc1b90505b4994e38400cf6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v25/ Frame 5629 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notosans/v25/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa5d2912bec294d33c9dc4be4a00a9a5f4ac993049a935f4535ae687e3b08d0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 02 Feb 2022 19:31:29 GMT
x-content-type-options
nosniff
age
585656
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16088
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 18:56:33 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Feb 2023 19:31:29 GMT
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012201141909000/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/amp4ads-host-v0.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3fad63993e27fa3f20b4baf898d11e54029341a25af2e759acc5d41ae4a595b0
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504067
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7945
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"44a7bc0d085eadf3"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=filecr.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=filecr.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:12:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		53 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4221571240865022&correlator=790744080824821&output=ldjh&impl=fifs&eid=31064671%2C31063223%2C31060545&vrg=2022020301&ptt=17&sc=1&sfv=1-0-38&ecs=20220209&iu_parts=8691100%2CFileCR_S2S_Leaderboard_ROS_ATF&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90%7C970x250&prev_scp=optimize_refresh_int%3D0%26optimize_ad_unit_id%3Dbsa-zone_1627508894724-7_123456%26optimize_inview%3Dfalse&eri=1&cust_params=optimize_refreshed%3Dfalse%26optimize_acceptable%3Dfalse%26optimize_adl_debug%3Dfalse%26optimize_ctv_debug%3Dfalse%26optimize_debug%3Dfalse%26optimize%3Dtrue%26optimize_adl_id%3D%26optimize_amp%3Dfalse%26optimize_audience%3Dlifestyle%26optimize_env%3Dprod%26optimize_pub%3Dfilecr&cookie=ID%3Dfad8f577559e4736-2219d0163bcd00f5%3AT%3D1644415945%3AS%3DALNI_MbPF5RblASjlZMcGOmwW8WKN6WFhg&bc=31&abxe=1&dt=1644415945961&lmt=1644415945&dlt=1644415944511&idt=882&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=4795&adks=1202396793&ucis=1&ifi=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=true&fws=0&ohw=0&btvi=1&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
d1ef580c80499ba59ac77312848b22bd7e5213c28314fce8f8f2e501a8128ca9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:26 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12260
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://filecr.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
8fddf9bcc2612d49750f2d9dbdb437ac.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 49DC 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://8fddf9bcc2612d49750f2d9dbdb437ac.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Wed, 09 Feb 2022 14:12:25 GMT
expires
Thu, 09 Feb 2023 14:12:25 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
downsize_200k_v1
tpc.googlesyndication.com/simgad/9779681584961496582/ Frame 5D90 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/9779681584961496582/downsize_200k_v1?w=400&h=209
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3abf391b0c5e5b90d6233e99d35a7ff487b9ee71b2a6268fdfcc935e866b4eea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 05:28:43 GMT
x-content-type-options
nosniff
age
31423
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4155
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 12:44:24 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 09 Feb 2023 05:28:43 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/5250848271080314985/ Frame 5D90 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/5250848271080314985/downsize_200k_v1?w=100&h=100
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
74cb2c29739ccfc2a6e21e9f2bbc924174e20ec375f9b8e10727567e1948cac2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 14:12:03 GMT
x-content-type-options
nosniff
age
86423
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1904
x-xss-protection
0
last-modified
Wed, 23 Sep 2020 12:48:53 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 08 Feb 2023 14:12:03 GMT
truncated
/ Frame 5D90 		219 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b9fbb4a12ad07c9b7f21d3c2d1db64399b3c0ce4b1afe7ac2b03ed8dfb811eb3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012201141909000/ Frame 92FE 		220 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8ade0d94aaf4b3d52776b75609e8d1c31995677a0a033a6fa2408425da07740
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
19411
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61542
x-xss-protection
0
server
sffe
date
Wed, 09 Feb 2022 08:48:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"00d9ef7efeb287da"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 09 Feb 2023 08:48:55 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 92FE 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cb696ecd7c4f31fdd7c7c1cc37e8efc29614fbcbadf74f455aa496d72ce33250
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504068
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5698
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"919adc590e0ff503"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 92FE 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-analytics-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc83fe6d180fd859f448bacd040799bf379ee7e0d9b1e6c3f19499c1c4358864
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504068
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29570
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"c52208c2e07002d5"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 92FE 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-fit-text-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea29de07cdb14f2c6c59c06fdcd4ec30c2030b3ba8ee6a0aa325085496b9a94d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
48603
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1851
x-xss-protection
0
server
sffe
date
Wed, 09 Feb 2022 00:42:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"76a8c96b6aaec2c9"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 09 Feb 2023 00:42:23 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 92FE 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-form-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7d040d5e84706dac2d471ad33830bd0ae361ca06e53e72e817701478c6d5afa
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
104620
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13611
x-xss-protection
0
server
sffe
date
Tue, 08 Feb 2022 09:08:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"7aefe3fe93cc7383"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 08 Feb 2023 09:08:46 GMT
amp-gwd-animation-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 92FE 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-gwd-animation-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
521a8eaf8c4a2ba9501acfdf35b7d1ebb4bbb4c7aca2d4ee43e01984d73991e5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504068
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2661
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d259f7ea2431535d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
css
fonts.googleapis.com/ Frame 92FE 		9 KB
877 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Noto+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6823285eb46b5b3f5c60cedb96d66a4d18bdc335096705d9f9c72aa681ddab5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 12:28:26 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Feb 2022 14:12:26 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Feb 2022 14:12:26 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 92FE 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
16248
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 92FE 		295 B
322 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
15561
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:53:05 GMT
5f9ae9f190dbfc0010f28960.png
tpc.googlesyndication.com/sadbundle/7316940882382349146/ Frame 92FE 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/7316940882382349146/5f9ae9f190dbfc0010f28960.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47168af81d6da682065294d09fdd18596989831eee323959ac7d0646f7746a12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 13:18:18 GMT
x-content-type-options
nosniff
age
435248
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4889
x-xss-protection
0
last-modified
Fri, 18 Dec 2020 13:50:58 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 04 Feb 2023 13:18:18 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 92FE 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C4tPtycsDYqnnFtL_nsEPgYiU-AOg8rzqYcGV1Z23D4r9oITDARABINXClHVgleKQgqAHoAGp1ezCAsgBCakC4qkOiZYxsz6oAwHIAwiqBO0BT9A-Lrz05xmiqEWG07K4hPC_tnafMh3O-7oEpj9YfbP1hav5Rdr3jNmveFzaFUUGMlub1nrkInwKNi7ZYIRcMgd7GQ8z3dyzvNf2m0On-eWoFEbhLvaHqUL5DzfOFpkOmjv8mn0mxBKvdQfnJ5qp4YZDf6mwnQxAUFDpJLbpCmNXAISjhipJABv07NbMM6GZ8pLFIBlFGuIDClbSMz55kqOdTfMXGbSl-9H9ntxfj2sg3ZNUrKb_4vHbsOJ1Xqt_YuvCPGXNEJr1xuAHhPyU3PfgzBXeBMofZ9a_RixzAByoxWhMrRGmlRlm8IiywATI9srSrwOSBQQIBBgBkgUECAUYBKAGLoAHv6qTvQGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBDZ_2TSCAkIgOGAEBABGB-ACgHICwHYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItMzU1MzUwODk4MzE3MjY5MhgA&sigh=RxFNvRtxHmU&uach_m=[UACH]&template_id=419
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=1812224452&adf=2554503121&pi=t.ma~as.7139257958&w=748&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=748x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944844&bpp=1&bdt=334&idt=454&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=vysqpFXBfP&p=https%3A//filecr.com&dtd=456
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 5D90 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 11:22:37 GMT
x-content-type-options
nosniff
age
10189
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:20 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 09 Feb 2023 11:22:37 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 5D90 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 20:07:55 GMT
x-content-type-options
nosniff
age
65071
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 08 Feb 2023 20:07:55 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 5D90 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 18:59:49 GMT
x-content-type-options
nosniff
age
69157
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 08 Feb 2023 18:59:49 GMT
truncated
/ Frame 92FE 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0c4c3f5f964ef36678dd72186afc380a1f2e348a6adc491ddce7d2e032255bcb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
css
fonts.googleapis.com/ Frame E41D 		8 KB
888 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
58c9e8f7f121a11b1516bdac16d6e56bf75ee2fe57f6f505f2fd88a07e687b05
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 13:30:37 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Feb 2022 14:12:26 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Feb 2022 14:12:26 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame E41D 		1 KB
878 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:01:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
672
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
848
x-xss-protection
0
server
cafe
etag
2277666839114365613
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:01:14 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/ Frame E41D 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:59:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
782
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7817
x-xss-protection
0
server
cafe
etag
7051432691878289762
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:59:24 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame E41D 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:51:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1264
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:51:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E41D 		124 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cecd27ce9737114e23fa8dda3be3041f7c36cdafd31822d2e5bae793669bd13f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644237382599929"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:12:26 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame E41D 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:49:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1348
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:49:58 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5629 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
16248
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5629 		295 B
322 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
15561
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:53:05 GMT
5f9ae9f190dbfc0010f28960.png
tpc.googlesyndication.com/sadbundle/7316940882382349146/ Frame 5629 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/7316940882382349146/5f9ae9f190dbfc0010f28960.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47168af81d6da682065294d09fdd18596989831eee323959ac7d0646f7746a12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 13:18:18 GMT
x-content-type-options
nosniff
age
435248
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4889
x-xss-protection
0
last-modified
Fri, 18 Dec 2020 13:50:58 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 04 Feb 2023 13:18:18 GMT
o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v25/ Frame 92FE 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notosans/v25/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa5d2912bec294d33c9dc4be4a00a9a5f4ac993049a935f4535ae687e3b08d0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 02 Feb 2022 19:31:29 GMT
x-content-type-options
nosniff
age
585657
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16088
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 18:56:33 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Feb 2023 19:31:29 GMT
bql.php
lg3.media.net/ Frame FCB8 		0
0
ff20f166b0acb5bbc58563e896201b58.js
www.gstatic.com/mysidia/ Frame E41D 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/ff20f166b0acb5bbc58563e896201b58.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
60b6fb70c39877b90333526914dbc0d47052cd8c4c298c421aaee2f9d6b48bcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 05:35:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
30991
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11452
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 06:53:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 10 May 2022 05:35:55 GMT
bql.php
lg3.media.net/ Frame BA53 		0
0
truncated
/ Frame E41D 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/svg+xml
VnTavz0N7mR8nqB23LNAZAPutaELHNP8vFQVuCwP3pA.js
pagead2.googlesyndication.com/bg/ Frame 982A 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/VnTavz0N7mR8nqB23LNAZAPutaELHNP8vFQVuCwP3pA.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=516295860&adf=1968746569&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944794&bpp=50&bdt=283&idt=477&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=1708691194&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=qkmR4aMfZq&p=https%3A//filecr.com&dtd=481
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5674dabf3d0dee647c9ea076dcb3406403eeb5a10b1cd3fcbc5415b82c0fde90
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 11:12:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
10795
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13746
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 11:12:31 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame E41D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CQh2JycsDYoPSF9SdiQaI0ro4x57O52ee1oLhhQ-yl_CejA4QASDVwpR1YJXikIKgB6AB_9uKyAPIAQGoAwGqBOMBT9DCuiR8X6Bq1t1gskXjlbH9WOUjepqs-g0Xc_UqOiB24o41aM2kDy1NdIXyl451tdUPS1Wv9zVbqj8-3fpN2bBvshAWx5edWVuf4sBfMP3Q53StLlCkMhGcS7u73ge9jDTkflqCwIwuK_bKuOiJpDXW12K5XrRanoAnWw3mURDYBb8M4pkLxda6_Jpt3cER7X8uB-hexIpJQ9YHuyOOZ_ITDzvgDiE8pBYNOQxGey51KnC3vs3Aw7XPIluYilyVf5USHD3KqtkDUZOPwvtiZagic7WBZADzY9R1TDb9zQOgw1nABISmnc3nA5IFBAgEGAGSBQQIBRgEgAeHhrzyAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEENnaGtIICQiA4YAQEAEYH4AKAcgLAdgTDNAVAYAXAbIXHAoaCAASFHB1Yi0zNTUzNTA4OTgzMTcyNjkyGAA&sigh=AQ6Sj2IR4ug&uach_m=[UACH]&template_id=5020
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
aaf44123f57f1327f74f8049c476dded.js
www.gstatic.com/mysidia/ Frame E876 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/aaf44123f57f1327f74f8049c476dded.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1ffc9ca7657f3d655db7b79eb1e7316e4d23aab2df01606d8ce022385e4b985
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 07:02:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
25809
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3501
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 06:53:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 10 May 2022 07:02:17 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame E876 		1 KB
878 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:01:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
672
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
848
x-xss-protection
0
server
cafe
etag
2277666839114365613
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:01:14 GMT
33f409315851bbf49571eff699404a30.js
www.gstatic.com/mysidia/ Frame E876 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/33f409315851bbf49571eff699404a30.js?tag=exit_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c4037984cb7225ae934a56d854582d4bfe9df0dbb7c6cff4b0a6b5634c92710
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 07:08:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
25456
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7896
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 22:35:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 10 May 2022 07:08:10 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/ Frame E876 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:59:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
782
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7817
x-xss-protection
0
server
cafe
etag
7051432691878289762
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:59:24 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame E876 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:51:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1264
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:51:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E876 		124 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cecd27ce9737114e23fa8dda3be3041f7c36cdafd31822d2e5bae793669bd13f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644237382599929"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:12:26 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame E876 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:49:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1348
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:49:58 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame E1E9 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502

