urlscan.io logo urlscan.io
SecurityTrails logo

filecr.com Open in urlscan Pro
2606:4700:3035::ac43:8bfc  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://filecr.com/windows/microsoft-office/?id=6320067552
Effective URL: https://filecr.com/windows/microsoft-office?id=6347414880
Submission: On February 09 via manual from IE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 71 IPs in 10 countries across 74 domains to perform 380 HTTP transactions. The main IP is 2606:4700:3035::ac43:8bfc, located in United States and belongs to CLOUDFLARENET, US. The main domain is filecr.com. The Cisco Umbrella rank of the primary domain is 223315.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 11th 2021. Valid for: a year.
This is the only time filecr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 24 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
20 92.122.253.103 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
56 2a00:1450:400... 15169 (GOOGLE)
12 192.0.77.2 2635 (AUTOMATTIC)
3 94.31.29.32 33438 (HIGHWINDS2)
1 2606:4700:303... 13335 (CLOUDFLAR...)
8 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
9 142.250.181.226 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
68 2a00:1450:400... 15169 (GOOGLE)
2 92.123.194.171 20940 (AKAMAI-ASN1)
2 6 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
4 51.89.9.252 16276 (OVH)
1 2602:803:c004... 26667 (RUBICONPR...)
3 54.80.147.122 14618 (AMAZON-AES)
1 18.184.27.79 16509 (AMAZON-02)
10 54.171.171.24 16509 (AMAZON-02)
2 5 37.252.172.250 29990 (ASN-APPNEX)
1 185.255.84.151 200271 (IGUANE-)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 35.157.246.167 16509 (AMAZON-02)
1 52.29.163.83 16509 (AMAZON-02)
1 178.250.0.165 44788 (ASN-CRITE...)
19 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
2 2a02:2638::3 44788 (ASN-CRITE...)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
1 178.250.2.146 44788 (ASN-CRITE...)
2 6 13.248.245.213 16509 (AMAZON-02)
1 151.101.65.108 54113 (FASTLY)
1 2620:1ec:bdf::69 8068 (MICROSOFT...)
4 104.89.20.125 16625 (AKAMAI-AS)
5 7 3.33.220.150 16509 (AMAZON-02)
1 1 34.102.163.6 15169 (GOOGLE)
6 12 142.250.185.66 15169 (GOOGLE)
1 2620:1ec:21::14 8068 (MICROSOFT...)
3 4 2a05:d018:d29... 16509 (AMAZON-02)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
2 4 209.54.176.128 16509 (AMAZON-02)
5 6 3.122.48.254 16509 (AMAZON-02)
3 3 70.42.32.31 22075 (AS-OUTBRAIN)
2 104.16.200.58 13335 (CLOUDFLAR...)
1 18 63.33.153.210 16509 (AMAZON-02)
2 67.202.105.22 32748 (STEADFAST)
2 185.86.138.119 201081 (SMARTADSE...)
2 6 2.18.234.21 16625 (AKAMAI-AS)
2 2 72.251.249.9 29791 (VOXEL-DOT...)
7 7 213.19.147.44 26120 (RHYTHMONE)
1 3.215.6.188 14618 (AMAZON-AES)
1 1 193.0.160.128 54312 (ROCKETFUEL)
1 1 147.75.61.140 54825 (PACKET)
3 3 3.126.56.137 16509 (AMAZON-02)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 35.244.174.68 15169 (GOOGLE)
5 69.173.144.165 26667 (RUBICONPR...)
4 4 69.173.144.139 26667 (RUBICONPR...)
5 5 151.101.66.49 54113 (FASTLY)
6 6 185.29.134.248 30419 (MEDIAMATH...)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
1 1 37.252.173.62 29990 (ASN-APPNEX)
2 2 54.229.65.185 16509 (AMAZON-02)
3 4 70.42.32.255 22075 (AS-OUTBRAIN)
3 3 63.34.220.234 16509 (AMAZON-02)
2 2 35.244.159.8 15169 (GOOGLE)
2 2 44.193.191.16 14618 (AMAZON-AES)
1 1 3.210.4.50 14618 (AMAZON-AES)
1 129.159.70.95 31898 (ORACLE-BM...)
1 38.91.45.7 398989 (DEEPINTENT)
1 1 104.90.192.27 16625 (AKAMAI-AS)
1 1 198.148.27.140 19189 (PULSEPOINT)
2 104.102.28.254 20940 (AKAMAI-ASN1)
1 1 23.37.42.132 16625 (AKAMAI-AS)
1 18.195.155.181 16509 (AMAZON-02)
1 1 202.241.208.57 4694 (IDCF IDC ...)
2 2 185.184.8.65 204995 (RTB-HOUSE...)
1 2 34.249.68.36 16509 (AMAZON-02)
1 3 37.157.4.24 198622 (ADFORM)
1 1 2620:116:800d... 16509 (AMAZON-02)
3 185.86.137.133 201081 (SMARTADSE...)
1 2600:9000:223... 16509 (AMAZON-02)
2 2 135.125.160.77 16276 (OVH)
1 192.82.242.209 62713 (AS-PUBMATIC)
7 185.64.189.110 62713 (AS-PUBMATIC)
2 198.47.127.20 3257 (GTT-BACKB...)
1 159.122.14.34 36351 (SOFTLAYER)
1 1 2001:678:cb4:... 56396 (AMOBEE)
380 71
24    2606:4700:3035::ac43:8bfc (United States)

ASN13335 (CLOUDFLARENET, US)
filecr.com
2    2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
20    92.122.253.103 (Schiphol, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a92-122-253-103.deploy.static.akamaitechnologies.com
contextual.media.net
lg3.media.net
hblg.media.net
cvision.media.net
1    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
56    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
googleads.g.doubleclick.net
adservice.google.de
12    192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com
i0.wp.com
i3.wp.com
i1.wp.com
3    94.31.29.32 (United Kingdom)

ASN33438 (HIGHWINDS2, US)
PTR: 94.31.29.32.IPYX-077437-ZYO.above.net
cdn4.buysellads.net
1    2606:4700:3035::6815:5fcf (United States)

ASN13335 (CLOUDFLARENET, US)
webcrx.io
8    2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
2    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
9    142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net
partner.googleadservices.com
securepubads.g.doubleclick.net
1    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
5    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
3    2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
2cb0187cd3d20e6650642c04dbdfecbc.safeframe.googlesyndication.com
455beac1592b3ea97440f892c734097e.safeframe.googlesyndication.com
7df9b2a3865eed8f4b5a96cd199cdd0a.safeframe.googlesyndication.com
68    2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
2    92.123.194.171 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-194-171.deploy.static.akamaitechnologies.com
res-a.akamaihd.net
6    2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)
script.4dex.io
4    51.89.9.252 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu
onetag-sys.com
1    2602:803:c004:200::141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
3    54.80.147.122 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-80-147-122.compute-1.amazonaws.com
mantodea.mantisadnetwork.com
ecs.mantisadnetwork.com
1    18.184.27.79 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-27-79.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
10    54.171.171.24 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-171-24.eu-west-1.compute.amazonaws.com
ads.servenobid.com
5    37.252.172.250 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
1    185.255.84.151 (Paris, France)

ASN200271 (IGUANE-, FR)
hb-api.omnitagjs.com
1    2606:4700::6812:372 (United States)

ASN13335 (CLOUDFLARENET, US)
mp.4dex.io
3    35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
c2shb.ssp.yahoo.com
1    52.29.163.83 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-163-83.eu-central-1.compute.amazonaws.com
tlx.3lift.com
1    178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com
bidder.criteo.com
19    2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
6    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
8    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
6    2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
2    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
1    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
6    13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
1    151.101.65.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
1    2620:1ec:bdf::69 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
public.servenobid.com
4    104.89.20.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-20-125.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
7    3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
1    34.102.163.6 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 6.163.102.34.bc.googleusercontent.com
ad.mrtnsvr.com
12    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
cm.g.doubleclick.net
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
4    2a05:d018:d29:3605:29a3:4540:1075:3349 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
4    209.54.176.128 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
6    3.122.48.254 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-48-254.eu-central-1.compute.amazonaws.com
x.bidswitch.net
3    70.42.32.31 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
2    104.16.200.58 (None, )