Response headers

x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
145
x-xss-protection
0
date
Wed, 09 Feb 2022 14:03:52 GMT
cache-control
public, max-age=3600
content-type
text/html; charset=UTF-8
age
514
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012201141909000/ Frame B13E 		220 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8ade0d94aaf4b3d52776b75609e8d1c31995677a0a033a6fa2408425da07740
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
19411
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61542
x-xss-protection
0
server
sffe
date
Wed, 09 Feb 2022 08:48:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"00d9ef7efeb287da"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 09 Feb 2023 08:48:55 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame B13E 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cb696ecd7c4f31fdd7c7c1cc37e8efc29614fbcbadf74f455aa496d72ce33250
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504068
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5698
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"919adc590e0ff503"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame B13E 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc83fe6d180fd859f448bacd040799bf379ee7e0d9b1e6c3f19499c1c4358864
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504068
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29570
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"c52208c2e07002d5"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame B13E 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea29de07cdb14f2c6c59c06fdcd4ec30c2030b3ba8ee6a0aa325085496b9a94d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
48603
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1851
x-xss-protection
0
server
sffe
date
Wed, 09 Feb 2022 00:42:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"76a8c96b6aaec2c9"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 09 Feb 2023 00:42:23 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame B13E 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7d040d5e84706dac2d471ad33830bd0ae361ca06e53e72e817701478c6d5afa
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
104620
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13611
x-xss-protection
0
server
sffe
date
Tue, 08 Feb 2022 09:08:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"7aefe3fe93cc7383"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 08 Feb 2023 09:08:46 GMT
amp-gwd-animation-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame B13E 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-gwd-animation-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
521a8eaf8c4a2ba9501acfdf35b7d1ebb4bbb4c7aca2d4ee43e01984d73991e5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504068
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2661
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d259f7ea2431535d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
css
fonts.googleapis.com/ Frame B13E 		9 KB
877 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Noto+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6823285eb46b5b3f5c60cedb96d66a4d18bdc335096705d9f9c72aa681ddab5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 13:56:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Feb 2022 14:12:26 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Feb 2022 14:12:26 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B13E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
16248
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B13E 		295 B
322 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
15561
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:53:05 GMT
5f9ae9f190dbfc0010f28960.png
tpc.googlesyndication.com/sadbundle/7316940882382349146/ Frame B13E 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/7316940882382349146/5f9ae9f190dbfc0010f28960.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47168af81d6da682065294d09fdd18596989831eee323959ac7d0646f7746a12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 13:18:18 GMT
x-content-type-options
nosniff
age
435248
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4889
x-xss-protection
0
last-modified
Fri, 18 Dec 2020 13:50:58 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 04 Feb 2023 13:18:18 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame B13E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C9PukycsDYqT8POSwlQeK7KPQBqDyvOphwZXVnbcPv96llo8OEAEg_N_oGWCV-vCBjAegAanV7MICyAEJqQKRj1CQaSuzPuACAKgDAcgDCKoEhwJP0PRU9h1U2TQtFjQEfP3lBH28szwXl3316lBiTHLN-yHHrAa5BFIAkKfudd5S9Kk2gWzlYURz6w6ozphtCPa-L8LYO6BOz9Pu6ZDAqFNB1Pe_0oOcz0P9LLauwaaLs9D9hEHxeZ1qrk9f-g4AM8yY7BixaGRv12vgG2dSo9VQ0NRbPbvx5vUFBGPvmKzYdsmck95gjMW5vjOPp3X3lxGzJKmMWiVaNvqk-JSFvZntYkLZG-2HtWLSzecbb11mC70HVixxwtSLNtvE0xNsz9KON4alKyKu5E_6shLOvF8_LUmNdXzZQlLQPQ-End1VJ5sDBgyOS18JEHtCTz-htnR_-MWtnN_9ycAEyPbK0q8D4AQBkgUECAQYAZIFBAgFGASgBi6AB7-qk70BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQ2PoG0ggJCIDhgBAQARgdgAoDyAsB2BMM0BUBmBYBgBcBshceChwIABIUcHViLTIwNDk5NDgxODAwNzkyNjQYnJMP&sigh=ILmSgJGwjjw&uach_m=[UACH]&template_id=419
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers
truncated
/ Frame E41D 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
58b7e980fbe3818580e8c6a378a13eacd8d5d49c175f1b287aeb0b980c732b5a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
aaf44123f57f1327f74f8049c476dded.js
www.gstatic.com/mysidia/ Frame EB15 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/aaf44123f57f1327f74f8049c476dded.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1ffc9ca7657f3d655db7b79eb1e7316e4d23aab2df01606d8ce022385e4b985
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 07:02:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
25809
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3501
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 06:53:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 10 May 2022 07:02:17 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame EB15 		1 KB
878 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:01:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
672
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
848
x-xss-protection
0
server
cafe
etag
2277666839114365613
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:01:14 GMT
33f409315851bbf49571eff699404a30.js
www.gstatic.com/mysidia/ Frame EB15 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/33f409315851bbf49571eff699404a30.js?tag=exit_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c4037984cb7225ae934a56d854582d4bfe9df0dbb7c6cff4b0a6b5634c92710
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 07:08:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
25456
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7896
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 22:35:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 10 May 2022 07:08:10 GMT
4435632710594132872
tpc.googlesyndication.com/daca_images/simgad/ Frame E876 		187 KB
187 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/4435632710594132872
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6eccff95004d261e87dc2aec5d3a1197c9bdc9c57014a5bdf9611f8fc4798d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 21:56:03 GMT
x-content-type-options
nosniff
age
58583
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
191160
x-xss-protection
0
last-modified
Sat, 07 May 2016 00:39:18 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 08 Feb 2023 21:56:03 GMT
16204520589674794282
tpc.googlesyndication.com/icore_images/ Frame E876 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/icore_images/16204520589674794282
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6190cf08a97e8709e462d81f4c015ac058ebf5e887e96f8b6a1eceea22fde083
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 15:37:51 GMT
x-content-type-options
nosniff
age
81275
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13316
x-xss-protection
0
last-modified
Tue, 01 Jun 2021 13:07:30 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 08 Feb 2023 15:37:51 GMT
3390854377214797770
tpc.googlesyndication.com/daca_images/simgad/ Frame E876 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/3390854377214797770
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
97f7bc0dd1c363e132556d8046841da9919b71a0e4763c577c4d1a2e9d31870b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 07 Feb 2022 22:51:27 GMT
x-content-type-options
nosniff
age
141659
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
50751
x-xss-protection
0
last-modified
Fri, 29 Apr 2016 01:05:39 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 07 Feb 2023 22:51:27 GMT
15930113952286984652
tpc.googlesyndication.com/icore_images/ Frame E876 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/icore_images/15930113952286984652
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
80d9e873e047105023e86119996fc2346c276f6da26ffdb95b8e45a716fd8f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 04:49:16 GMT
x-content-type-options
nosniff
age
120190
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14473
x-xss-protection
0
last-modified
Wed, 31 Mar 2021 14:46:48 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 08 Feb 2023 04:49:16 GMT
7026231924826378588
tpc.googlesyndication.com/icore_images/ Frame E876 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/icore_images/7026231924826378588
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
64cb9b870e594ab768f91fe6fa039119c4cdfd119998f33a5409f51e6f5fce33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 06 Feb 2022 07:35:13 GMT
x-content-type-options
nosniff
age
283033
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15746
x-xss-protection
0
last-modified
Thu, 01 Apr 2021 15:44:31 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 06 Feb 2023 07:35:13 GMT
5115845860490748710
tpc.googlesyndication.com/icore_images/ Frame E876 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/icore_images/5115845860490748710
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
048e8dd1bb8045173d95c8ed8a14b44d8d17e5b282e9fb68e5c39e7d8173ad57
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 08:09:16 GMT
x-content-type-options
nosniff
age
453790
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12563
x-xss-protection
0
last-modified
Tue, 24 Aug 2021 01:17:51 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 04 Feb 2023 08:09:16 GMT
16069586114690903957
tpc.googlesyndication.com/icore_images/ Frame E876 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/icore_images/16069586114690903957
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ef0d9f83f7f5b72983e8ed62e57c73d69fe9cba93dee7eb13284d861998a086
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 07 Feb 2022 10:18:16 GMT
x-content-type-options
nosniff
age
186850
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12908
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 13:14:23 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 07 Feb 2023 10:18:16 GMT
4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v41/ Frame E41D 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v41/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05e2888e835d97fe6e4cfb256f62f47d5dccf6d9ac202ea9d82a6bc2b1716c1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 01:22:38 GMT
x-content-type-options
nosniff
age
46188
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28196
x-xss-protection
0
last-modified
Tue, 18 Jan 2022 17:53:50 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 09 Feb 2023 01:22:38 GMT
truncated
/ Frame B13E 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
344f818244c72a40111e69811b8968e79c61e36a72eb984a529cae2e73cdca48

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v25/ Frame B13E 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notosans/v25/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa5d2912bec294d33c9dc4be4a00a9a5f4ac993049a935f4535ae687e3b08d0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://filecr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 02 Feb 2022 19:31:29 GMT
x-content-type-options
nosniff
age
585657
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16088
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 18:56:33 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Feb 2023 19:31:29 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/ Frame EB15 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:59:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
782
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7817
x-xss-protection
0
server
cafe
etag
7051432691878289762
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:59:24 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame EB15 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:51:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1264
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:51:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame EB15 		124 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cecd27ce9737114e23fa8dda3be3041f7c36cdafd31822d2e5bae793669bd13f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644237382599929"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:12:26 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame EB15 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:49:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1348
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:49:58 GMT
publishertag.prebid.js
static.criteo.net/js/ld/ 		90 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:26 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 09:04:35 GMT
server
nginx
etag
W/"61f7a623-16685"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Thu, 10 Feb 2022 14:12:26 GMT
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/ 		150 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/reactive_library_fy2019.js?bust=31064771
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
998c8df172348a7eed85d2d7a25cca359d1cb5a8482e8b20c06699158ee3ecbe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54417
x-xss-protection
0
server
cafe
etag
4300253410921569799
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 09 Feb 2022 14:12:26 GMT
generate_204
tpc.googlesyndication.com/ Frame 45BC 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?zTQxMA
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
generate_204
tpc.googlesyndication.com/ Frame 9BF5 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?3IRDsg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
downsize_200k_v1
tpc.googlesyndication.com/simgad/9779681584961496582/ Frame EB15 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/9779681584961496582/downsize_200k_v1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb2308287201b92392dfb22f6980474a593b8310671e0d63f153af7df558be28
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:59:58 GMT
x-content-type-options
nosniff
age
15148
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18283
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 12:44:24 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 09 Feb 2023 09:59:58 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/18312686731199027670/ Frame EB15 		90 KB
90 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/18312686731199027670/downsize_200k_v1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2d1dda37cc0f6885b23e092150e24e111b8ce7d35370a9a0e03ddc197a1fec96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 08:51:28 GMT
x-content-type-options
nosniff
age
19258
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
92391
x-xss-protection
0
last-modified
Thu, 11 Nov 2021 22:19:03 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 09 Feb 2023 08:51:28 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/7758418924167107674/ Frame EB15 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/7758418924167107674/downsize_200k_v1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d4bc100a85f745db78548e627853f6b3d0d255484865351d487fc0f30418cc1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 06 Feb 2022 04:44:29 GMT
x-content-type-options
nosniff
age
293277
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
80288
x-xss-protection
0
last-modified
Thu, 25 Jun 2020 20:48:12 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 06 Feb 2023 04:44:29 GMT
4435632710594132872
tpc.googlesyndication.com/daca_images/simgad/ Frame EB15 		187 KB
187 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/4435632710594132872
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6eccff95004d261e87dc2aec5d3a1197c9bdc9c57014a5bdf9611f8fc4798d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 21:56:03 GMT
x-content-type-options
nosniff
age
58583
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
191160
x-xss-protection
0
last-modified
Sat, 07 May 2016 00:39:18 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 08 Feb 2023 21:56:03 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame E876 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CXC4IycsDYtHUF9O-Zbj0irANiJazmWe0n6Oi3g3AjbcBEAEg1cKUdSgHYJXikIKgB6ABwsXp1gPIAQGoAwHIA8MEqgTiAU_QMNNiv9mY4HOErgDHzQnuCpInK5wNYZdZr1PheueHjmdLzRIPKpZ29N0Qx4mAzNp5Yhc6tsu7WcbLnlMexzcnj6145FH9G3RWU6cGX3Z816m-2lyh7g92NsCIUNWc6UimwqTH85y9bSlk8Z9kQ1ES2QsgfWe3pRnPsPgRu0sUDW1bpVumpcKeAAmX_4EpMisz5nxgFGTmArbXdUit3znkriD78n9usPev3TW9zK7TwmQ2-yhdSJPrEIXvGVYpWBBCFTrCsXwM8fscIY9zMsq1ivXnn9Fz_8rAjfmVw4Y8VdDABOapn9TeA5IFBAgEGAGSBQQIBRgEoAZRgAf4ochjqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ9OoB0ggJCIDhgBAQARgfgAoByAsBwhMGGMLF6dYD2BMC0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=45_ZEa4iJN4&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame E876 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CgRsMycsDYtHUF9O-Zbj0irANpdWdsQWN3MK6nwKmnq2NaxACINXClHUoB2CV4pCCoAfIAQGoAwHIA8MEqgSoAU_Q3h1fn9kS4MvjzQrLwh6jG9Mp_vCwUqld7lOpfA22bQ4G0RYIYMpjvZsay4aXgcs4bFcg8NK2WNXXxk1YySwrjq1t_xrmUH1ZVqtaUy0ohae83lyn7gZ6Phi5thSYaKKk-KXhOqJHncKGBmmPQNwFcf3C-JK0peTc8I0aP74XDZhSpS6toTeNAPye_XQqMt4g4olrFJHlAkPUcb2m3Mznr8D9L2jWh8AEpcDLijSSBQQIGhgEoAZFwAYLgAfl9-I1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ9OoB0ggJCIDhgBAQARgfgAoByAsB0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=lv6rlJBb8To&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame E876 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Crf6GycsDYtHUF9O-Zbj0irAN1srv7We8v6zIwQ_AjbcBEAMg1cKUdSgHYJXikIKgB6AB-IebsSjIAQGpAuKpDomWMbM-qAMByAPDBKoE9wFP0Aa9Rb_bmOBzhK4Ax80J7gqSJyucDWGXWa9T4Xrnh45nS80SDyqWdvTdEMeJgMzaeWIXOrbLu1nGy55THsc3J4-teORR_Rt0VlOnBl92fNepvtpcoe4PdjbAiFDVnJFLpoqkCPElneAWnRt0j7LX_TKNxpCRVaDk3PAFAnu-F42YWKUuraG3lQT8nv90IDLeIOaJcxaR5QBD1HG9ptnM76zV-PKKbbECrN3Vuw_SMyUXovqfOUXMV5SPAlDMI3pYXavsN1nSSeRb17cA1bfftXd_2YQprkbi4o33hDHIJzFi1ZUPVn1DdEHRi4fBRl5_6hmJd9CTwASKptHj2gOSBQQIBBgBkgUECAUYBKAGUYAH-L_rkAOoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBD06gHSCAkIgOGAEBABGB-ACgHICwHCEwYY-IebsSjYEwrQFQGAFwGyFxwKGggAEhRwdWItMzU1MzUwODk4MzE3MjY5MhgA&sigh=fKwe8_ig2EI&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame E876 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C6uHfycsDYtHUF9O-Zbj0irANpdWdsQWN3MK6nwKmnq2NaxAEINXClHUoB2CV4pCCoAfIAQGoAwHIA8MEqgSoAU_Q3h1Zn9kS4MvjzQrLwh6jG9Mp_vCwUqld7lOpfA22bQ4G0RYIYMpjvZsay4aXgcs4bFcg8NK2WNXXxk1YySwrjq1t_xrmUH1ZVqtaUy0ohae83lyn7gZ6Phi5thSYaKKk-KXhOqJHncKGBmmPQNwFcf3C-JK0peTc8I0aP74XDZhSpS6toTeNAPye_XQqMt4g4olrFJHlAkPUcb2m3Mznr8D9L2jWh8AEpcDLijSSBQQIGhgEoAZFwAYLgAfl9-I1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ9OoB0ggJCIDhgBAQARgfgAoByAsB0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=Xb-huK8Crs4&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame E876 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CSPogycsDYtHUF9O-Zbj0irANpdWdsQWN3MK6nwKmnq2NaxAFINXClHUoB2CV4pCCoAfIAQGoAwHIA8MEqgSoAU_Q3h1Yn9kS4MvjzQrLwh6jG9Mp_vCwUqld7lOpfA22bQ4G0RYIYMpjvZsay4aXgcs4bFcg8NK2WNXXxk1YySwrjq1t_xrmUH1ZVqtaUy0ohae83lyn7gZ6Phi5thSYaKKk-KXhOqJHncKGBmmPQNwFcf3C-JK0peTc8I0aP74XDZhSpS6toTeNAPye_XQqMt4g4olrFJHlAkPUcb2m3Mznr8D9L2jWh8AEpcDLijSSBQQIGhgEoAZFwAYLgAfl9-I1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ9OoB0ggJCIDhgBAQARgfgAoByAsB0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=K8AGXpvMtEw&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame E876 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C_Jj_ycsDYtHUF9O-Zbj0irANpdWdsQWN3MK6nwKmnq2NaxAGINXClHUoB2CV4pCCoAfIAQGoAwHIA8MEqgSoAU_Q3h1bn9kS4MvjzQrLwh6jG9Mp_vCwUqld7lOpfA22bQ4G0RYIYMpjvZsay4aXgcs4bFcg8NK2WNXXxk1YySwrjq1t_xrmUH1ZVqtaUy0ohae83lyn7gZ6Phi5thSYaKKk-KXhOqJHncKGBmmPQNwFcf3C-JK0peTc8I0aP74XDZhSpS6toTeNAPye_XQqMt4g4olrFJHlAkPUcb2m3Mznr8D9L2jWh8AEpcDLijSSBQQIGhgEoAZFwAYLgAfl9-I1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ9OoB0ggJCIDhgBAQARgfgAoByAsB0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=Gbul4a3Zg_c&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame E876 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C1Nn6ycsDYtHUF9O-Zbj0irANpdWdsQWN3MK6nwKmnq2NaxAHINXClHUoB2CV4pCCoAfIAQGoAwHIA8MEqgSoAU_Q3h1an9kS4MvjzQrLwh6jG9Mp_vCwUqld7lOpfA22bQ4G0RYIYMpjvZsay4aXgcs4bFcg8NK2WNXXxk1YySwrjq1t_xrmUH1ZVqtaUy0ohae83lyn7gZ6Phi5thSYaKKk-KXhOqJHncKGBmmPQNwFcf3C-JK0peTc8I0aP74XDZhSpS6toTeNAPye_XQqMt4g4olrFJHlAkPUcb2m3Mznr8D9L2jWh8AEpcDLijSSBQQIGhgEoAZFwAYLgAfl9-I1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ9OoB0ggJCIDhgBAQARgfgAoByAsB0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=velFZk1CTgw&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame E876 		220 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
08bec63c7a9ec18eba0561015db6af0ea744016a18fb33a84acd6d1fa7bedf18