ASN13335 (CLOUDFLARENET, US)
pixel.yabidos.com
18    63.33.153.210 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
g2.gumgum.com
rtb.gumgum.com
2    67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net
pixel.33across.com
ssc-cms.33across.com
2    185.86.138.119 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync.smartadserver.com
6    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
2    72.251.249.9 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
ce.lijit.com
7    213.19.147.44 (United Kingdom)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
1    3.215.6.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-215-6-188.compute-1.amazonaws.com
jadserve.postrelease.com
1    193.0.160.128 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
1    147.75.61.140 (Ashburn, United States)

ASN54825 (PACKET, US)
prebid.a-mo.net
3    3.126.56.137 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
2    2606:4700::6810:79c3 (United States)

ASN13335 (CLOUDFLARENET, US)
pre.glotgrx.com
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
idsync.rlcdn.com
5    69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
4    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
5    151.101.66.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
6    185.29.134.248 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
1    2a00:1288:80:800::7000 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
ads.yahoo.com
1    37.252.173.62 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
2    54.229.65.185 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-65-185.eu-west-1.compute.amazonaws.com
ads.avct.cloud
4    70.42.32.255 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
sync.outbrain.com
3    63.34.220.234 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-220-234.eu-west-1.compute.amazonaws.com
ice.360yield.com
ad.360yield.com
2    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
us-u.openx.net
2    44.193.191.16 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-193-191-16.compute-1.amazonaws.com
sync.srv.stackadapt.com
1    3.210.4.50 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-210-4-50.compute-1.amazonaws.com
sync.ipredictive.com
1    129.159.70.95 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
1    38.91.45.7 (United States)

ASN398989 (DEEPINTENT, US)
match.deepintent.com
1    104.90.192.27 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-192-27.deploy.static.akamaitechnologies.com
stags.bluekai.com
1    198.148.27.140 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
2    104.102.28.254 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-28-254.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    23.37.42.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
1    18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
cs.emxdgt.com
1    202.241.208.57 (Japan)

ASN4694 (IDCF IDC Frontier Inc., JP)
tg.socdm.com
2    185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net
creativecdn.com
2    34.249.68.36 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-68-36.eu-west-1.compute.amazonaws.com
bcp.crwdcntrl.net
3    37.157.4.24 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
1    2620:116:800d:21:3175:5196:e3fd:8c1d (United States)

ASN16509 (AMAZON-02, US)
pixel.quantserve.com
3    185.86.137.133 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
1    2600:9000:223f:bc00:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)
s.ad.smaato.net
2    135.125.160.77 (France)

ASN16276 (OVH, FR)
PTR: ns3195934.ip-135-125-160.eu
gu.dyntrk.com
1    192.82.242.209 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
7    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
image2.pubmatic.com
2    198.47.127.20 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image4.pubmatic.com
1    159.122.14.34 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 22.0e.7a9f.ip4.static.sl-reverse.com
um.simpli.fi
1    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
Apex Domain
Subdomains		 Transfer
95 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 100
2cb0187cd3d20e6650642c04dbdfecbc.safeframe.googlesyndication.com
455beac1592b3ea97440f892c734097e.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 124
7df9b2a3865eed8f4b5a96cd199cdd0a.safeframe.googlesyndication.com
1006 KB
48 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 46
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184
cm.g.doubleclick.net — Cisco Umbrella Rank: 197
585 KB
24 filecr.com
filecr.com — Cisco Umbrella Rank: 223315
359 KB
20 media.net
contextual.media.net — Cisco Umbrella Rank: 516
lg3.media.net — Cisco Umbrella Rank: 3078
hblg.media.net — Cisco Umbrella Rank: 1546
cvision.media.net — Cisco Umbrella Rank: 8352
355 KB
19 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 324
346 KB
18 gumgum.com
g2.gumgum.com — Cisco Umbrella Rank: 1545
rtb.gumgum.com — Cisco Umbrella Rank: 1288
5 KB
15 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 467
eus.rubiconproject.com — Cisco Umbrella Rank: 541
pixel.rubiconproject.com — Cisco Umbrella Rank: 312
token.rubiconproject.com — Cisco Umbrella Rank: 689
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1095
25 KB
14 gstatic.com
www.gstatic.com
fonts.gstatic.com
140 KB
12 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 473
image6.pubmatic.com — Cisco Umbrella Rank: 595
simage2.pubmatic.com — Cisco Umbrella Rank: 552
image4.pubmatic.com — Cisco Umbrella Rank: 848
image2.pubmatic.com — Cisco Umbrella Rank: 1032
25 KB
12 wp.com
i0.wp.com — Cisco Umbrella Rank: 3215
i3.wp.com — Cisco Umbrella Rank: 46854
i1.wp.com — Cisco Umbrella Rank: 5313
164 KB
11 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 693
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 470
ups.analytics.yahoo.com — Cisco Umbrella Rank: 283
ads.yahoo.com — Cisco Umbrella Rank: 913
6 KB
11 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 1823
public.servenobid.com — Cisco Umbrella Rank: 3540
8 KB
11 google.com
adservice.google.com — Cisco Umbrella Rank: 80
www.google.com — Cisco Umbrella Rank: 13
3 KB
8 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 165
269 KB
7 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 329
3 KB
7 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 600
eb2.3lift.com — Cisco Umbrella Rank: 389
3 KB
7 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 241
acdn.adnxs.com — Cisco Umbrella Rank: 565
secure.adnxs.com — Cisco Umbrella Rank: 404
23 KB
6 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 421
4 KB
6 casalemedia.com
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 520
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 590
7 KB
6 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 287
3 KB
6 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47
5 KB
5 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 560
1 KB
5 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 528
3 KB
5 smartadserver.com
ssbsync.smartadserver.com — Cisco Umbrella Rank: 1372
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 578
2 KB
5 google.de
adservice.google.de — Cisco Umbrella Rank: 8028
1 KB
4 outbrain.com
sync.outbrain.com — Cisco Umbrella Rank: 758
1 KB
4 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 284
2 KB
4 criteo.com
bidder.criteo.com — Cisco Umbrella Rank: 722
gum.criteo.com — Cisco Umbrella Rank: 369
mug.criteo.com — Cisco Umbrella Rank: 2864
7 KB
4 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 1056
2 KB
3 adform.net
c1.adform.net — Cisco Umbrella Rank: 608
1 KB
3 360yield.com
ice.360yield.com — Cisco Umbrella Rank: 1480
ad.360yield.com — Cisco Umbrella Rank: 675
885 B
3 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 588
2 KB
3 mantisadnetwork.com
mantodea.mantisadnetwork.com — Cisco Umbrella Rank: 11970
ecs.mantisadnetwork.com — Cisco Umbrella Rank: 23153
959 B
3 4dex.io
script.4dex.io — Cisco Umbrella Rank: 2366
mp.4dex.io — Cisco Umbrella Rank: 2499
24 KB
3 buysellads.net
cdn4.buysellads.net — Cisco Umbrella Rank: 16454
192 KB
2 dyntrk.com
gu.dyntrk.com — Cisco Umbrella Rank: 1261
1 KB
2 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 673
1 KB
2 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 698
695 B
2 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 973
1 KB
2 openx.net
us-u.openx.net — Cisco Umbrella Rank: 359
427 B
2 avct.cloud
ads.avct.cloud — Cisco Umbrella Rank: 3163
892 B
2 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 738
idsync.rlcdn.com — Cisco Umbrella Rank: 316
44 B
2 glotgrx.com
pre.glotgrx.com — Cisco Umbrella Rank: 6448
392 B
2 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 905
942 B
2 lijit.com
ce.lijit.com — Cisco Umbrella Rank: 816
1 KB
2 33across.com
pixel.33across.com — Cisco Umbrella Rank: 2343
ssc-cms.33across.com — Cisco Umbrella Rank: 877
2 yabidos.com
pixel.yabidos.com — Cisco Umbrella Rank: 6694
25 KB
2 criteo.net
static.criteo.net — Cisco Umbrella Rank: 645
57 KB
2 akamaihd.net
res-a.akamaihd.net — Cisco Umbrella Rank: 5901
57 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 42
20 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 227
33 KB
1 turn.com
ad.turn.com — Cisco Umbrella Rank: 770
518 B
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 745
610 B
1 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 707
239 B
1 quantserve.com
pixel.quantserve.com — Cisco Umbrella Rank: 424
509 B
1 socdm.com
tg.socdm.com — Cisco Umbrella Rank: 1948
694 B
1 emxdgt.com
cs.emxdgt.com — Cisco Umbrella Rank: 908
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 577
383 B
1 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 510
1 KB
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 921
44 B
1 technoratimedia.com
sync.technoratimedia.com — Cisco Umbrella Rank: 1292