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
adview
googleads.g.doubleclick.net/pagead/ Frame EB15 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CPa9fycsDYsPAF4iN-cAPj8-fgAag8rzqYc3yqrf3DdainaCMDhABINXClHUoBGCV4pCCoAegAanV7MICyAEGqQJBxVrOAiqzPqgDAcgDAqoE4wFP0ETI9f6JQOjYoFFNnzbI4C-TwJGz84z4LLYTO-9Bq1FRYiLxV6Y3tJ1styMM6PNe9vaFkgTo-lErISmnXuCLFAf8kWFEvDiihqCbqxvjJj0cNZyczRefBp5Yg09na8BO370v2c4jKyHDD0GlbONd6MOS7qsiRGSmP7P7L5VxenXzfzK0zFyu2l7bcoeDrrDPYLmuLahdUc9Fm3QpcIHrnuS_60snxdM3Rnu3FGk86UetqtVZ3BQsKj7jCfNGRGXwCa2M5diOwnG7G0eZdOd7R15iAMdR5XXLKbvVzw7vo9toM8AEwcyL7cwDkgUECAQYAZIFBAgFGASgBjeAB7-qk70BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ4OoF0ggJCIDhgBAQARgfgAoByAsBwhMGGKnV7MIC2BMMiBQB0BUBmBYBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=QZzFVi07JTw&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame EB15 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CX26PycsDYsPAF4iN-cAPj8-fgAac0ODuZoPd-63mDpGd64_AHxACINXClHUoBGCV4pCCoAegAf_bisgDyAEGqAMByAMCqgTgAU_QOmD057N5W2urPUKaP87xc97Mk2RIisgvulNy5k5GimkzPvFTpX6hnSW4JgXu4gK7-ofQXPb9WyA5Lfsc5IEFGuCNaFblequGr5GtQbUrZBcwm5_OEpoKnlBTrmKXQU1efywFBDNVkqZtmedt-V3yw__qxiZNYrI5RvA_2ZQ9APD_MkHPqS3S2iZ1coCksDBjTK09qLhSOEaZdNxzcOiS5kLqviTF08JFj7QVaNzuCnSmj-msHU-hpt-Tuf5GnmBykwkSXACgLBniX5Pq7FVfx-CG1_RxpNoFowVR2LhvwATR2caZswOSBQQIBBgBkgUECAUYBKAGN4AH8O6sogKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDg6gXSCAkIgOGAEBABGB-ACgHICwHCEwYY_9uKyAPYEwyIFALQFQGAFwGyFxwKGggAEhRwdWItMzU1MzUwODk4MzE3MjY5MhgA&sigh=tPQsqljc4Y8&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame EB15 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CHzyDycsDYsPAF4iN-cAPj8-fgAapnPzyXqu8teihDpnM3_uRDhADINXClHUoBGCV4pCCoAegAbPd2KcCyAEGqQJBxVrOAiqzPqgDAcgDAqoE8QFP0H0r7ueyeVtrqz1Cmj_O8XPezJNkSIrIL7pTcuZORoppMz7xU6V-oZ0luCYF7uICu_qH0Fz2_VsgOS37HOSBBRrgjWhW5Xqrhq-RrUG1K2QXMJufzhKaCp5QU65ilzlOXj8sGAQzQKrVNYPnbfld8sP_6sYmTWKyOUbwP9mUPQDw_zJBz6kt0tomdXKApLAwY0ytPai4UjhGmXTcc3DokuZC6r4kxdPCRY-0FWjc7kdrqNXqrB3hIj6jk7nvRsUgL9AGEl4D-xQSytVvNRRGb_NkOjvgWrxBhn4B3jRaf0KHrdYa5GJQ9gvoGDfEZOhHwATNgdCBgQOSBQQIBBgBkgUECAUYBKAGN4AHtaKn2AGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDg6gXSCAkIgOGAEBABGB-ACgHICwHCEwYYs93YpwLYEwrQFQGAFwGyFxwKGggAEhRwdWItMzU1MzUwODk4MzE3MjY5MhgA&sigh=gFw2pH6j364&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame EB15 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CQa7PycsDYsPAF4iN-cAPj8-fgAaIlrOZZ7Sfo6LeDcCNtwEQBCDVwpR1KARgleKQgqAHoAHCxenWA8gBAagDAcgDAqoE3AFP0EQCxOe1eVtrqz1Cmj_O8XPezJNkSIrIL7pTcuZORoppMz7xU6V-oZ0luCYF7uICu_qH0Fz2_VsgOS37HOSBBRrgjWhW5Xqrhq-RrUG1K2QXMJufzhKaCp5QU65il0FNXncs1waKHjvh8HMMhgjbHSh5DCvQr2dPKgINLB1hPoAF_DI0xK1Y2d7TfHJ1rbDFcExYLqpNUTqzmnApeHYdmeS36b7RxtI3Ro9UE6ugDsRmei3rQVR7KBzrjAc5s1rwVsOs2dCmN-INylqpZ1C0skpMGDvuS05ovnDAwATmqZ_U3gOSBQQIBBgBkgUECAUYBKAGUYAH-KHIY6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEODqBdIICQiA4YAQEAEYH4AKAcgLAcITBhjCxenWA9gTAtAVAYAXAbIXHAoaCAASFHB1Yi0zNTUzNTA4OTgzMTcyNjkyGAA&sigh=Zu0ZLMc0yVI&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=187&slotname=3578224809&adk=2859422363&adf=2107022901&pi=t.ma~as.3578224809&w=748&fwrn=4&lmt=1644415945&rafmt=11&psa=0&format=748x187&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944845&bpp=3&bdt=335&idt=470&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=234&ady=2784&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ESvj7xQkMV&p=https%3A//filecr.com&dtd=473
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:12:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame EB15 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04fdcdcb75c2e47ab97b900ef4b9c98481d10d943821c7f6fe517f2db0ab831d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
publishertag.prebid.js
static.criteo.net/js/ld/ 		90 KB
28 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:26 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 09:04:35 GMT
server
nginx
etag
W/"61f7a623-16685"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Thu, 10 Feb 2022 14:12:26 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame E1E9
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=394972274&adf=2756932478&pi=t.ma~as.2519109481&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944849&bpp=1&bdt=338&idt=497&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280%2C296x600&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BnAigZhlrj&p=https%3A//filecr.com&dtd=502
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 09 Feb 2022 14:12:26 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:12:26 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 09 Feb 2022 14:12:26 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=filecr.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:12:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=filecr.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:12:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/ Frame 832A 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064771
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4612
x-xss-protection
0
date
Tue, 08 Feb 2022 18:59:57 GMT
expires
Tue, 22 Feb 2022 18:59:57 GMT
cache-control
public, max-age=1209600
age
69149
etag
18247940800414524076
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
VnTavz0N7mR8nqB23LNAZAPutaELHNP8vFQVuCwP3pA.js
pagead2.googlesyndication.com/bg/ Frame 0085 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/VnTavz0N7mR8nqB23LNAZAPutaELHNP8vFQVuCwP3pA.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=1025948083&adf=606823705&pi=t.ma~as.9622731939&w=296&fwrn=4&fwrnh=100&lmt=1644415945&rafmt=1&psa=0&format=296x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415944848&bpp=1&bdt=337&idt=484&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C748x280%2C748x187%2C748x280&nras=1&correlator=736225061094&frm=20&pv=1&ga_vid=752414008.1644415945&ga_sid=1644415945&ga_hid=1042172742&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C31064771&oid=2&pvsid=4221571240865022&pem=413&tmod=756698427&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=3kBb1JW18F&p=https%3A//filecr.com&dtd=491
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5674dabf3d0dee647c9ea076dcb3406403eeb5a10b1cd3fcbc5415b82c0fde90
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 11:12:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
10795
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13746
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 11:12:31 GMT
css2
fonts.googleapis.com/ Frame 832A 		4 KB
634 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 13:48:29 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Feb 2022 14:12:26 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Feb 2022 14:12:26 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 832A 		205 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:14:09 GMT
x-content-type-options
nosniff
age
3497
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 09 Feb 2023 13:14:09 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 832A 		604 B
628 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 07:17:09 GMT
x-content-type-options
nosniff
age
24917
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 09 Feb 2023 07:17:09 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/elements/html/ Frame 832A 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a7b5f2e7e3fd51102d05b2706291210864e7890361d932311a18048073374ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:40:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1902
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8079
x-xss-protection
0
server
cafe
etag
5902764951541284931
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:40:44 GMT
css
fonts.googleapis.com/ Frame 5786 		8 KB
888 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 12:38:51 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Feb 2022 14:12:26 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Feb 2022 14:12:26 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 5786 		1 KB
878 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:01:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
672
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
848
x-xss-protection
0
server
cafe
etag
2277666839114365613
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:01:14 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/ Frame 5786 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:59:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
782
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7817
x-xss-protection
0
server
cafe
etag
7051432691878289762
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:59:24 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 5786 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:51:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1264
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:51:22 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 5786 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:49:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1348
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:49:58 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 5786 		124 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cecd27ce9737114e23fa8dda3be3041f7c36cdafd31822d2e5bae793669bd13f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644237382599929"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:12:26 GMT
ff20f166b0acb5bbc58563e896201b58.js
www.gstatic.com/mysidia/ Frame 5786 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/ff20f166b0acb5bbc58563e896201b58.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
60b6fb70c39877b90333526914dbc0d47052cd8c4c298c421aaee2f9d6b48bcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 05:35:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
30991
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11452
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 06:53:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 10 May 2022 05:35:55 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame E3DD 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1

Response headers

x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
145
x-xss-protection
0
date
Wed, 09 Feb 2022 14:03:52 GMT
cache-control
public, max-age=3600
content-type
text/html; charset=UTF-8
age
514
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
si
googleads.g.doubleclick.net/pagead/drt/ Frame E3DD
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 09 Feb 2022 14:12:27 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:12:27 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 09 Feb 2022 14:12:26 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
VnTavz0N7mR8nqB23LNAZAPutaELHNP8vFQVuCwP3pA.js
pagead2.googlesyndication.com/bg/ Frame EDED 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/VnTavz0N7mR8nqB23LNAZAPutaELHNP8vFQVuCwP3pA.js
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5674dabf3d0dee647c9ea076dcb3406403eeb5a10b1cd3fcbc5415b82c0fde90
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 11:12:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
10795
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13746
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 11:12:31 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4E6E 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022020301&jk=3279863451780736&bg=!4eKl4qbNAAa4sGsQuLA7ACkAdvg8WpRpZr_yeRlRq8HWVxPqpGWXX06LS2ep8Ixrg0a0DX4zBkn3MwIAAAJAUgAAAANoAQeZAtLnT4ashNAhZxSbUBCqsVYG9rQZPhmkqejWOkQCEjP3dqgtnTPGy7xjF2Q_gUiFXhB1EGsaFa3MFJh3eCSxgWRvOOwPKfYmWodeHH5tptvn13_iHu6FEe3eRZNbhHdHXsaexYfKUUyzHgGFOcbOKhzwwEwqxNF-bkPuppzogTRhRE_cv3C4r31_lF7CIDLwTACWeyOIIBKzxKmahEjSzjVr3ISPbaYsWrlVNVZXsQHuxm1xoQC67sy8hBeDMrkhhbMU733xnBmxQi8p0DDssQTLsWNqX5sHyGzKfEAC_svxOCnaaREVs-VVvAUHZCzmdIdn5_OogTOdDwwLXkyLCd3V79hjUZH0b61iiwfY2LK1F18BMbyKau_P7dOeF4OlMlGEKWNZI9FPonOlfNgYbMD81i_vhtr6-cryWmrnXLEzyMgxeRWKqwbBP11zlv3jti9m-fii1Fszgz_tEF88obQGNK_q2IFdZ2CiVA6_izAme_PUxJD3cJPe1dzSAZBVNN18-9FCxlticlUzdwVstVK6EBvVcrtvhxKKTQUWy7ta_1dzdRKUO2BoO1z4O9UKHhxJdUgjre9E6KUhHmOnYB2gLeB5qqebGxVNt80yh9f4mTVfLnHyLOL-1QItlqM8ZjFW8noqZH8zIdbSNJw66MIFdTSi4bapvOZhSpP8cIO9TG3rF7gjyoaSCfXYirnKCoRSh_PRYGzWZZCmzpTQ7fYvjDZ8DWHf_t4lFQzM9CM45gq2uEjcPq_rcMSFW5SIPzfpfdFSrzbNwaJ28z1TmiNSGtZjVgbp7UAn3Gis-wvkqakTaSBIZdrbROdzrMwojk978HH5zeY4LrKFnHaVomdoB9CtG9_zomhYxODX5hxbaJEfc1uO9Pfz39K-enVGLG6YPyP8fgLf9fNntFN7UEkqmz1Twq-YQuAkNuDc4nC9bWzAUVqyGWLMTItJYwvqTq5f_w
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D318 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022020301&jk=870105772489136&bg=!f3ylfDjNAAa4sGsQuLA7ACkAdvg8WqcapzAeCwRuBS9j7We2e3_RCuTt8Ywh9esALtec4Vaq-6APYwIAAAKeUgAAAANoAQeZAt2ort0WzSFh69uKlz56WzhEaQe4NXkdKSWcGaQiBg_KMPSQoGqlAC8UQdo1qqXJwRSigF6z8NuU650NRy5xwN7WTmNPFZ1_5kJawX7iDk1AZiHBNg63ziFKDSVMrx0RvDPw4ZI0Zi1YbQbT8huNqA0SRrtpiQi7EucV-dUXysiz6w05T7wBPgrXL66IUksR3IGf1epYzpw3xttgEmaio-VUh5AF4yYv1pZ-RmeIotduLO4Z8BeRbLwGR8QHjjZkyd9uLRXxr6DBEmI_aIFrXkkroxTjFMLgrzjas_cXXoV8W3U7GfkaqVAE2c0GI5jmAwhHX144YA9MRLRAy1T8WgUMuWt-4Yy66QXjnyufx1gsRR1TkDzY6cRBF8YyEhjUloNTZwtS9Iiw5aK3QGkjiQHoeZiIURKsCOOqIbz2SgWtn55FoSdOzwqKuHFFJRsS1zk2WQuHCeXgtbKeJ_oNcdAV89ptyeocmotULP2iQyciixwCkPDNvd_lArkMMAIo8uyR_8k7fN_z6r-Jyuwj17QzZ_6NfVkt8bdiCB-HpKEaR8-SdfHpRcB8L4LuSomsbsaR-xwIjSJMAiZjSKLjXtevcjoXfHY58cyZwLkIlJctj3jEenA-n7FeljQ1U6G8FfxZbBmP9IPuDINyug8qM9hhe5TiRkiDRZFSJjU3cgwGZj1OlULWQUtGL9Tl8Po3kTx_FW1WpyYW99EIM5G6WdE62yxhIL9rgxBTD4g0DW8qsmgZo6IxL2KBJAOpbEOyz_LAhZZETIbsNFBzN0saXYtYdgYBdex0fm2y4CuzN1sR-UWO7n5jTbURLK9s1yS7YAnaz4cQJKrt0lb0DXLBSYKZ07LCneEdJ6du-Cf-I7vKOSqTZxKg6qTVylYFBH8DwL9w5izdLvLGD6JcNluJR_CjzvcIywXBtzHcSnZRf7ZZubHlA37w6fN2-kyk9QEA07Y4hd5ePdozmndyR-Vd
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 5D90 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstb57hYvXruAZWgpvfRY733V-t3PPMMZyXHbT72SevFCpWa5QnF-qrWE_AAmWyL1YA-_25YgNnY4HhSn32yxtJAV84mEXzWXuYX7M5XzsAY8g90BR4crw&sai=AMfl-YTjKALL31gX2C80psITWDujDJ46nM7GSxkEb4BuQXQJvGhbg7dnsuVqElcb8kzkfS6WZjuQu5LhVuL6&sig=Cg0ArKJSzMvc7cHD3VdREAE&id=lidar2&mcvt=1000&p=0,0,280,1158&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220207&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=516295860&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1644415945276&rpt=921&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 92FE 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssFHccp74T-cYfFQTTh5BcmNL8WnzDT1SR0d-pTz9dDOPqczXdubP1lnRfca6AHp7URuakRfp7kEkoLalEI_Fs-WRc5AoMU1a5zmpHrjzIaCw_OrJd_Wg&sai=AMfl-YRjdDDqeaX75SjqzLNcXffabBLgjC7_fL30p7mh0WfF8BvXMBO9qOyql-stTgjU2tJoH2kqaG-Qch2Y&sig=Cg0ArKJSzN5jcNDgMXuMEAE&id=ampim&o=234,1002&d=748,193&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=633&tls=1633&g=100&h=100&tt=1634&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=0
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame E876 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu91AzNcAVolu4DsdL21QYOnIuJQloDbrghNCNBMul3Jeljl86v3dy4jh8Rxx-y4NCPP5XXygrLhOI9NHDDPaNFdnVMRSPxZGgN7ZGlRF33vw&sai=AMfl-YSD4CSKAji3sUGFVXWBtwWTWMuj-n5jr2A17A0MIdB5J052UU_vm54Ox7BPQ_bK3pZu4602oyQEJ49e&sig=Cg0ArKJSzMRmBGUiT5zlEAE&id=lidar2&mcvt=1000&p=17,0,93.421875,296&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220207&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=1025948083&rs=2&la=0&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1644415945340&rpt=1384&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame 5995 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-143-124.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"402b2-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 09 Feb 2022 14:12:28 GMT
Connection
keep-alive
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 85EE 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Sun, 06 Feb 2022 02:33:27 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Wed, 09 Feb 2022 14:12:28 GMT
Age
41935
X-Served-By
cache-lga21969-LGA, cache-hhn4052-HHN
X-Cache
HIT, HIT
X-Cache-Hits
3, 638598
X-Timer
S1644415949.987282,VS0,VE0
Vary
Accept-Encoding
iframe
mantodea.mantisadnetwork.com/prebid/ Frame CAAB 		233 B
470 B 		Document
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1644415945955&secure=true&version=9&uuid=cd921020-f58b-411b-a73b-c0eecad3144a&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.174.217.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-174-217-176.compute-1.amazonaws.com
Software
/ Express
Resource Hash
8852dc4007339811b06753da707b4815bb8f2abb9e46eb84a7d6a77949638bed

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-type
text/html; charset=utf-8
content-length
233
x-powered-by
Express
vary
Origin
access-control-allow-credentials
true
cache-control
private, no-cache, no-store, must-revalidate
pragma
no-cache
expires
-1
etag
W/"e9-GZ2E7tKvySh01E1LZd6JDT9X13Q"
sync
eb2.3lift.com/ Frame 12D4
Redirect Chain
  • https://eb2.3lift.com/sync?
  • https://eb2.3lift.com/sync?&ld=1
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?&ld=1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
34a94e5c6c22635afd857d3310b8aecd9ecd53d8e825654306e7633e775e7e0b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

date
Wed, 09 Feb 2022 14:12:28 GMT
content-type
text/html; charset=utf-8
content-length
459
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

date
Wed, 09 Feb 2022 14:12:28 GMT
content-length
0
location
/sync?&ld=1
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
onetag-sys.com/usync/ Frame C412 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?cb=1644415945668
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
sync.html
public.servenobid.com/ Frame C22F 		8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://public.servenobid.com/sync.html
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::69 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bbfd30e5fd2bd475d319b5b55ab61469966d1517b703f9bd830a6f3207387c27