293 B
1 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 1187
428 B
1 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1204
311 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 702
753 B
1 postrelease.com
jadserve.postrelease.com — Cisco Umbrella Rank: 1117
428 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 273
591 B
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 546
706 B
1 mrtnsvr.com
ad.mrtnsvr.com — Cisco Umbrella Rank: 2371
249 B
1 omnitagjs.com
hb-api.omnitagjs.com — Cisco Umbrella Rank: 4305
704 B
1 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1349
110 B
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 777
643 B
1 webcrx.io
webcrx.io
1 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78
36 KB
0 sonobi.com Failed
sync.go.sonobi.com Failed
380 74
Domain Requested by
68 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
filecr.com
googleads.g.doubleclick.net
cdn.ampproject.org
pagead2.googlesyndication.com
28 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
filecr.com
24 pagead2.googlesyndication.com filecr.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
24 filecr.com 2 redirects filecr.com
19 cdn.ampproject.org googleads.g.doubleclick.net
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
17 rtb.gumgum.com 1 redirects g2.gumgum.com
ads.pubmatic.com
12 cm.g.doubleclick.net 6 redirects eb2.3lift.com
g2.gumgum.com
ssum-sec.casalemedia.com
10 ads.servenobid.com cdn4.buysellads.net
public.servenobid.com
g2.gumgum.com
ssum-sec.casalemedia.com
ssbsync.smartadserver.com
8 www.gstatic.com googleads.g.doubleclick.net
8 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
filecr.com
8 www.googletagservices.com filecr.com
cdn4.buysellads.net
googleads.g.doubleclick.net
8 contextual.media.net filecr.com
contextual.media.net
7 match.adsrvr.org 5 redirects eb2.3lift.com
ssum-sec.casalemedia.com
7 cvision.media.net filecr.com
6 sync.mathtag.com 6 redirects
6 x.bidswitch.net 5 redirects eb2.3lift.com
6 eb2.3lift.com 2 redirects cdn4.buysellads.net
eb2.3lift.com
6 fonts.gstatic.com fonts.googleapis.com
6 fonts.googleapis.com googleads.g.doubleclick.net
securepubads.g.doubleclick.net
6 www.google.com 2 redirects tpc.googlesyndication.com
googleads.g.doubleclick.net
6 i3.wp.com filecr.com
5 sync-tm.everesttech.net 5 redirects
5 pixel.rubiconproject.com eus.rubiconproject.com
5 sync.1rx.io 5 redirects
5 ib.adnxs.com 2 redirects cdn4.buysellads.net
acdn.adnxs.com
5 adservice.google.com pagead2.googlesyndication.com
securepubads.g.doubleclick.net
5 adservice.google.de pagead2.googlesyndication.com
securepubads.g.doubleclick.net
5 i1.wp.com filecr.com
4 simage2.pubmatic.com ads.pubmatic.com
4 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
4 sync.outbrain.com 3 redirects g2.gumgum.com
4 token.rubiconproject.com 4 redirects
4 s.amazon-adsystem.com 2 redirects eb2.3lift.com
ssum-sec.casalemedia.com
4 pr-bh.ybp.yahoo.com 3 redirects ads.pubmatic.com
4 eus.rubiconproject.com cdn4.buysellads.net
eus.rubiconproject.com
g2.gumgum.com
4 onetag-sys.com cdn4.buysellads.net
public.servenobid.com
4 lg3.media.net filecr.com
contextual.media.net
3 image2.pubmatic.com ads.pubmatic.com
3 rtb-csync.smartadserver.com ssbsync.smartadserver.com
3 c1.adform.net 1 redirects ssum-sec.casalemedia.com
ads.pubmatic.com
3 ups.analytics.yahoo.com 3 redirects
3 b1sync.zemanta.com 3 redirects
3 c2shb.ssp.yahoo.com cdn4.buysellads.net
3 cdn4.buysellads.net filecr.com
2 image4.pubmatic.com ads.pubmatic.com
2 gu.dyntrk.com 2 redirects
2 bcp.crwdcntrl.net 1 redirects ssum-sec.casalemedia.com
2 creativecdn.com 2 redirects
2 ads.pubmatic.com g2.gumgum.com
ads.pubmatic.com
2 ad.360yield.com 2 redirects
2 sync.srv.stackadapt.com 2 redirects
2 us-u.openx.net 2 redirects
2 ads.avct.cloud 2 redirects
2 pre.glotgrx.com mantodea.mantisadnetwork.com
2 sync.targeting.unrulymedia.com 2 redirects
2 ce.lijit.com 2 redirects
2 ssum-sec.casalemedia.com 1 redirects public.servenobid.com
2 ssbsync.smartadserver.com public.servenobid.com
g2.gumgum.com
2 pixel.yabidos.com mantodea.mantisadnetwork.com
pixel.yabidos.com
2 gum.criteo.com 1 redirects static.criteo.net
2 static.criteo.net cdn4.buysellads.net
static.criteo.net
2 mantodea.mantisadnetwork.com cdn4.buysellads.net
2 script.4dex.io cdn4.buysellads.net
script.4dex.io
2 res-a.akamaihd.net filecr.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 cdnjs.cloudflare.com filecr.com
cdnjs.cloudflare.com
1 ad.turn.com 1 redirects
1 um.simpli.fi ads.pubmatic.com
1 idsync.rlcdn.com ads.pubmatic.com
1 image6.pubmatic.com ads.pubmatic.com
1 s.ad.smaato.net ssbsync.smartadserver.com
1 pixel.quantserve.com 1 redirects
1 tg.socdm.com 1 redirects
1 cs.emxdgt.com g2.gumgum.com
1 secure-assets.rubiconproject.com 1 redirects
1 ssc-cms.33across.com g2.gumgum.com
1 bh.contextweb.com 1 redirects
1 stags.bluekai.com 1 redirects
1 match.deepintent.com g2.gumgum.com
1 sync.technoratimedia.com g2.gumgum.com
1 sync.ipredictive.com 1 redirects
1 ice.360yield.com 1 redirects
1 secure.adnxs.com 1 redirects
1 ads.yahoo.com
1 id.rlcdn.com
1 prebid.a-mo.net 1 redirects
1 p.rfihub.com 1 redirects
1 jadserve.postrelease.com public.servenobid.com
1 pixel.33across.com public.servenobid.com
1 g2.gumgum.com public.servenobid.com
1 ecs.mantisadnetwork.com mantodea.mantisadnetwork.com
1 c.bing.com eb2.3lift.com
1 px.ads.linkedin.com eb2.3lift.com
1 ad.mrtnsvr.com 1 redirects
1 public.servenobid.com cdn4.buysellads.net
1 acdn.adnxs.com cdn4.buysellads.net
1 mug.criteo.com
1 7df9b2a3865eed8f4b5a96cd199cdd0a.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 bidder.criteo.com cdn4.buysellads.net
1 tlx.3lift.com cdn4.buysellads.net
1 mp.4dex.io cdn4.buysellads.net
1 hb-api.omnitagjs.com cdn4.buysellads.net
1 btlr.sharethrough.com cdn4.buysellads.net
1 fastlane.rubiconproject.com cdn4.buysellads.net
1 hblg.media.net filecr.com
1 455beac1592b3ea97440f892c734097e.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 2cb0187cd3d20e6650642c04dbdfecbc.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 partner.googleadservices.com pagead2.googlesyndication.com
1 webcrx.io filecr.com
1 i0.wp.com filecr.com
1 www.googletagmanager.com filecr.com
0 sync.go.sonobi.com Failed public.servenobid.com
380 112

This site contains links to these domains. Also see Links.

Domain
www.youtube.com
www.affordable-papers.net
www.microsoft.com
twitter.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-11 -
2022-06-10		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2021-04-12 -
2022-04-20		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2020-04-02 -
2022-07-05		 2 years crt.sh
*.buysellads.net
Sectigo RSA Domain Validation Secure Server CA		 2021-08-03 -
2022-09-03		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-01-10 -
2022-04-04		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-01-10 -
2022-04-04		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
a248.e.akamai.net
DigiCert SHA2 Secure Server CA		 2021-07-15 -
2022-07-20		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-04		 a year crt.sh
*.mantisadnetwork.com
Amazon		 2021-10-14 -
2022-11-11		 a year crt.sh
*.sharethrough.com
Amazon		 2021-08-13 -
2022-09-11		 a year crt.sh
ads.servenobid.com
Amazon		 2021-06-28 -
2022-07-27		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-24 -
2022-06-23		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-10-14 -
2022-04-06		 6 months crt.sh
*.3lift.com
Amazon		 2021-06-12 -
2022-07-11		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-02-04 -
2022-05-03		 3 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2022-01-10 -
2022-04-04		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-01-10 -
2022-04-04		 3 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-02-02 -
2022-05-03		 3 months crt.sh
cdn.adnxs.com
GlobalSign Organization Validated CA - SHA256 - G4		 2021-05-10 -
2022-06-11		 a year crt.sh
public.servenobid.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-22 -
2022-05-22		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-12-06 -
2022-06-06		 6 months crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2021-12-22 -
2022-06-22		 6 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
*.gumgum.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-12-12 -
2022-12-13		 a year crt.sh
*.postrelease.com
Amazon		 2021-12-28 -
2023-01-25		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
*.technoratimedia.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-17 -
2022-10-05		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2020-04-09 -
2022-06-08		 2 years crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA		 2022-02-04 -
2023-02-03		 a year crt.sh
*.emxdgt.com
Go Daddy Secure Certificate Authority - G2		 2021-05-18 -
2022-06-19		 a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
s.ad.smaato.net
Amazon		 2021-09-21 -
2022-10-20		 a year crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-27 -
2022-11-27		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-01-18 -
2022-07-13		 6 months crt.sh