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

cache-control
max-age=86400
content-type
text/html
content-encoding
br
last-modified
Wed, 15 Dec 2021 19:31:35 GMT
accept-ranges
bytes
etag
"32347ab14bd5257f1f3d2e210ba82276"
server
AmazonS3
x-cache
TCP_HIT
x-amz-id-2
GInHvwcB0OLhatV2u5nB/Zgq5HLDdNKaTjNbeb/uzQb1HRitYw/BSAUBPLhS8Rh4ofaaLH9bWSk=
x-amz-request-id
44D0JH41AYMZJQQ2
x-amz-meta-codebuild-content-sha256
8644b4f52d5a37b8f0b84f0bbcfa66f9e0f7f97407e4d25c13a055f86b22baed
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:0897103a-6355-4b89-92f6-53a82b1da700
x-amz-meta-codebuild-content-md5
276cf0a41034befc9a603617ae1a1731
x-azure-ref-originshield
0LHwDYgAAAABVFngdXBysQq1IwwOE0wiSQU1TMDRFREdFMTgxNQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-azure-ref
0zcsDYgAAAAAQhDrlx23yQJX6RbpFvdx8RlJBRURHRTEwMTAAODRlN2RmYTItMTQ0Mi00MzM0LWIzNGYtZTQyZDNmN2RkYWQ5
date
Wed, 09 Feb 2022 14:12:28 GMT
/
onetag-sys.com/usync/ 		0
52 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/usync/?tag=img
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-cache, no-transform
generic
match.adsrvr.org/track/cmf/ Frame 12D4 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
xuidmid=7976&xuid=BShsf8N4M&dongle=u6nf
eb2.3lift.com/ Frame 12D4
Redirect Chain
  • https://ad.mrtnsvr.com/sync/triplelift
  • https://eb2.3lift.com/xuidmid=7976&xuid=BShsf8N4M&dongle=u6nf
37 B
155 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuidmid=7976&xuid=BShsf8N4M&dongle=u6nf
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
cache-control
no-cache, no-store, must-revalidate
x-error
Not Found
content-length
37
content-type
image/gif

Redirect headers

location
https://eb2.3lift.com/xuidmid=7976&xuid=BShsf8N4M&dongle=u6nf
date
Wed, 09 Feb 2022 14:12:29 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
92
vary
Origin
content-type
text/html; charset=utf-8
pixel
cm.g.doubleclick.net/ Frame 12D4 		170 B
502 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 12D4
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU1MDA0MTYyMjcwNjIzNzM5MTQwNA%3D%3D
170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU1MDA0MTYyMjcwNjIzNzM5MTQwNA%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU1MDA0MTYyMjcwNjIzNzM5MTQwNA%3D%3D
date
Wed, 09 Feb 2022 14:12:29 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame 12D4 		0
704 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=4550041622706237391404&dbredirect=true&gdpr=1&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 12F83DF447E244EE921208D301118414 Ref B: FRAEDGE0812 Ref C: 2022-02-09T14:12:29Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXXlmyC0x0/II/G9Fh1Pw==
xuid
eb2.3lift.com/ Frame 12D4
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/4550041622706237391404?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-I8HnEnRE2oRY7KCu_kaVEcXuZWpx822OkBYZjkUpAQ--~A&dongle=0883
37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-I8HnEnRE2oRY7KCu_kaVEcXuZWpx822OkBYZjkUpAQ--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Wed, 09 Feb 2022 14:12:29 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-I8HnEnRE2oRY7KCu_kaVEcXuZWpx822OkBYZjkUpAQ--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
c.gif
c.bing.com/ Frame 12D4 		42 B
591 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?xid=4550041622706237391404&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:28 GMT
etag
"9ea1ae3587d81:0"
last-modified
Wed, 12 Jan 2022 02:05:35 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: B03D3ADE0E794025BDF121E8E4E12BE1 Ref B: FRAEDGE1221 Ref C: 2022-02-09T14:12:29Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
iu3
s.amazon-adsystem.com/ Frame 12D4
Redirect Chain
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4550041622706237391404
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4550041622706237391404&dcc=t
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4550041622706237391404&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
HTTP/1.1
Server
209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
KEZBC0FQ3CYJ91QJRKZ2
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4550041622706237391404&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
x.bidswitch.net/ Frame 12D4 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=triplelift&user_id=4550041622706237391404&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.192.154.244 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-154-244.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 09 Feb 2022 14:12:29 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
xuid
eb2.3lift.com/ Frame 12D4
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
async_usersync
ib.adnxs.com/ Frame 85EE 		0
729 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
X-Proxy-Origin
217.64.151.7; 217.64.151.7; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
0dbb1c0f-7440-4b54-9a3e-18ec7a3611b1
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame 5995 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-143-124.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
b161a452760e628e5d4e19573320eff7833f5da41a399d8fe332dcf191a49afa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 09 Feb 2022 14:12:29 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Dec 2021 23:04:16 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=76597
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9705
Expires
Thu, 10 Feb 2022 11:29:06 GMT
fltiu.js
pixel.yabidos.com/ Frame CAAB 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.yabidos.com/fltiu.js?qid=83233313f553333313f513430313&cid=1041&p=undefined&s=filecr.com
Requested by
Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1644415945955&secure=true&version=9&uuid=cd921020-f58b-411b-a73b-c0eecad3144a&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.200.58 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04e15c27c7c1e344842fec61d78bfb338739501f6d293a013d57a808efcc3674

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mantodea.mantisadnetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 28 Jan 2022 16:06:54 GMT
server
cloudflare
age
1610
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
cf-ray
6dadb161d86c6925-FRA
content-length
1168
expires
Wed, 09 Feb 2022 16:12:29 GMT
query
ecs.mantisadnetwork.com/sync/pixel/ Frame CAAB
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=rjrqv8k&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=rjrqv8k&ttd_tpi=1
  • https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f
35 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f
Requested by
Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1644415945955&secure=true&version=9&uuid=cd921020-f58b-411b-a73b-c0eecad3144a&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880
Protocol
H2
Server
35.174.217.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-174-217-176.compute-1.amazonaws.com
Software
/ Express
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mantodea.mantisadnetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
x-powered-by
Express
etag
W/"23-X71HIiL+uKIs9biqXcW44Tr4jis"
content-length
35
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
241
flimpobj.js
pixel.yabidos.com/ Frame CAAB 		31 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.yabidos.com/flimpobj.js?cb=1644415949123&ver1=2.2.3&qid=83233313f553333313f513430313&rnd=gxf9riaig9ak&cid=1041
Requested by
Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=83233313f553333313f513430313&cid=1041&p=undefined&s=filecr.com
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.200.58 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4cf0498d6f16d928751dae8b235dab5e250f65d561f43e2dc20d982efac6016f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mantodea.mantisadnetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 28 Jan 2022 16:06:54 GMT
server
cloudflare
age
1611
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
cf-ray
6dadb16208c86925-FRA
content-length
24217
expires
Wed, 09 Feb 2022 16:12:29 GMT
13926
g2.gumgum.com/usync/ Frame E082 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.242.212.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-242-212-194.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4db9a2000647dd95456d2cbce039be1bd99790f543d2d581f2557e9ebdbf4627

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-type
text/html;charset=UTF-8
server
nginx
etag
W/"0453fd3e95950d8c22819411c02e6c0e4"
timing-allow-origin
*
content-encoding
gzip
ps
pixel.33across.com/ Frame 2667 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP002 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

x-33x-status
2000208
server
33XP002
date
Wed, 09 Feb 2022 14:12:29 GMT
/
onetag-sys.com/usync/ Frame E186 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
sync
ssbsync.smartadserver.com/api/ Frame 67A1 		824 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.132 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
03f88051c159c936239b4b7746817fa2dd5a61e9d81b0daa2f7a03c09233e308

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

content-length
824
content-type
text/html
date
Wed, 09 Feb 2022 14:12:29 GMT
usermatch
ssum-sec.casalemedia.com/ Frame 2E40
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-241.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
65d1e86b9125e69ca0810acf1c49616b5475a9a056a22c59cf4265f642601feb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
230|39|45|241|3|81|73|191
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Expires
Wed, 09 Feb 2022 14:12:29 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
Content-Length
1725
Connection
keep-alive

Redirect headers

Server
Apache
Content-Length
311
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Wed, 09 Feb 2022 14:12:29 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
Connection
keep-alive
sync
ads.servenobid.com/ Frame C22F
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=312&uid=3039027062740373425
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=312&uid=3039027062740373425
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.194.68.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-68-215.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
X-Proxy-Origin
217.64.151.7; 217.64.151.7; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
35a2055a-023f-4a79-a6f3-e077adbfbc0e
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ads.servenobid.com/sync?pid=312&uid=3039027062740373425
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
ads.servenobid.com/ Frame C22F
Redirect Chain
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1
  • https://ads.servenobid.com/sync?pid=310&uid=a76f4590e6bb5a0dfe5f96f5
0
348 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=310&uid=a76f4590e6bb5a0dfe5f96f5
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.194.68.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-68-215.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ads.servenobid.com/sync?pid=310&uid=a76f4590e6bb5a0dfe5f96f5
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap7ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
sync
ads.servenobid.com/ Frame C22F
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1644415949228
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4939325756
  • https://sync.1rx.io/usersync/tradedesk/d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f
  • https://sync.targeting.unrulymedia.com/csync/RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
  • https://ads.servenobid.com/sync?pid=321&uid=RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=321&uid=RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.194.68.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-68-215.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=321&uid=RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
date
Wed, 09 Feb 2022 14:12:29 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX8e9e6f864fc44f97a35be4f6eb87ba4c003
content-type
text/html
101954
jadserve.postrelease.com/suid/ Frame C22F 		43 B
428 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/suid/101954?ntv_r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D322%26uid%3DNTV_USER_ID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.204.253.249 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-204-253-249.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
sync
ads.servenobid.com/ Frame C22F
Redirect Chain
  • https://p.rfihub.com/cm?pub=44007&in=1
  • https://ads.servenobid.com/sync?pid=324&uid=5108559722466015054
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=324&uid=5108559722466015054
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.194.68.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-68-215.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Location
https://ads.servenobid.com/sync?pid=324&uid=5108559722466015054
Date
Wed, 09 Feb 2022 14:12:29 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
usa
sync.go.sonobi.com/ Frame C22F 		0
0
sync
ads.servenobid.com/ Frame C22F
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
  • https://ads.servenobid.com/sync?pid=327&uid=7279797e-0105-4993-a357-41b26af11a6b&gdpr=0&gdpr_consent=&us_privacy=1YN-
0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=327&uid=7279797e-0105-4993-a357-41b26af11a6b&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.194.68.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-68-215.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=327&uid=7279797e-0105-4993-a357-41b26af11a6b&gdpr=0&gdpr_consent=&us_privacy=1YN-
date
Wed, 09 Feb 2022 14:12:29 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
1
server
envoy
content-length
0
sync
ads.servenobid.com/ Frame C22F
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58559/occ
  • https://ads.servenobid.com/sync?pid=337&uid=y-bD7VY6RE2uE9DhUlD.VBLRoDAo2mKSTg3HOTf14-~A
0
366 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=337&uid=y-bD7VY6RE2uE9DhUlD.VBLRoDAo2mKSTg3HOTf14-~A
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.194.68.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-68-215.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=337&uid=y-bD7VY6RE2uE9DhUlD.VBLRoDAo2mKSTg3HOTf14-~A
date
Wed, 09 Feb 2022 14:12:29 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
vbl.gif
pre.glotgrx.com/ Frame CAAB 		26 B
304 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pre.glotgrx.com/vbl.gif?cb=1644415949188&rnd=gxf9riaig9ak&ifm=1&uai=1&cid=1041&s=filecr.com&p=undefined&x=&adtg=&ats=0&atf=&nsi=&si=&nci=&nai=&pft=0&iip=0&adb=1&adc=0&adcd=i0_f0_o0_e0&ai=&icp=undefined&impid=&idl=&ttduid=&id5=&emh=
Requested by
Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1644415945955&secure=true&version=9&uuid=cd921020-f58b-411b-a73b-c0eecad3144a&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:75c3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mantodea.mantisadnetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
cf-cache-status
HIT
last-modified
Fri, 28 Jan 2022 16:06:46 GMT
server
cloudflare
age
7051
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
public, max-age=7200
accept-ranges
bytes
cf-ray
6dadb162fc3c375b-MXP
content-length
26
expires
Wed, 09 Feb 2022 16:12:29 GMT
nflrc.gif
pre.glotgrx.com/ Frame CAAB 		26 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pre.glotgrx.com/nflrc.gif?cb=1644415949174289&ver=1.2r81&qid=83233313f553333313f513430313&p=undefined&s=filecr.com&x=&cid=1041&od1=&od2=&adtg=&nci=&nai=&si=&ai=&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=gxf9riaig9ak&impid=&idl=&ttduid=&id5=&emh=&tps=2&ver1=2.2.3&1=8bc4b1d79e408f99c0da59b34ff29ffd&2=0.0&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%220%22%3A%22Chrome%2520PDF%2520Plugin%2520-%2520%2520-%2520internal-pdf-viewer%2520-%2520Portable%2520Document%2520Formatfl_br%22%2C%221%22%3A%22Chrome%2520PDF%2520Viewer%2520-%2520%2520-%2520mhjfbmdgcfjbbpaeojofohoefgiehjai%2520-%2520fl_br%22%2C%222%22%3A%22Native%2520Client%2520-%2520%2520-%2520internal-nacl-plugin%2520-%2520fl_br%22%7D%7D&6=2&7={%22e%22:%2211%22,%22m%22:%220%22,%22f%22:%223428%22}&ats=0&atf=&dbgcid=1041&ifm=1&penv=b&pt=&ptbp=&tw=0&ldp=1&icpl=23&icp=https%253A//filecr.com/&irfl=23&irf=https%253A//filecr.com/&cty=4&fcs=0&flky=ver-fl-6-qid-fl-28-p-fl-9-s-fl-10-x-fl-0-cid-fl-4-od1-fl-0-od2-fl-0-adtg-fl-0-nci-fl-0-nai-fl-0-si-fl-0-ai-fl-0-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-idl-fl-0-ttduid-fl-0-id5-fl-0-emh-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andWindows&adv=0&det=1&adb=1&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=0x0&gpu=Intel%20Iris%20OpenGL%20Engine&ncf=4g_9.2_undefined_null_0_undefined_false&chua={%22architecture%22:%22%22,%22brands%22:[],%22mobile%22:false,%22model%22:%22%22,%22platform%22:%22%22,%22platformVersion%22:%22%22,%22uaFullVersion%22:%22%22}&fli=&flerr=0&trim=&fio=22
Requested by
Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1644415945955&secure=true&version=9&uuid=cd921020-f58b-411b-a73b-c0eecad3144a&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:75c3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mantodea.mantisadnetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
cf-cache-status
HIT
last-modified
Fri, 28 Jan 2022 16:06:46 GMT
server
cloudflare
age
7053
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
public, max-age=7200
accept-ranges
bytes
cf-ray
6dadb162fc42375b-MXP
content-length
26
expires
Wed, 09 Feb 2022 16:12:29 GMT
tap.php
pixel.rubiconproject.com/ Frame 5995
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/xv2ifjZVI6gxoDe9fBoybQ?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6613879172942939373
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6613879172942939373
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif

Redirect headers

date
Wed, 09 Feb 2022 14:12:29 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6613879172942939373
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
tap.php
pixel.rubiconproject.com/ Frame 5995
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=6b496203-cbcc-4600-93e1-22dfe1cdbc1f
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=6b496203-cbcc-4600-93e1-22dfe1cdbc1f
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif

Redirect headers

Date
Wed, 09 Feb 2022 14:12:29 GMT
Server
MT3 4133 baa842e master zrh-pixel-x7 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=6b496203-cbcc-4600-93e1-22dfe1cdbc1f
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 09 Feb 2022 14:12:28 GMT
pixel
cm.g.doubleclick.net/ Frame 5995
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NjgzMTI5NzdlNzlhYTc1MTVkMTYyZWM1NGUzMDlhZWE5MjMxNTM1ZA
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NjgzMTI5NzdlNzlhYTc1MTVkMTYyZWM1NGUzMDlhZWE5MjMxNTM1ZA
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NjgzMTI5NzdlNzlhYTc1MTVkMTYyZWM1NGUzMDlhZWE5MjMxNTM1ZA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
611afce88997db6fdd35eb213e662871
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 5995
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pGTVNPQUgtQy1BMUZC
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pGTVNPQUgtQy1BMUZC
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pGTVNPQUgtQy1BMUZC
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
611afce88997db6fdd35eb213e662871
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 5995
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHz3E3BZHNHRhx8wWQ3WHpk&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHz3E3BZHNHRhx8wWQ3WHpk&google_cver=1
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHz3E3BZHNHRhx8wWQ3WHpk&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rubicon
match.adsrvr.org/track/cmf/ Frame 5995 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
tap.php
pixel.rubiconproject.com/ Frame 5995
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YgPLzQAE8VeMdwBH
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YgPLzQAE8VeMdwBH&_test=YgPLzQAE8VeMdwBH
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YgPLzQAE8VeMdwBH&_test=YgPLzQAE8VeMdwBH
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
via
1.1 varnish
server
Varnish
x-timer
S1644415949.345727,VS0,VE0
x-served-by
cache-hhn4058-HHN
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YgPLzQAE8VeMdwBH&_test=YgPLzQAE8VeMdwBH
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
709414.gif
id.rlcdn.com/ Frame 5995 		0
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
via
1.1 google
alt-svc
clear
content-length
0
pixel
cm.g.doubleclick.net/ Frame 2E40 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YgPLzUF7u2cMsIS9c0FRsAAABJYAAAAB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 2E40 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame 2E40
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YgPLzUF7u2cMsIS9c0FRsAAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEObt6wSoSAGOs3GqFS2lA-U&google_cver=1&gdpr=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEObt6wSoSAGOs3GqFS2lA-U&google_cver=1&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
184.30.24.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-241.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 09 Feb 2022 14:12:29 GMT