This page contains 62 frames:

Primary Page: https://filecr.com/windows/microsoft-office?id=6347414880
Frame ID: FC430FAA0317FC1D31B1ECEED292D91A
Requests: 89 HTTP requests in this frame

Frame: https://webcrx.io/extension/comm
Frame ID: 3CC94703FBD4F377139CE1F6254F8199
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20190131/zrt_lookup.html
Frame ID: 97066BEF0E46DE5601523646AFE5C312
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CU5IBM9S&prvid=77%2C184%2C188%2C226%2C246%2C2033%2C3018&itype=HB-CM&rtime=3&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
Frame ID: D87BE6A2015DE4B7B1A9650E4966D906
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: B9BF45BB59213659FDD4A92EA55CE080
Requests: 8 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: 6CB54EDA059FF8036D0FDF9FF9135C35
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&adk=1812271804&adf=3025194257&lmt=1644415912&plat=1%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415911856&bpp=3&bdt=460&idt=184&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1348731551215&frm=20&pv=2&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=206
Frame ID: 488F5CA14CAAB681896CAA92F161AC19
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
Frame ID: 05B5E267475448E59D5914563BFE46CA
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
Frame ID: 72FCE25F98F193BF15EAA7C5FC183C7D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Frame ID: 696DFADA32339AF9808534C190F571E5
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
Frame ID: 81D6094BD297C0269DBE3CAC4BDDD3C5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Frame ID: 1F3EA1A047AD0365E1C1E840412547A3
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=1857661183&adf=1050778348&pi=t.ma~as.2519109481&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=467&idt=327&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3ART%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280%2C292x600&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=NG0Kig8ifc&p=https%3A//filecr.com&dtd=330
Frame ID: B439ABF1DDC861B22C669B85E04C33ED
Requests: 1 HTTP requests in this frame

Frame: https://2cb0187cd3d20e6650642c04dbdfecbc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: B7B8BCCED102ADD239D89849DE0BA5D2
Requests: 1 HTTP requests in this frame

Frame: https://455beac1592b3ea97440f892c734097e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 36382DB635478F788F6EFADACC7886CB
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/48/nrrV64488.js
Frame ID: FC350C23EEF0B576BAC48E376BC6E9CC
Requests: 5 HTTP requests in this frame