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEObt6wSoSAGOs3GqFS2lA-U&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 2E40
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YgPLzUF7u2cMsIS9c0FRsAAABJYAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YgPLzUF7u2cMsIS9c0FRsAAABJYAAAAB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YgPLzUF7u2cMsIS9c0FRsAAABJYAAAAB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
QYY726N3M8Y7CAZVMQF6
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
DYQ9VA5FMZ1DGT17735C
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YgPLzUF7u2cMsIS9c0FRsAAABJYAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 2E40
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=1&gdpr_consent=
43 B
1008 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=1&gdpr_consent=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
184.30.24.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-241.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 09 Feb 2022 14:12:29 GMT

Redirect headers

Date
Wed, 09 Feb 2022 14:12:29 GMT
Server
MT3 4133 baa842e master zrh-pixel-x28 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=1&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 09 Feb 2022 14:12:28 GMT
rum
dsum-sec.casalemedia.com/ Frame 2E40
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=73zE_Losl6v0esCqu3fZ9uh6xq30epL8uC9GJhrO
43 B
1012 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=73zE_Losl6v0esCqu3fZ9uh6xq30epL8uC9GJhrO
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
184.30.24.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-241.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 09 Feb 2022 14:12:29 GMT

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=73zE_Losl6v0esCqu3fZ9uh6xq30epL8uC9GJhrO
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
YgPLzUF7u2cMsIS9c0FRsAAABJYAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 2E40 		43 B
987 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/YgPLzUF7u2cMsIS9c0FRsAAABJYAAAAB?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3605:9b3d:59c:490d:6d21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
index
dmp.brand-display.com/cm/api/ Frame 2E40 		43 B
261 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.12.81.72 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-12-81-72.us-west-2.compute.amazonaws.com
Software
nginx/1.20.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
last-modified
Wed, 09 Feb 2022 14:12:29 GMT
server
nginx/1.20.2
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
expires
Wed, 09 Feb 2022 14:12:30 GMT
sync
ads.servenobid.com/ Frame 2E40 		0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=333&uid=YgPLzUF7u2cMsIS9c0FRsAAABJYAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.68.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-68-215.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
usersync
rtb.gumgum.com/ Frame E082
Redirect Chain
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
  • https://rtb.gumgum.com/usersync?b=apn&i=3039027062740373425
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=apn&i=3039027062740373425
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
X-Proxy-Origin
217.64.151.7; 217.64.151.7; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
94600b12-0fa0-42f1-b7b8-7a09cd4381a2
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://rtb.gumgum.com/usersync?b=apn&i=3039027062740373425
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame E082
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_983204cf-656b-4a04-8741-b5374d9b8037&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_983204cf-656b-4a04-8741-b5374d9b8037&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://pixel.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=gumgum2&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=gumgum2&&user_id=GxyRkk5MwsUAGpXETxeMmBwak8MAGseSTE_BZo0v
  • https://rtb.gumgum.com/usersync?b=bsw&i=aabc893a-bc02-4f41-91f0-5567ecc5d0d4
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=bsw&i=aabc893a-bc02-4f41-91f0-5567ecc5d0d4
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
//rtb.gumgum.com/usersync?b=bsw&i=aabc893a-bc02-4f41-91f0-5567ecc5d0d4
Date
Wed, 09 Feb 2022 14:12:29 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
cookiesyncredir
bttrack.com/Pixel/ Frame E082
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%285Nps53TbAqWXqIQPKwEoutUxJHgmLlv8RQhVlCqubntBf1bVbY3bmLH3rivVOLq6%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_983204cf-656b-4a04-8741-b5374d9b8037&obuid=ENC(5Nps53TbAqWXqIQPKwEoutUxJHgmLlv8RQhVlCqubntBf1bVbY3bmLH3rivVOLq6)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://bttrack.com/Pixel/cookiesyncredir?rurl=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dbidtellect%26uid%3D%7Bglobalid%7D%26obUid%3D5Nps53TbAqWXqIQPKwEoutUxJHgmLlv8RQhVlCqubntBf1bVbY3bmL...
35 B
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bttrack.com/Pixel/cookiesyncredir?rurl=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dbidtellect%26uid%3D%7Bglobalid%7D%26obUid%3D5Nps53TbAqWXqIQPKwEoutUxJHgmLlv8RQhVlCqubntBf1bVbY3bmLH3rivVOLq6
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
192.132.33.46 -, , ASN (),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-ServerName
Track004-dc3
Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
X-AspNetMvc-Version
5.2
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
P3P
CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control
private,no-cache
Content-Type
image/gif
Content-Length
35
Expires
-1

Redirect headers

Location
https://bttrack.com/Pixel/cookiesyncredir?rurl=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dbidtellect%26uid%3D%7Bglobalid%7D%26obUid%3D5Nps53TbAqWXqIQPKwEoutUxJHgmLlv8RQhVlCqubntBf1bVbY3bmLH3rivVOLq6
Date
Wed, 09 Feb 2022 14:12:30 GMT
X-TraceId
75f8ac43bb68bac8a908116500d6f9c0
Content-Length
0
usersync
rtb.gumgum.com/ Frame E082
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://rtb.gumgum.com/usersync?b=opx&i=8edf31ba-0189-4e94-9341-bc3229d673cf
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=opx&i=8edf31ba-0189-4e94-9341-bc3229d673cf
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-encoding
gzip
server
OXGW/17.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://rtb.gumgum.com/usersync?b=opx&i=8edf31ba-0189-4e94-9341-bc3229d673cf
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
usersync
rtb.gumgum.com/ Frame E082
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-a69c2b60-c10c-4969-5b21-4666edb38d90$ip$217.64.151.7
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-a69c2b60-c10c-4969-5b21-4666edb38d90$ip$217.64.151.7
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-a69c2b60-c10c-4969-5b21-4666edb38d90$ip$217.64.151.7
Date
Wed, 09 Feb 2022 14:12:29 GMT
Connection
keep-alive
Content-Length
121
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame E082
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=oth&i=y-9dgr_JdE2peSd.5N55ql6mwmPYE.MEYr.Bkq~A
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=oth&i=y-9dgr_JdE2peSd.5N55ql6mwmPYE.MEYr.Bkq~A
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Wed, 09 Feb 2022 14:12:29 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://rtb.gumgum.com/usersync?b=oth&i=y-9dgr_JdE2peSd.5N55ql6mwmPYE.MEYr.Bkq~A
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
usersync
rtb.gumgum.com/ Frame E082
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%...
  • https://rtb.gumgum.com/usersync?b=vnt&i=50f01cef-89b2-11ec-b48a-0ba201ff5bd5
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=vnt&i=50f01cef-89b2-11ec-b48a-0ba201ff5bd5
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=vnt&i=50f01cef-89b2-11ec-b48a-0ba201ff5bd5
Date
Wed, 09 Feb 2022 14:12:29 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
50f01cf0-89b2-11ec-b48a-0ba201ff5bd5
services
sync.technoratimedia.com/ Frame E082 		0
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
193.122.128.135 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
526341508
access-control-allow-origin
https://g2.gumgum.com/
access-control-allow-credentials
true
142
match.deepintent.com/usersync/ Frame E082 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
c /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-length
0
server
c
usersync
rtb.gumgum.com/ Frame E082
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_983204cf-656b-4a04-8741-b5374d9b8037&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://stags.bluekai.com/site/23178?id=sVB3o9znczEXHW_y6L0C&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT242WIIZW6OL2NZRXURKYJBLV66JWJQYEGJTVONPXA...
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=sVB3o9znczEXHW_y6L0C&us_privacy=1---
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=sVB3o9znczEXHW_y6L0C&us_privacy=1---
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
P3p
CP="We do not support P3P header."
Location
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=sVB3o9znczEXHW_y6L0C&us_privacy=1---
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
118
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame E082
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://rtb.gumgum.com/usersync?b=idi&i=a7a1f989-b9b2-4aa4-881f-86b0a64a8a31
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=idi&i=a7a1f989-b9b2-4aa4-881f-86b0a64a8a31
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=idi&i=a7a1f989-b9b2-4aa4-881f-86b0a64a8a31
date
Wed, 09 Feb 2022 14:12:29 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
sync.targeting.unrulymedia.com/csync/ Frame E082
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003&rndcb=6174852422
  • https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=adconductor&bsw_custom_parameter=aabc893a-bc02-4f41-91f0-5567ecc5d0d4
  • https://x.bidswitch.net/sync?dsp_id=257&user_id=mk9e4b4bb2-fa90-4129-b939-f78115b1a1e5&expires=7&user_group=5&ssp=adconductor&bsw_param=aabc893a-bc02-4f41-91f0-5567ecc5d0d4
  • https://sync.1rx.io/usersync/bidswitch/aabc893a-bc02-4f41-91f0-5567ecc5d0d4?gdpr=&gdpr_consent=
  • https://sync.targeting.unrulymedia.com/csync/RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
43 B
395 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.targeting.unrulymedia.com/csync/RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
213.19.147.45 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
server
Tengine
content-length
43
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

location
https://sync.targeting.unrulymedia.com/csync/RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
cache-control
no-store, no-cache, must-revalidate
server
Tengine
content-type
text/html
expires
0
usersync
rtb.gumgum.com/ Frame E082
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://rtb.gumgum.com/usersync?b=pln&i=vbWjIECy6Cn9&ev=1&pid=558355
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=pln&i=vbWjIECy6Cn9&ev=1&pid=558355
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:30 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
de-DE
location
https://rtb.gumgum.com/usersync?b=pln&i=vbWjIECy6Cn9&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-56659f45bd-tsrgk
expires
-1
sync
ssbsync.smartadserver.com/api/ Frame E082 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.132 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-length
0
sync
ads.servenobid.com/ Frame E082 		0
358 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=309&uid=e_983204cf-656b-4a04-8741-b5374d9b8037
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.68.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-68-215.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
sync
ads.servenobid.com/ Frame 67A1 		0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=317&uid=1226549837188469878&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.68.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-68-215.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
/
rtb-csync.smartadserver.com/redir/ Frame 67A1
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f&gdpr=1&gdpr_consent=
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f&gdpr=1&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f&gdpr=1&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
299
/
rtb-csync.smartadserver.com/redir/ Frame 67A1
Redirect Chain
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=76&partneruserid=GOOGLE_HOSTED_SI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_sc...
  • https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=MTIyNjU0OTgzNzE4ODQ2OTg3OA==&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEI6CQNsdeY2rz8IFQtvplL4&gdpr=0&gdpr_consent=&google_cver=1
43 B
416 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEI6CQNsdeY2rz8IFQtvplL4&gdpr=0&gdpr_consent=&google_cver=1
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:28 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEI6CQNsdeY2rz8IFQtvplL4&gdpr=0&gdpr_consent=&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
345
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
rtb-csync.smartadserver.com/redir/ Frame 67A1
Redirect Chain
  • https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003&rndcb=6365868391
  • https://bidswitch-eu.splicky.com/cm?bidswitch_ssp_id=adconductor&bsw_custom_parameter=aabc893a-bc02-4f41-91f0-5567ecc5d0d4
  • https://x.bidswitch.net/sync?dsp_id=311&user_id=&user_group=2&ssp=adconductor&expires=10&bsw_param=aabc893a-bc02-4f41-91f0-5567ecc5d0d4
  • https://sync.1rx.io/usersync/bidswitch/aabc893a-bc02-4f41-91f0-5567ecc5d0d4?gdpr=&gdpr_consent=
  • https://sync.targeting.unrulymedia.com/csync/RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fpartnerid%3D113%26partneruserid%3DRX-8e9e6f86-4...
  • https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:28 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

location
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
date
Wed, 09 Feb 2022 14:12:29 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX8e9e6f864fc44f97a35be4f6eb87ba4c003
content-type
text/html
pixel
cm.g.doubleclick.net/ Frame 67A1
Redirect Chain
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=134&partneruserid=OB_OK&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmart_adserver_eb%26google_hm%3DSMART_USER_ID_...
  • https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=MTIyNjU0OTgzNzE4ODQ2OTg3OA==&gdpr=0&gdpr_consent=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=MTIyNjU0OTgzNzE4ODQ2OTg3OA==&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=MTIyNjU0OTgzNzE4ODQ2OTg3OA==&gdpr=0&gdpr_consent=
pragma
no-cache
date
Wed, 09 Feb 2022 14:12:28 GMT
cache-control
no-cache,no-store
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
usersync
rtb.gumgum.com/ Frame BDED
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://rtb.gumgum.com/usersync?b=mmh&i=d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=0&gdpr_consent=
35 B
209 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=mmh&i=d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Wed, 09 Feb 2022 14:12:29 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Access-Control-Allow-Origin
*
Server
MT3 4133 baa842e master zrh-pixel-x14 config:1.0.0
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://rtb.gumgum.com/usersync?b=mmh&i=d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=0&gdpr_consent=
Expires
Wed, 09 Feb 2022 14:12:28 GMT
usersync
rtb.gumgum.com/ Frame 7657
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YgPLzQAE8d2PLABH
  • https://rtb.gumgum.com/usersync?b=atm&i=YgPLzQAE8d2PLABH&gdpr=0&gdpr_consent=&_test=YgPLzQAE8d2PLABH
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=atm&i=YgPLzQAE8d2PLABH&gdpr=0&gdpr_consent=&_test=YgPLzQAE8d2PLABH
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

server
Varnish
retry-after
0
location
https://rtb.gumgum.com/usersync?b=atm&i=YgPLzQAE8d2PLABH&gdpr=0&gdpr_consent=&_test=YgPLzQAE8d2PLABH
accept-ranges
bytes
date
Wed, 09 Feb 2022 14:12:29 GMT
via
1.1 varnish
x-served-by
cache-hhn4058-HHN
x-cache
HIT
x-cache-hits
0
x-timer
S1644415949.426613,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
pixel
cm.g.doubleclick.net/ Frame CDA0 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV85ODMyMDRjZi02NTZiLTRhMDQtODc0MS1iNTM3NGQ5YjgwMzc=&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

content-type
image/png
date
Wed, 09 Feb 2022 14:12:29 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
server
HTTP server (unknown)
content-length
170
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 10F0 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-198.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

last-modified
Tue, 01 Feb 2022 06:38:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5549
content-type
text/html; charset=UTF-8
cache-control
max-age=76593
expires
Thu, 10 Feb 2022 11:29:02 GMT
date
Wed, 09 Feb 2022 14:12:29 GMT
vary
Accept-Encoding
/
ssc-cms.33across.com/ps/ Frame 517E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP002 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

x-33x-status
2000208
server
33XP002
date
Wed, 09 Feb 2022 14:12:29 GMT
usersync
rtb.gumgum.com/ Frame E671
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=ttd&i=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f&t=1647007949
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=ttd&i=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f&t=1647007949
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-type
text/html
content-length
209
location
https://rtb.gumgum.com/usersync?b=ttd&i=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f&t=1647007949
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usync.html
eus.rubiconproject.com/ Frame 7B04
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-143-124.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"402b2-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 09 Feb 2022 14:12:29 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

server
AkamaiGHost
content-length
0
location
https://eus.rubiconproject.com/usync.html?p=gumgum
date
Wed, 09 Feb 2022 14:12:29 GMT
access-control-allow-credentials
true
access-control-allow-origin
*
um
cs.emxdgt.com/ Frame DC51 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

content-type
text/html
date
Wed, 09 Feb 2022 14:12:28 GMT
content-length
0
usersync
rtb.gumgum.com/ Frame 9A8D
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=YgPLzcCo8XoAAJdTm3wAAAAA
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=YgPLzcCo8XoAAJdTm3wAAAAA
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 09 Feb 2022 14:12:30 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Server
nginx
Date
Wed, 09 Feb 2022 14:12:29 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
private
Location
https://rtb.gumgum.com/usersync?b=sus&i=YgPLzcCo8XoAAJdTm3wAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time
1
X-SO-HostName
m-ad383.dc4p.scaleout.jp
X-SO-LB-Hostname
m-tgng22.dc4p.scaleout.jp
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":63,"gdpr":true,"ipv4":"0.0.0.0","key":"YgPLzcCo8XoAAJdTm3wAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad383"}
X-SO-Key
YgPLzcCo8XoAAJdTm3wAAAAA
X-SO-IP
217.64.151.7
X-SO-Cluster-ID
63
X-SO-Upstream-ID
m-ad383
usersync
rtb.gumgum.com/ Frame C0E7
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1
  • https://rtb.gumgum.com/usersync?b=rth&i=2QxZb0B33Xa6zXKzwEUT&pi=gumgum&tc=1
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=2QxZb0B33Xa6zXKzwEUT&pi=gumgum&tc=1
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Wed, 09 Feb 2022 14:12:29 GMT Wed, 09 Feb 2022 14:12:29 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=2QxZb0B33Xa6zXKzwEUT&pi=gumgum&tc=1
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-length
0
PugMaster
image6.pubmatic.com/AdServer/ Frame 10F0 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=79629212&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.23 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
d5f6ab7ced9ffe24779a3eba8243c7dc2ca14104fe6ef6a472f45fb83dff01d5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:28 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
usync.js
eus.rubiconproject.com/ Frame 7B04 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-143-124.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
b161a452760e628e5d4e19573320eff7833f5da41a399d8fe332dcf191a49afa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 09 Feb 2022 14:12:29 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Dec 2021 23:04:16 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=76597
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9705
Expires
Thu, 10 Feb 2022 11:29:06 GMT
sync.php
pixel.rubiconproject.com/exchange/ Frame 7B04 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=KZFMSOAH-C-A1FB
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif
match
c1.adform.net/serving/cookie/ Frame 04E4
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=0E75CF48-3D13-442F-AB98-88BCF9CF0EF3
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=0E75CF48-3D13-442F-AB98-88BCF9CF0EF3
35 B
477 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=0E75CF48-3D13-442F-AB98-88BCF9CF0EF3
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Wed, 09 Feb 2022 14:12:29 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

server
nginx
date
Wed, 09 Feb 2022 14:12:29 GMT
content-length
0
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=0E75CF48-3D13-442F-AB98-88BCF9CF0EF3
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame B381
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YgPLzQAE8d2PLABH&gdpr=0&gdpr_consent=
1 B
546 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YgPLzQAE8d2PLABH&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Wed, 09 Feb 2022 14:12:28 GMT
content-type
text/html; charset=utf-8
content-length
1
x-lat
amspug010:0:547
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
Varnish
retry-after
0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YgPLzQAE8d2PLABH&gdpr=0&gdpr_consent=
accept-ranges
bytes
date
Wed, 09 Feb 2022 14:12:29 GMT
via
1.1 varnish
x-served-by
cache-hhn4058-HHN
x-cache
HIT
x-cache-hits
0
x-timer
S1644415950.880685,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
Pug
simage2.pubmatic.com/AdServer/ Frame 8D77
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=0&gdpr_consent=
42 B
360 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Wed, 09 Feb 2022 14:12:28 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
amspug008:0:672
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Date
Wed, 09 Feb 2022 14:12:29 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Access-Control-Allow-Origin
*
Server
MT3 4133 baa842e master zrh-pixel-x30 config:1.0.0
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&gdpr=0&gdpr_consent=
Expires
Wed, 09 Feb 2022 14:12:28 GMT
usersync
rtb.gumgum.com/ Frame 6B47 		35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=pbm&i=0E75CF48-3D13-442F-AB98-88BCF9CF0EF3
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.105.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-105-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 10F0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DnXPSD0TRC-rmIi8-c8O8w%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
184.30.24.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-198.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
content-encoding
gzip
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3de4-5d6ef246ef4cf"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=76593
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5549
expires
Thu, 10 Feb 2022 11:29:02 GMT

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
420486.gif
idsync.rlcdn.com/ Frame 10F0 		0
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/420486.gif?partner_uid=0E75CF48-3D13-442F-AB98-88BCF9CF0EF3
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
via
1.1 google
alt-svc
clear
content-length
0
SPug
image4.pubmatic.com/AdServer/ Frame 10F0
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83
0
128 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Wed, 09 Feb 2022 14:12:29 GMT
Server
MT3 4133 baa842e master zrh-pixel-x27 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 09 Feb 2022 14:12:28 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 10F0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MEU3NUNGNDgtM0QxMy00NDJGLUFCOTgtODhCQ0Y5Q0YwRUYz&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
104.36.113.17 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug011:0:660
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 10F0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFud2lyvF4pnV9fWF8aPr8E&google_cver=1
42 B
590 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFud2lyvF4pnV9fWF8aPr8E&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
104.36.113.17 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug006:0:489
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFud2lyvF4pnV9fWF8aPr8E&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame 10F0 		43 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.50.137.182 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b6.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Tue, 08 Feb 2022 14:12:29 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 10F0
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f
42 B
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:28 GMT
cache-control
no-store, no-cache, private
x-lat
amspug007:0:522
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:12:29 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
simage2.pubmatic.com/AdServer/ Frame 10F0
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3234945574012994077&gdpr=0&gdpr_consent=&us_privacy=
1 B
167 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3234945574012994077&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:28 GMT
cache-control
no-store, no-cache, private
x-lat
amspug010:0:422
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3234945574012994077&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Wed, 09 Feb 2022 14:12:28 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
0E75CF48-3D13-442F-AB98-88BCF9CF0EF3
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 10F0 		43 B
987 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/0E75CF48-3D13-442F-AB98-88BCF9CF0EF3?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3605:9b3d:59c:490d:6d21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
SPug
image4.pubmatic.com/AdServer/ Frame 10F0
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=0E75CF48-3D13-442F-AB98-88BCF9CF0EF3&redir=true&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-quIkw6pE2uVxTQn0FCFLI170Tr3DDM4-~A&gdpr=0&gdpr_consent=
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-quIkw6pE2uVxTQn0FCFLI170Tr3DDM4-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:28 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-quIkw6pE2uVxTQn0FCFLI170Tr3DDM4-~A&gdpr=0&gdpr_consent=
date
Wed, 09 Feb 2022 14:12:29 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Pug
image2.pubmatic.com/AdServer/ Frame 10F0
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3039027062740373425&gdpr=0&gdpr_consent=
42 B
233 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3039027062740373425&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
104.36.113.17 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:29 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug019:0:477
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:29 GMT
X-Proxy-Origin
217.64.151.7; 217.64.151.7; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
c693aea6-9ebc-47b6-988c-3977c2b2318d
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3039027062740373425&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 85EE 		0
729 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:12:30 GMT
X-Proxy-Origin
217.64.151.7; 217.64.151.7; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
515eff4c-cc3e-4008-8962-2ce5471ddb52
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
SPug
simage4.pubmatic.com/AdServer/ Frame 10F0 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:12:30 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
lg3.media.net
URL
https://lg3.media.net/bping.php?&gdpr=1&prid=8PR33J5R4&cid=8CU709Q2E&crid=158962444&vi=1644415944504256994&ugd=4&lf=6&cc=DE&sc=HE&wsip=2886781338&r=1644415945182&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1644415944181952922&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p01887205542t202202091412&vgd_pgids=1&vgd_uspa=0&hvsid=00001644415945177036448888326211&gdpr=1&vgd_end=1
Domain
lg3.media.net
URL
https://lg3.media.net/bping.php?&gdpr=1&prid=8PR33J5R4&cid=8CU709Q2E&crid=855267286&vi=1644415944811828296&ugd=4&lf=6&cc=DE&sc=HE&wsip=2886781338&r=1644415945223&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1644415944181952922&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p01887205542t202202091412&vgd_pgids=2&vgd_uspa=0&hvsid=00001644415945221036448888328873&gdpr=1&vgd_end=1
Domain
lg3.media.net
URL
https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001644415945177036448888326211&geo=50.12|8.68&lper=100&bdrid=7&fp=Nl0xqFbJAHUEHmTY6G8uVa7mxBNcilWzEdi9pJKsRRiT4A6Nmn5Ie3Z2J7Q5l8gS6E2yCYQ4KibxU5bIAvJ3EB8KF9820KuAHi3QVexuO1v4kmZEQc7GkR6oLiFSSlwu&lpid=&tsid=2338&q=&prv=&type=&ps=&cme=vxOR5UpBBSJS2DwKATtUrszkklio8jInx0Zswbc78wj2iOLX3-TTAsIRuxXwgtqnAjmrI7mXSWvl0MZqlIFyz-KeO01Fj085azVPaWJJGhoF7cZlyHj9wkfP9Wbf424MqlLyf_uVtLT9WYeYFhtH4WSZlpvzayOxh00zMgU75VThsFzb9UrkC1DojDE5u-A2c40J2q1jWzzZMlmhamuBHQ%3D%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7CzT5Md2DTyJDBmnk4lkFPyA%3D%3D%7CsRBSg3CPSiQ%3D%7CYdjFvixrVaFXqwBBP0Bt8sQp8UU6jVJJy4qrouRr2ZztLVLoWc6hOk8sWz-EojPAa5rx0r0GCXd3U68LflqZmwZDzI_72fyRyoO7U3KywXc%3D%7CN7fu2vKt8_s%3D%7CwsoVSSU8b1r_P1wxltd7vTD5lZv8JO_HUj7mMiAWM6N2F4B1sfOLFZq4HRgDzYJT6njNJo_qaDVYRb9EiXLzUtYQhPRIBtSZnME4s5Vbi3B5OBoDczHMrhEUdw62l7oPHRRVSOuVmBhdkj1lccQkwlz-XXFgzgFTQPI3t-x_PPPTYcjJf3sEeMoOsB6TlIWUU2wthxriVViiCK5gqCHkc7uT_L3Qx2-R%7C&hint=&td=&cc=DE&wsip=2886781335&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=0&vgde_kbbh=WoNWNY&vgde_setid=NW&&rc=0&ksu=75&vgd_opp_id=644795690051705241644415945209&fdkt=240&kwd[]=Top%20Antivirus%20For%20Windows%2010&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=1&kid[]=330006220&kbc2[]=rps_60%3D0.08%7C%7Crps%3D0.08%7C%7Cps%3D0.609%7C%7Crpc%3D0.91%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Best%20Antivirus%20Software%202021&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=2&kid[]=329900792&kbc2[]=rps_60%3D0.56%7C%7Crps%3D0.56%7C%7Cps%3D0.609%7C%7Crpc%3D0.40%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Best%20VPN%20Service&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=3&kid[]=324952854&kbc2[]=rps_60%3D0.86%7C%7Crps%3D0.86%7C%7Cps%3D0.609%7C%7Crpc%3D0.43%7C%7Clvl%3D1.00&ktd[]=274911592704&kwd[]=Best%20Antivirus%20for%20Windows&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=4&kid[]=48770207&kbc2[]=rps_60%3D0.56%7C%7Crps%3D0.56%7C%7Cps%3D0.609%7C%7Crpc%3D0.40%7C%7Clvl%3D1.17&ktd[]=274911592704&kwd[]=Time%20Tracking%20Software&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=5&kid[]=28491148&kbc2[]=rps_60%3D0.27%7C%7Crps%3D0.27%7C%7Cps%3D0.609%7C%7Crpc%3D0.27%7C%7Clvl%3D1.00&ktd[]=274911592704&kwd[]=Best%20Accounting%20Software%20For%20Contractors%20Deals&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=6&kid[]=330002769&kbc2[]=rps_60%3D0.41%7C%7Crps_12%3D0.73%7C%7Crps%3D0.44%7C%7Cps%3D0.609%7C%7Crpc%3D0.11%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Recommended%20Antivirus%20Software&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=7&kid[]=23989256&kbc2[]=rps_60%3D0.56%7C%7Crps_12%3D0.45%7C%7Crps_62%3D2.60%7C%7Crps%3D0.62%7C%7Cps%3D0.609%7C%7Crpc%3D0.18%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Camions%20militaires%20d%27occasion&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=8&kid[]=329484539&kbc2[]=rps_60%3D0.45%7C%7Crps_12%3D0.75%7C%7Crps%3D0.46%7C%7Cps%3D0.609%7C%7Crpc%3D0.18%7C%7Clvl%3D1.00&ktd[]=274894815488&rand=1644415945747&cid=8CU709Q2E&vwid=1644415944504256994&vi=1644415944504256994&l3ch=0&slnkp=no&bdrct=0.00&vgd_mseg=0.00&vgd_rt=384&bto=102&tdAdd[]=rtbsd%3D10&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1644415944181952922&vgd_l1rhst=contextual.media.net&vgd_lhl=735&vgd_ifrmode=00&sttm=1644415945177&upk=1644415945.25022&hvsid=00001644415945177036448888326211&verid=3121199&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_hbReqId=T1644414336C8S37U73&vgd_isiolc=1&rtbsd=10&vgd_pgid=p01887205542t202202091412&matm=1644415945754&vgd_ltime=1013&vgd_ltimesrc=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_pdtid=1&vgd_implt=3&vgd_dfp_tgt=%7B%22crid%22%3A%22158962444%22%2C%22mnet_segment%22%3A%220.00%22%2C%22mnet_variant%22%3A%2250%22%2C%22pub_domain%22%3A%22filecr.com%22%2C%22mnet_cc%22%3A%22DE%22%7D&vgd_sbSup=1&vgd_l2wsip=2886781335&vgd_nrrsf=nrr&vgd_nrrv=64488&vgd_nrrs=64488&vgd_nrrmf=48&vgd_cntrdt=AS%7CDIV-158962444%7CDIV-filec-799851020&vgd_x_pos=1077&vgd_y_pos=2737&vgd_ren_page_h=5398&vgd_cty=FRANKFURT&vgd_l1hcsd=A16%7C949&vgd_sethcsd=A35%7C949&vgd_cfud=200415&vgd_is_amp=0&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=292_150&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=1&oRurl=http%3A%2F%2Fcdng%2Ffcmain.js%3F%26esi%3D1%26%26fvips%3D0%26vpf%3D000%26chost%3Dcontextual.media.net%26cb%3Dwindow._mNDetails.initAd%26%26gdpr%3D1%26cid%3D8CU709Q2E%26cpcd%3DJ4KyVMDqN4ojQ3TohxUIjg%253D%253D%26crid%3D158962444%26size%3D270x416%26cc%3DDE%26chnm%3DFilecr%26https%3D1%26vif%3D1%26requrl%3Dhttps%253A%252F%252Ffilecr.com%252Fwindows%252Fmicrosoft-office%253F%2526query%253Dquery%252520value%2526id%253D6347414880%26nse%3D5%26vi%3D1644415944504256994%26lw%3D1%26ugd%3D4%26rtbs%3D1%26hlt%3D1%26dfp%3D1%26nb%3D1%26blacpfl%3D1%26baeFlag%3D1%26blapd%3D0%26isOffice%3D0&tdAdd[]=uiparams%3D%3Brend_w%3A292%3Brend_h%3A150%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A8&vgd_end=1
Domain
lg3.media.net
URL
https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001644415945221036448888328873&geo=50.12|8.68&lper=100&bdrid=9&subBdr=98&fp=Nl0xqFbJAHUEHmTY6G8uVa7mxBNcilWzEdi9pJKsRRiT4A6Nmn5Ie3Z2J7Q5l8gS6E2yCYQ4KibxU5bIAvJ3EB8KF9820KuA3Yicsk8zUNr3ZX2oLOYQ5w%3D%3D&lpid=&tsid=18&q=&prv=&type=&ps=&cme=9YhMspLYnVCTOclGOWHbkITnjlKlMZ9sOnwu01ohHxC6F56hXgprUVcIIJGU_Wkgu5SF9G8RaWZH155rLf5qCGeJqNgkOjetZwPJwiCDThNKERsTq0RRLQzbgPPALIPagoIMvK58C9GrV60KnFBQ7YJXHShB5_Z4fjRDzsNR_h30NzXk83Mi45QqXl3RcYww3xx3TEhkji8%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7CzT5Md2DTyJDBmnk4lkFPyA%3D%3D%7CsRBSg3CPSiQ%3D%7CYdjFvixrVaFXqwBBP0Bt8sQp8UU6jVJJy4qrouRr2ZztLVLoWc6hOk8sWz-EojPAa5rx0r0GCXd3U68LflqZmwZDzI_72fyRyoO7U3KywXc%3D%7CN7fu2vKt8_s%3D%7COR4Bc5whuElFsaVRpgYJNDyYFS3Zm8EChW4hQ1ECdaepBbOvL1uGNZCwNC5oOuvUXTffYcpsGmhNotm4eo3Y5eh968RF-r4BtuIk66KWRqPZIXq880UPP8znI40pScuDYmMofeawdrsBscwEwAGU3L9oXiBNR40XuGwbUQ8G72fzoCvql6IqjpeptXBfPw1Kuxri6r_03HKMXmMBU3GDz7dQKvUMgd1-%7C&hint=&td=&cc=DE&wsip=2886781336&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=0&vgde_kbbh=WoNWNY&vgde_setid=NW&&rc=0&ksu=75&vgd_opp_id=111774924011645641644415945223&fdkt=240&kwd[]=Top%20Antivirus%20For%20Windows%2010&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=1&kid[]=330006220&kbc2[]=rps_60%3D0.08%7C%7Crps%3D0.08%7C%7Cir%3D1%7C%7Ciid%3D12945461%7C%7Cps%3D0.609%7C%7Crpc%3D0.91%7C%7Clvl%3D1.00&ktd[]=277042299136&kwd[]=Best%20Antivirus%20Software%202021&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=2&kid[]=329900792&kbc2[]=rps_60%3D0.56%7C%7Crps%3D0.56%7C%7Cir%3D1%7C%7Ciid%3D13183894%7C%7Cps%3D0.609%7C%7Crpc%3D0.40%7C%7Clvl%3D1.00&ktd[]=277042299136&kwd[]=Best%20VPN%20Service&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=3&kid[]=324952854&kbc2[]=rps_60%3D0.86%7C%7Crps%3D0.86%7C%7Cir%3D1%7C%7Ciid%3D7525714%7C%7Cps%3D0.609%7C%7Crpc%3D0.43%7C%7Clvl%3D1.00&ktd[]=275716899072&kwd[]=Best%20Antivirus%20for%20Windows&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=4&kid[]=48770207&kbc2[]=rps_60%3D0.56%7C%7Crps%3D0.56%7C%7Cir%3D1%7C%7Ciid%3D3199878%7C%7Cps%3D0.609%7C%7Crpc%3D0.40%7C%7Clvl%3D1.17&ktd[]=275716899072&kwd[]=Time%20Tracking%20Software&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=5&kid[]=28491148&kbc2[]=rps_60%3D0.27%7C%7Crps%3D0.27%7C%7Cir%3D1%7C%7Ciid%3D9724785%7C%7Cps%3D0.609%7C%7Crpc%3D0.27%7C%7Clvl%3D1.00&ktd[]=275716899072&kwd[]=Best%20Accounting%20Software%20For%20Contractors%20Deals&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=6&kid[]=330002769&kbc2[]=rps_60%3D0.41%7C%7Crps_12%3D0.73%7C%7Crps%3D0.44%7C%7Cir%3D1%7C%7Ciid%3D19515982%7C%7Cps%3D0.609%7C%7Crpc%3D0.11%7C%7Clvl%3D1.00&ktd[]=277042299136&kwd[]=Recommended%20Antivirus%20Software&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=7&kid[]=23989256&kbc2[]=rps_60%3D0.56%7C%7Crps_12%3D0.45%7C%7Crps_62%3D2.60%7C%7Crps%3D0.62%7C%7Cir%3D2%7C%7Ciid%3D7110010%7C%7Cps%3D0.609%7C%7Crpc%3D0.18%7C%7Clvl%3D1.00&ktd[]=277042299136&rand=1644415945773&cid=8CU709Q2E&vwid=1644415944811828296&vi=1644415944811828296&l3ch=0&slnkp=no&bdrct=0.08&vgd_mseg=0.08&vgd_rt=416&bto=0&tdAdd[]=rtbsd%3D10&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1644415944181952922&vgd_l1rhst=contextual.media.net&vgd_lhl=743&vgd_ifrmode=00&sttm=1644415945221&upk=1644415945.25022&hvsid=00001644415945221036448888328873&verid=3121199&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_hbReqId=T1644414336C8S37U73&vgd_isiolc=1&npgv=1&rtbsd=10&vgd_pgid=p01887205542t202202091412&matm=1644415945782&vgd_ltime=997&vgd_ltimesrc=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_pdtid=1&vgd_implt=3&vgd_dfp_tgt=%7B%22crid%22%3A%22855267286%22%2C%22mnet_segment%22%3A%220.08%22%2C%22mnet_variant%22%3A%2299%22%2C%22pub_domain%22%3A%22filecr.com%22%2C%22mnet_cc%22%3A%22DE%22%7D&vgd_sbSup=1&vgd_l2wsip=2886781336&vgd_nrrsf=nrr&vgd_nrrv=64488&vgd_nrrs=64488&vgd_nrrmf=48&vgd_cntrdt=AS%7CDIV-855267286%7CDIV-filec-1768468207&vgd_x_pos=1077&vgd_y_pos=3497&vgd_ren_page_h=5398&vgd_cty=FRANKFURT&vgd_l1hcsd=A16%7C949&vgd_sethcsd=A35%7C949&vgde_bdata=G8Ov9.9W%7C%7Ceev9%7C%7CQQvuF99-uf99%7C%7CmyG8Ov9.9W%7C%7CNGOEv9.9W%7C%7CGkj1yv9%7C%7CQmGEv9%7C%7COO8ev%25%25rs0MrV%2F%25%25%7C%7COYYv%25%25rcbMb_DK_4Z3%25%25%7C%7CO7Nvz5ON%7C%7C1G7JvyNEMB%7C%7CwQBv%25%25qKbMb4%3DaIrMpVII4D%25%25&vgd_cfud=210405&vgd_is_amp=0&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=292_469&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&oRurl=http%3A%2F%2Fcdng%2Ffcmain.js%3F%26esi%3D1%26%26fvips%3D0%26vpf%3D000%26chost%3Dcontextual.media.net%26cb%3Dwindow._mNDetails.initAd%26%26gdpr%3D1%26cid%3D8CU709Q2E%26cpcd%3DJ4KyVMDqN4ojQ3TohxUIjg%253D%253D%26crid%3D855267286%26size%3D300x600%26cc%3DDE%26chnm%3DFilecr%26https%3D1%26vif%3D1%26requrl%3Dhttps%253A%252F%252Ffilecr.com%252Fwindows%252Fmicrosoft-office%253F%2526query%253Dquery%252520value%2526id%253D6347414880%26nse%3D5%26vi%3D1644415944811828296%26lw%3D1%26ugd%3D4%26rtbs%3D1%26hlt%3D1%26dfp%3D1%26nb%3D1%26blacpfl%3D1%26baeFlag%3D1%26blapd%3D0%26isOffice%3D0&tdAdd[]=uiparams%3D%3Brend_w%3A292%3Brend_h%3A469%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A7&vgd_end=1
Domain
sync.go.sonobi.com
URL
https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Verdicts & Comments Add Verdict or Comment

166 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| _wpemojiSettings function| advanced_ads_ready object| advanced_ads_ready_queue object| cppVars undefined| $ function| jQuery object| advads_options object| advads number| advadsCfpExpHours number| advadsCfpClickLimit number| advadsCfpBan string| advadsCfpPath string| advadsCfpDomain object| advadsCfpQueue function| advadsCfpAd object| _mNHandle string| medianet_versionId string| medianet_chnm object| medianet_misc function| gtag object| dataLayer object| adsbygoogle string| ajaxurl number| parent_post_id number| cpage object| twemoji object| wp object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| googletag object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue function| google_process_slots object| google_persistent_state_async function| google_spfd number| google_unique_id object| google_sv_map number| google_lpabyc function| advanced_ads_check_adblocker object| jixreTphGoA53e function| _0xe8c object| advanced_ads_responsive number| advanced_ads_resizetimeout number| advanced_ads_cookieexpires number| advanced_ads_browser_width function| advanced_ads_resize_window function| advanced_ads_save_width function| advads_resize_delay function| advanced_ads_get_browser_width string| google_user_agent_client_hint object| bsagpt object| bsaheaderbid function| pbjsChunk object| pbjs object| _pbjsGlobals object| ADAGIO string| nobidVersion object| nobid object| BSAOPTIMIZE_TARGETING object| BSAOPTIMIZE_targeting object| BSAS2S_TARGETING object| BSAS2S_targeting object| BSA_TARGETING object| bsa_targeting object| optimize object| bsas2s object| addComment object| __SVG_SPRITE__ object| ratingPlugin object| Confirm object| notification object| ShPublic function| updateQueryStringParameter function| setCookie function| onlyUnique object| advanced_ads_pro_ajax_object object| advanced_ads_pro object| advads_pro_utils object| Advads_passive_cb_Conditions object| advanced_ads_group_refresh function| Advads_passive_cb_Placement function| Advads_passive_cb_Ad function| Advads_passive_cb_Group function| advads_postscribe object| advads_admin_bar_items object| advads_has_ads object| advadsProCfp object| gaplugins object| gaGlobal object| gaData object| _mN object| _mNSrv function| setup string| _mN_Idf string| _mN_ctrM undefined| _mN_ctr object| mnjs object| hbCMBidxc function| _cR function| _cD object| _mNDetails function| _cmL1Require function| _cmL1Define undefined| _mNE function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ object| google_image_requests function| processGoogleToken number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| Criteo object| sas object| apntag object| _ADAGIO string| mantis_uuid object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP object| ONFOCUS object| google_llp object| criteo_syncframe_state object| criteo_pubtag object| criteo_pubtag_prebid_119 object| Criteo_prebid_119

90 Cookies

Domain/Path Name / Value
.3lift.com/sync Name: sync
Value: CgoIgQIQvLHQ9u0vCgoI4gEQvLHQ9u0vCgoI5gEQvLHQ9u0vCgoIhwIQvLHQ9u0vCgkICRC8sdD27S8KCQg6ELyx0PbtLwoJCAsQvLHQ9u0vCgoIjAIQvLHQ9u0vCgoIngIQvLHQ9u0vCgkIXxC8sdD27S8=
.mrtnsvr.com/sync Name: userId
Value: BShsf8N4M
filecr.com/ Name: PHPSESSID
Value: ak14q64eolalob29pg71idpccj
filecr.com/ Name: advanced_ads_browser_width
Value: 1600
.filecr.com/ Name: _ga
Value: GA1.2.752414008.1644415945
.filecr.com/ Name: _gid
Value: GA1.2.429487929.1644415945
.filecr.com/ Name: _gat_gtag_UA_139662474_1
Value: 1
filecr.com/ Name: session_depth
Value: filecr.com%3D1%7C158962444%3D1%7C855267286%3D1
.adnxs.com/ Name: icu
Value: ChgIvahBEAoYASABKAEwyZePkAY4AUABSAEQyZePkAYYAA..
.adnxs.com/ Name: uuid2
Value: 3039027062740373425
.rubiconproject.com/ Name: khaos
Value: KZFMSOAH-C-A1FB
.rubiconproject.com/ Name: audit
Value: 1|SDziDG3X/EjNbE+ekAqz2Dpcd3HBZZ775PzI6EyVJjlVAthPpLFZyzgG4oAvbPXeTLQpDmHaqIlo2B05UvZjL5aXonjhrrvlsqlSNZOaaDQ=
.doubleclick.net/ Name: IDE
Value: AHWqTUl6CW7Dse3wrIx3YB1tfNW5eSKaWRoDt9G1PkzsY1BYatk1ntBptGTXG2BNxB0
.filecr.com/ Name: __gads
Value: ID=fad8f577559e4736:T=1644415945:S=ALNI_MYJGcR1dBd6Og4mlEnW6Eb72qiEIA
.doubleclick.net/ Name: DSID
Value: NO_DATA
.3lift.com/ Name: tluid
Value: 4550041622706237391404
.bing.com/ Name: MUID
Value: 28E6E5585DEE649D2457F41E5C3C65E2
.adsrvr.org/ Name: TDID
Value: d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f
.yahoo.com/ Name: A3
Value: d=AQABBM3LA2ICEJcbTpIIQ5KdA0KLO3nvxCoFEgEBAQEdBWINYgAAAAAA_eMAAA&S=AQAAAlCfxnmmnX_P3xvfex-9f2E
.casalemedia.com/ Name: CMID
Value: YgPLzUF7u2cMsIS9c0FRsAAA
.casalemedia.com/ Name: CMPS
Value: 5201
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&1e6372f3-0215-4dc7-887c-e5bc4f48f60a"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NDQ0MTU5NDk7MjswMjGUQQD/LQvnp9NJOYSmcGe19ddv1u+y/JSLQ9Cl5vDd/w==
.linkedin.com/ Name: lidc
Value: "b=TGST02:s=T:r=T:a=T:p=T:g=2704:u=1:x=1:i=1644415949:t=1644502349:v=2:sig=AQG0hyZXRtdE8rpMoAZjTBIKdubkjaD-"
.casalemedia.com/ Name: CMPRO
Value: 1174
.casalemedia.com/ Name: CMST
Value: YgPLzWIDy80A
.servenobid.com/ Name: pid_312
Value: 3039027062740373425
.servenobid.com/ Name: pid_337
Value: y-bD7VY6RE2uE9DhUlD.VBLRoDAo2mKSTg3HOTf14-~A
.mathtag.com/ Name: uuid
Value: d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83
.lijit.com/ Name: ljt_reader
Value: a76f4590e6bb5a0dfe5f96f5
.gumgum.com/ Name: vst
Value: e_983204cf-656b-4a04-8741-b5374d9b8037
.quantserve.com/ Name: mc
Value: 6203cbcd-44eb9-9142b-4f3aa
.smartadserver.com/ Name: pid
Value: 1226549837188469878
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0sDA1tTQ3MjIxMzMwNDUwNRHiM9Q1SMspdIsvq0oLDvaU4jU0MzExMTS1NLE0sjAGAJVlJmo0AAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAADslzmtoZmJiYmhqaWJpZGECAJt5kPEQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0sDA1tTQ3MjIxMzMwNDUwNRHiM9Q1SMspdIsvq0oLDvYEABRX_tclAAAA
.lijit.com/ Name: _ljtrtb_273657
Value: 273657
.bidswitch.net/ Name: tuuid
Value: aabc893a-bc02-4f41-91f0-5567ecc5d0d4
.bidswitch.net/ Name: c
Value: 1644415949
.bidswitch.net/ Name: tuuid_lu
Value: 1644415949
.servenobid.com/ Name: pid_324
Value: 5108559722466015054
.servenobid.com/ Name: pid_310
Value: a76f4590e6bb5a0dfe5f96f5
.servenobid.com/ Name: pid_317
Value: 1226549837188469878
.servenobid.com/ Name: pid_309
Value: e_983204cf-656b-4a04-8741-b5374d9b8037
.openx.net/ Name: i
Value: aa4eaa93-801b-4935-aeec-643785a14174|1644415949
.casalemedia.com/ Name: CMRUM3
Value: 516203cbcd276073zE_Losl6v0esCqu3fZ9uh6xq30epL8uC9GJhrO&e66203cbcd2760&2d6203cbcd2760CAESEObt6wSoSAGOs3GqFS2lA-U&036203cbcd05a0&f16203cbcd05a0&276203cbcd0b40&496203cbcd05a0&bf6203cbcd05a0
.quantserve.com/ Name: d
Value: ELcBEgGzJbjvsQvuIA
.ads.pubmatic.com/ Name: KCCH
Value: YES
.creativecdn.com/ Name: u
Value: 2QxZb0B33Xa6zXKzwEUT
.creativecdn.com/ Name: ts
Value: 1644415949
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003%22%7D
.360yield.com/ Name: tuuid
Value: a7a1f989-b9b2-4aa4-881f-86b0a64a8a31
.360yield.com/ Name: tuuid_lu
Value: 1644415949
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YgPLzQAE8d2PLABH
.servenobid.com/ Name: pid_321
Value: RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003
.smartadserver.com/ Name: csync
Value: 76:CAESEI6CQNsdeY2rz8IFQtvplL4
.a-mo.net/ Name: amuid2
Value: 7279797e-0105-4993-a357-41b26af11a6b
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-8e9e6f86-4fc4-4f97-a35b-e4f6eb87ba4c-003%22%2C%22nxtrdr%22%3Afalse%7D
.servenobid.com/ Name: pid_327
Value: 7279797e-0105-4993-a357-41b26af11a6b
.postrelease.com/ Name: opt_out
Value: 1
.zemanta.com/ Name: zuid
Value: sVB3o9znczEXHW_y6L0C
.technoratimedia.com/ Name: tads_uid
Value: GDPR
.servenobid.com/ Name: pid_333
Value: YgPLzUF7u2cMsIS9c0FRsAAABJYAAAAB
.outbrain.com/ Name: obuid
Value: ef987571-0594-4e6f-83d4-802b86f160fb
event.clientgear.com/ Name: mkuuid
Value: mk9e4b4bb2-fa90-4129-b939-f78115b1a1e5
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-a69c2b60-c10c-4969-5b21-4666edb38d90.7mo%2FIJRZkBNBI4fnFOBXUFaTxw4qb%2FZ5fO4lqalHPlo
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AppwrYMEMSWlbIUZm7bONkNlAlwc.fyFD%2B4pdGuG6KY3LBkDb4OtpJbNX1i0IolcItj6s5LU
.ipredictive.com/ Name: cu
Value: 50f01cef-89b2-11ec-b48a-0ba201ff5bd5|1644415949674
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 0E75CF48-3D13-442F-AB98-88BCF9CF0EF3
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: pi
Value: 0:2
.pubmatic.com/ Name: DPSync3
Value: 1645574400%3A197_201%7C1644969600%3A164%7C1644451200%3A174
.pubmatic.com/ Name: SyncRTB3
Value: 1645574400%3A71_220_54_22_3_7_21_13%7C1644969600%3A223_2
.analytics.yahoo.com/ Name: IDSYNC
Value: "196n~2352:18z8~2352"
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIcHVibWF0aWMSCwj0s7nZh_i1OhAFGAEgASgCMgsI9Ku8hp74tToQBTgBWghwdWJtYXRpY2AC
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-YgPLzQAE8d2PLABH&KRTB&22978-YgPLzQAE8d2PLABH&KRTB&23194-YgPLzQAE8d2PLABH&KRTB&23209-YgPLzQAE8d2PLABH
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&KRTB&16736-uid:d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&KRTB&23019-uid:d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83&KRTB&23208-uid:d9bb6203-cbcc-4d00-9ab0-dff4f7d68d83
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f&KRTB&22918-d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f&KRTB&23031-d76fd2b8-bf7f-417d-80a6-8b2ab17cd02f
.turn.com/ Name: uid
Value: 3234945574012994077
.simpli.fi/ Name: suid
Value: 6A7A2A3A9B6E46F7981E66072DCC2BF9
.adform.net/ Name: C
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-3234945574012994077
.adform.net/ Name: uid
Value: 7884962989116408379
.pubmatic.com/ Name: SPugT
Value: 1644415949
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 3861b4a47bcd25c8
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEFud2lyvF4pnV9fWF8aPr8E&KRTB&16514-CAESEFud2lyvF4pnV9fWF8aPr8E&KRTB&23025-CAESEFud2lyvF4pnV9fWF8aPr8E
.pubmatic.com/ Name: PugT
Value: 1644415949
.pubmatic.com/ Name: PUBMDCID
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-3039027062740373425&KRTB&23339-3039027062740373425

7 Console Messages

Source Level URL
Text
network error URL: https://i1.wp.com/filecr.com/wp-content/uploads/2018/12/Scr2_Microsoft-Office_free-download.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://cdn.ampproject.org/rtv/012201141909000/v0/amp-ad-exit-0.1.mjs
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://cdn.ampproject.org/rtv/012201141909000/v0/amp-ad-exit-0.1.mjs
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://cdn.ampproject.org/rtv/012201141909000/v0/amp-ad-exit-0.1.mjs
Message:
Unrecognized feature: 'attribution-reporting'.
network error URL: https://eb2.3lift.com/xuidmid=7976&xuid=BShsf8N4M&dongle=u6nf
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://id.rlcdn.com/709414.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://idsync.rlcdn.com/420486.gif?partner_uid=0E75CF48-3D13-442F-AB98-88BCF9CF0EF3
Message:
Failed to load resource: the server responded with a status of 451 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5664fd4311393cd13a07214003eee7eb.safeframe.googlesyndication.com
8fddf9bcc2612d49750f2d9dbdb437ac.safeframe.googlesyndication.com
acdn.adnxs.com
ad.360yield.com
ad.mrtnsvr.com
ad.turn.com
ads.pubmatic.com
ads.servenobid.com
adservice.google.com
adservice.google.de
b1sync.zemanta.com
bh.contextweb.com
bidder.criteo.com
bidswitch-eu.splicky.com
btlr.sharethrough.com
bttrack.com
c.bing.com
c0c9f98d816a1ef8d4eddcc82c44813c.safeframe.googlesyndication.com
c1.adform.net
c2shb.ssp.yahoo.com
cdn.ampproject.org
cdn4.buysellads.net
cdnjs.cloudflare.com
ce.lijit.com
cm.g.doubleclick.net
contextual.media.net
creativecdn.com
cs.emxdgt.com
cvision.media.net
dmp.brand-display.com
dsum-sec.casalemedia.com
eb2.3lift.com
ecs.mantisadnetwork.com
eus.rubiconproject.com
event.clientgear.com
fastlane.rubiconproject.com
filecr.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
googleads.g.doubleclick.net
hb-api.omnitagjs.com
hblg.media.net
i0.wp.com
i1.wp.com
i3.wp.com
ib.adnxs.com
id.rlcdn.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
jadserve.postrelease.com
lg3.media.net
mantodea.mantisadnetwork.com
match.adsrvr.org
match.deepintent.com
mp.4dex.io
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.33across.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.yabidos.com
pr-bh.ybp.yahoo.com
pre.glotgrx.com
prebid.a-mo.net
public.servenobid.com
px.ads.linkedin.com
qsearch-a.akamaihd.net
res-a.akamaihd.net
rtb-csync.smartadserver.com
rtb.gumgum.com
s.amazon-adsystem.com
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.criteo.net
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
tg.socdm.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
webcrx.io
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
lg3.media.net
sync.go.sonobi.com
104.102.28.29
104.107.160.24
104.16.200.58
104.36.113.17
104.36.113.23
104.90.192.27
124.146.215.51
142.250.186.34
147.75.61.140
151.101.1.108
151.101.194.49
169.197.150.7
169.50.137.182
172.217.18.98
178.18.231.137
178.250.0.165
18.192.113.141
18.192.154.244
18.195.155.181
18.204.253.249
184.30.24.198
184.30.24.241
185.184.8.65
185.255.84.150
185.29.132.241
185.64.189.110
185.86.138.132
185.86.139.89
188.34.190.28
192.0.77.2
192.132.33.46
193.0.160.129
193.122.128.135
198.148.27.139
198.47.127.20
2.18.235.93
2.19.35.65
2001:678:cb4:bbbb::11
209.54.176.128
213.19.147.45
216.52.2.39
23.79.143.124
2602:803:c003:200::61
2606:4700:20::ac43:4bf1
2606:4700:3031::6815:3106
2606:4700::6810:125e
2606:4700::6810:75c3
2606:4700::6812:372
2620:116:800d:21:51e4:db4b:4436:b305
2620:1ec:21::14
2620:1ec:46::69
2620:1ec:c11::200
2a00:1450:4001:808::2001
2a00:1450:4001:808::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2001
2a00:1450:4001:827::2003
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:830::200a
2a00:1450:4001:831::2008
2a00:1450:4001:831::200e
2a02:2638:1::3
2a05:d018:d29:3605:9b3d:59c:490d:6d21
2a06:98c1:3121::7
3.126.56.137
3.33.220.150
34.102.163.6
34.232.92.67
34.242.212.194
34.253.143.212
34.98.64.218
35.156.29.201
35.157.246.167
35.174.217.176
35.244.174.68
37.157.2.239
37.252.172.37
37.252.173.22
47.252.78.131
50.31.142.255
51.89.9.253
52.12.81.72
54.144.85.208
54.194.68.215
54.76.105.117
64.202.112.255
67.202.105.24
69.173.144.138
69.173.144.165
76.223.111.18
92.123.194.171
94.31.29.32
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
03f88051c159c936239b4b7746817fa2dd5a61e9d81b0daa2f7a03c09233e308
048e8dd1bb8045173d95c8ed8a14b44d8d17e5b282e9fb68e5c39e7d8173ad57
04e15c27c7c1e344842fec61d78bfb338739501f6d293a013d57a808efcc3674
04fdcdcb75c2e47ab97b900ef4b9c98481d10d943821c7f6fe517f2db0ab831d
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05c212f90103f69a4500957f49c6a92f82f755e0c08188eb4ecbe243d03bd7fb
05e2888e835d97fe6e4cfb256f62f47d5dccf6d9ac202ea9d82a6bc2b1716c1d
05ed7424c6f3c3d2aec5dfe7fa92e5f617afe58a01666c1c584d342a8b57a0e7
074920ae6776d1b091a0f272dbc5394a6110c44bfbcbcaf0d03b1e1a7542bb4f
08bec63c7a9ec18eba0561015db6af0ea744016a18fb33a84acd6d1fa7bedf18
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c4c3f5f964ef36678dd72186afc380a1f2e348a6adc491ddce7d2e032255bcb
0d4bc100a85f745db78548e627853f6b3d0d255484865351d487fc0f30418cc1
0e88ad62ff0a0c72ef67e1daf40764b12861d27f3c7d1ddce8e7124d69621d59
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
102cba718e1d43a5bc72e19330595ed8e9fb022cdf86e7d9d9f4340a406da15b
106e6c2a3fd264d24879fe3df09967c85891d0dde07eadca2d31f238a98edde2
11cd1e1d49bf0a95c35aeb868dd4673260a225078ed2e054ed0fa6a8cb64e99e
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
14b9d1a73f30fca18435b89371578edf53a3d609619a202f120e1085f93f8a08
14f9a668e447705f6a189ebcd556ff41d49630cfc8501d50aa6c422f6427c9a5
1596e3a78579af92e80d3c0925bc63dd76f53a030d57c6d9f9d103ed5370eb04
15e116457c9d49a0e37d9128e98dd0da56c3413408aeb2e49903e490e98fc7c7
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1a41c5e9b082e36f905dac595fd7455bea77ddb041fa520320ada039522e55ec
1d85b430ebc4bda8d9852b759a7eaeed811726c0893c256eca1a140dc8342f67
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f962975afbcd526f4b0c7aca653c645350b53849552c38fd839b76ef9a74b4e
25b496003bedfabd2cf715329e2601f329ab5fc39ec66418684ae58e33439fc2
25ef19f52907680cb9b29f6416c5232ee1ed0e56e54e3c1c063ce12952d64cd6
27515e7afe6e418b001b5bc8a8f01ffaf0b81a7c6994b03291ef695516cee1bc
2a0871fd53f2a0dd8aa6c9b4992ef79173a92abd3e3eb50d735f387a5480fe02
2b0734b4baa03d37a2ef25d13b14bc89868bc5762dc1b90505b4994e38400cf6
2b139d2871e745eeca0ed22ce994df828a96faefe86aa5e47d06c58184845445
2b83e5bd7cd902d9d3e7fded60ac87e91040f56dd300a94bf93975ee3ce37b1b
2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
2cf0d2564f162230fdc845a7a56be4a41d5846bf8443af42e367722f6889548e
2d1dda37cc0f6885b23e092150e24e111b8ce7d35370a9a0e03ddc197a1fec96
2e0d3d947e352263e2f0fce1851654d434e04ec6d6dd16ac16da195a87dd2bb6
2ef0d9f83f7f5b72983e8ed62e57c73d69fe9cba93dee7eb13284d861998a086
2f1779d6d7ce15adeb7dff619526eae00fadb9dfdd48de710c9c53af10980bf8
308c252b2381b887baf74268990c582643dbdaad9e9b332d158112745e2c65ea
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
34012066e84b48862a3bf8e20dd58b5df7ab54625ea46060c9f2827e0da2d80a
344f818244c72a40111e69811b8968e79c61e36a72eb984a529cae2e73cdca48
34a94e5c6c22635afd857d3310b8aecd9ecd53d8e825654306e7633e775e7e0b
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
37517faf41bdf9781fae236c13b3d855c3f4b233f2adf8e2f96b4f180f3304ee
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d
3a7b5f2e7e3fd51102d05b2706291210864e7890361d932311a18048073374ae
3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d
3abf391b0c5e5b90d6233e99d35a7ff487b9ee71b2a6268fdfcc935e866b4eea
3ad4ed8891fc05ebc7e86fc94c8fdd5fcbd1a9fd7c32c45488e77e49165a25d0
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3c84439f49338eeb46b690c91605ff57d01ba38fad6bdb038833d1ef14e6fda8
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3dbfe6eda0abf69eb1901f4696d5daf4e276cb6dd8c30dfaa26b724b60251635
3e4609b61e3f7b1135d9d5dac5113fdeccf8085478d37cea8ea11cf63034e8af
3fad63993e27fa3f20b4baf898d11e54029341a25af2e759acc5d41ae4a595b0
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
47168af81d6da682065294d09fdd18596989831eee323959ac7d0646f7746a12
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4cf0498d6f16d928751dae8b235dab5e250f65d561f43e2dc20d982efac6016f
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4db9a2000647dd95456d2cbce039be1bd99790f543d2d581f2557e9ebdbf4627
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
521a8eaf8c4a2ba9501acfdf35b7d1ebb4bbb4c7aca2d4ee43e01984d73991e5
53c9feea97fea966c734faafd720ace56546a27de93d2f723d2baffe6423a784
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5674dabf3d0dee647c9ea076dcb3406403eeb5a10b1cd3fcbc5415b82c0fde90
574f5dc48c403fa7ede2cb0e9bcbc979c2cdf658c2268a4744140f5f174d3e93
58b7e980fbe3818580e8c6a378a13eacd8d5d49c175f1b287aeb0b980c732b5a
58c9e8f7f121a11b1516bdac16d6e56bf75ee2fe57f6f505f2fd88a07e687b05
593ebc50af967aed389190da039e98318c661c139e628260d7f28bdc0612c195
5a1e1ea4371d2ed657a43e16e36e1f3dc272d51711d5af9c80fec27663333413
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5cf7f3955d0914e13f87bd8b102f2ebdd67153eb9111ad01101f5d550b00895c
60b6fb70c39877b90333526914dbc0d47052cd8c4c298c421aaee2f9d6b48bcc
6190cf08a97e8709e462d81f4c015ac058ebf5e887e96f8b6a1eceea22fde083
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64bd840051fe9afbe7981b1bd8f9e637936c9d6279225792c12777f9a45806c3
64cb9b870e594ab768f91fe6fa039119c4cdfd119998f33a5409f51e6f5fce33
65d1e86b9125e69ca0810acf1c49616b5475a9a056a22c59cf4265f642601feb
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
6823285eb46b5b3f5c60cedb96d66a4d18bdc335096705d9f9c72aa681ddab5a
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b009f75c514b89017144dcf804575cb6dd93a8f26ec93abe801a6b6772cc2e7
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
70eb9820f1f0bb51f7c41cf924adc95b5fe18c0584c3d87763c7a2dd0588df34
734e4f290f94cfe581964eb14325a77b38b4f1c3204aeba975f3a9ecfc4b860a
7447c1664f6a06328cd895a4914acad40ad47827ebe00becbd570138ff7e785c
74cb2c29739ccfc2a6e21e9f2bbc924174e20ec375f9b8e10727567e1948cac2
75308b2efe76fc8e98d623d0ade7ab164b8bfebfe00d1fc36687a0f50109f263
78764511d26b95603faa6e3ebee8a8f23df0cd2b694f7a0966d7720f53fe65e7
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7a31b0310331c8959b07a0fffd3bcbc1d7b67100ad78576323a5a0136146a080
7a358037cf18c7e7f0f4b43b021713716ca3716cf13fb660475880f1ddd5189e
7ad41489fea53c41286c8548a22aeabc91438558b2fbc10866d8b56321ad114f
7b6fef0a63424245b31b293b1a3bfd074c9da482e28fb9e920e1cf306e54e8a2
7c4037984cb7225ae934a56d854582d4bfe9df0dbb7c6cff4b0a6b5634c92710
7f60440f795d0babe149abcf7d0c65bc1a92690091a6c38ea876125e9382f659
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80d9e873e047105023e86119996fc2346c276f6da26ffdb95b8e45a716fd8f73
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
838d4931e1182683da9b6951a0d99d942e26adb0077f05f4b1647522f734735c
8852dc4007339811b06753da707b4815bb8f2abb9e46eb84a7d6a77949638bed
89e267039d32f778ee14f762d623290ef56cc3965c0d8843a9f81d5748322d72
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8af0b5fd87f0cf0c57915fb6094244ca5c108f21c063fd6917ee809259ae3a97
8c0449d149c1b09b9d15e7fe60b91be9e0fec28893b0890b2ba894fded336935
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dca9599c3166a46d38498fb4cc3712492404a26ab4c91abd7d5abeef3eb59c5
93bb566051f9f593daa37a036a4d9c8d64c82394911c0aa519f81f654d44b9bd
97f7bc0dd1c363e132556d8046841da9919b71a0e4763c577c4d1a2e9d31870b
998c8df172348a7eed85d2d7a25cca359d1cb5a8482e8b20c06699158ee3ecbe
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9cdfe09791d2560f2b183c76ff6504e28187ba36ffd71f90edb919391c98a88b
9f7b253187b439b02425274f9d72a7257207e19f92adf5758ac7eeb6e2f5cb2e
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2b961cdbeb5891ec78025c48044449471b83ff15667bdcd7322eaeac9817ae0
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b
a6eccff95004d261e87dc2aec5d3a1197c9bdc9c57014a5bdf9611f8fc4798d0
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7d040d5e84706dac2d471ad33830bd0ae361ca06e53e72e817701478c6d5afa
a83b1f3e821e72ac43110a8762ab91f070fca6c426c95e30c845b6c894f8848f
a969b6aad84c69a5a60aa38b1dc211818c0b713f020ae274424e7546c4169501
a99d9a63bc96ec98b7e05f106603236b4d6f5b53bd9d4ebabb25543047b35bef
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
ae56c6f105f24f8bad1d41c33577c2e023bef42a7bb9c181d8e4acfd99ee65aa
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b161a452760e628e5d4e19573320eff7833f5da41a399d8fe332dcf191a49afa
b3b3cf311d2b774d91ca43aa14f3b72a59c125b9896d6c395e29fd201aa971e4
b7f6b382321b107a47d93df38d0dae0c1bfa3488df9125d5c555498200f9b024
b880838d99cc0b9b97b8d416226cc78a0006e7fcec7b1b17753c1ef5619b3bce
b9fbb4a12ad07c9b7f21d3c2d1db64399b3c0ce4b1afe7ac2b03ed8dfb811eb3
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbfd30e5fd2bd475d319b5b55ab61469966d1517b703f9bd830a6f3207387c27
bc037f53507ee9ef7b334b632b85b88a4ed22128458f100200289626f159d67a
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
be5f701f37218795787c585bdac8050f748447d710da0bdf08a22f15ee7b119e
c1ffc9ca7657f3d655db7b79eb1e7316e4d23aab2df01606d8ce022385e4b985
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c7c64db5541d36c15a5943febaa583a41956f9036aca8d4018fc30bfaff7d282
ca82c6fa96b1a93d64373634ea45406a6e35fdbb33e098f6356d3a68b95a05e8
cb696ecd7c4f31fdd7c7c1cc37e8efc29614fbcbadf74f455aa496d72ce33250
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cc83fe6d180fd859f448bacd040799bf379ee7e0d9b1e6c3f19499c1c4358864
ccfb13f080c34a055931e40ffe53d5821ea75abca78e9e22863f862134e5fb28
cecd27ce9737114e23fa8dda3be3041f7c36cdafd31822d2e5bae793669bd13f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfefa3f6b8f0bce5ce58f349d7b1dc101554c35b4e35c923b0c6db08cc79095a
d1ef580c80499ba59ac77312848b22bd7e5213c28314fce8f8f2e501a8128ca9
d5f6ab7ced9ffe24779a3eba8243c7dc2ca14104fe6ef6a472f45fb83dff01d5
d6b53be4a70b8548138a6bdb8e2667fb5df6b36cd28f35069b64c9c2420bb05d
d8ade0d94aaf4b3d52776b75609e8d1c31995677a0a033a6fa2408425da07740
d8d01b8fe3135b49303b3241f2443d1911075ed546902965de0367d0b5544820
da5241bc17f546e5ec891bd51d921431e6ac9b162ab52af93948f2666ba0b3fc
dbfcc6490f64e44df4da2b366c50e819abc68cacdfcd81f8ec7f91c7ab35ff27
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddc3772d74cdeb770e11649cd2679380f1ec494f1b2df549a20ed283bb8a3f88
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
e0a340168a7bd755ec03f037b0890a5963c7d4e01a371f818828de8e009bf818
e2b0c644e90d90d54a55d3c7dd7dde3f8897a92f18ee6d69d74d5cab0167405e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e60ebb7a34b9e7d06c9c4ddf4a44eb523b03f2826b34159f04a86996625c0a21
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ea29de07cdb14f2c6c59c06fdcd4ec30c2030b3ba8ee6a0aa325085496b9a94d
eb2308287201b92392dfb22f6980474a593b8310671e0d63f153af7df558be28
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f312a20c6132b5c1b0ea46ee9d034b4ad198ceefbcf46b8e22672d4604182da5
f5ef63bcd883c3e6ecca9a17785b10ee897b51aec76328706887ceb220742d71
f8f99b94f1507b48d8e7820b7844586fb084f7506e141dc573ebfa45693c6b07
f903b0e68ac1cb80ad56c6da32fa545314baa698fb8f2e6a65b8e33fca427d96
f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b
fa5d2912bec294d33c9dc4be4a00a9a5f4ac993049a935f4535ae687e3b08d0b
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
fd838d775534e1d2eef7b894fdd1a43b2ab6a10e22a7d1e01fee489ee683d9d4
fd8748fa72d75a8bf30df88eb29b37837a46a38318cd0b21a649d16aad82cbbc