Frame: https://contextual.media.net/48/nrrV64488.js
Frame ID: 232E8ABA23147858426730A7ED2F0C2F
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E0EBC9259DDB80FB2BC35D9FF67A1538
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9E4FD8E06B14656640C29DB94AF79CF2
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: AA3724B906925818B5E5ED2F2D68A747
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BED16BA274B09EB20E439E25785762F3
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Frame ID: 949E185F8355ECAA3A1534BB0CCBCA10
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4161B48FEF326A142BB27FD41DD8F025
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/index.html
Frame ID: 8495157AAD5C32B9966309D7B4047C9D
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=ChwHIqMsDYrzBDtfjywXVkqXYDqKx5YRo1ZDKnpAP4cTeivcrEAEg1cKUdWCV-vCBjAegAfbWtOwDyAEJqQLiqQ6JljGzPqgDAcgDSKoE5QFP0JqR8aKw5ogGih6wfndDfdm2QB9uCoW0u6bl6ZEC60LvpJoacLMzhF_MM6wmolXzwZ-ElTC_4f4sbxKSaPQ8nGhkuzQzlLd9vXHXsIy-V0fUd4Yn_xpIFAGyfMO7ZapZNd2gEEF8k6i0ehZ_FVZ_RV6uyd3Vn-66Ckm7bdv2PrdSan8PJLF_pWRbnCvukq8mCHBHLxTkVy15e6KRkX0uZ4R-_lpAhYf2DxGbVoeRiNtRF9jR-3kstdmq3cEhXwMj-CEfIQ1Mr5hok3KalDzWdbvfomrrH16PWR2ClD8kDpPfg_7UwASO5eW2-gOgBi6AB_KoyxOoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBDo5iLSCAkIiOGAEBABGB-ACgHICwHYEwPQFQGYFgGAFwGyFxwKGggAEhRwdWItMzU1MzUwODk4MzE3MjY5MhgA&sigh=A1BsA4Etpco&uach_m=[UACH]&template_id=419
Frame ID: 4DCD67D7CD85FB99CC93DF5BB051DAD8
Requests: 7 HTTP requests in this frame

Frame: https://7df9b2a3865eed8f4b5a96cd199cdd0a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 607383C56A87485F58EA66E05656ACAF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 17E7033BB11681B6E1C43E70D4F1694D
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Frame ID: ACA09D9180F4F168C79C53F9E97FC8F0
Requests: 16 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 77361578FDC13DD21B811D75007EAD23
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
Frame ID: C75269ADA5803F4A7176A21C82F87A08
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Frame ID: AA2E069C0C4D0BDEC9AD71F692ECD698
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 8EE017898DD79F4334CDF1BB9CC88170
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
Frame ID: ACB026C65CAA8D5CAB6091B44E840664
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
Frame ID: 519FC346EB924F57FC44B0DCFF6FBA10
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=filecr.com
Frame ID: 575F494E80FBFF01D9C33D2448CBA0E8
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FF5F833AA379E28DCEC5986EBF7299ED
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AFF445C08B42108C82836C29AEDE2BE9
Requests: 2 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 26AE29F2C6C3C6AC87D07075F06A3157
Requests: 11 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 3A1E479191C63A654D9FB264A0BA062A
Requests: 3 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 2923B68CC4C41E3EF169B226A88C5FC4
Requests: 9 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1644415912610
Frame ID: 75E6F65E23F70E10260705CAE7A52AD2
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 6D08D552C5571EA9FD1F845EB119FF4E
Requests: 10 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1644415912968&secure=true&version=9&uuid=723285c9-4765-4aa6-b0e0-7483bd609333&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880
Frame ID: ACEBD83818EED9E5955B140B0F0C6769
Requests: 6 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: A417CB58C6943CFDD4A579F50CD0BB5E
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: 7638F5EE3887DF9CAC1D33F4DBC05F81
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: DEDF7EA1F7B76D3380998E0F658F5874
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 0FB2601628B8FBAC599ED4DAD7FB22AA
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Frame ID: 0F4CF5C1099D12666E19A53384B84202
Requests: 10 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=eb786203-cbac-4700-81c2-dfd4351e1f3a&gdpr=0&gdpr_consent=
Frame ID: D83D2B59DCF534FB1934493995F40D22
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YgPLrAAE8cj5vQBH&gdpr=0&gdpr_consent=&_test=YgPLrAAE8cj5vQBH
Frame ID: 0679D22FF1CD9924C0A11D5069D35BEF
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV81YjgzNWJhOC1hZDU4LTRlZTAtOGM4Mi01ODFjYzA4YjBiMzE=&gdpr=0&gdpr_consent=
Frame ID: 3F2DC7975F4E18B1B278277FD45FA841
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 128A1175690E3CC67A9BB7E6EA33D60E
Requests: 13 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: FF4AFC31128849D06543A8FE82783967
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=3dc5b69b-558e-43ae-8659-881514f206a4&t=1647007916
Frame ID: 55E41E83DB77C34F5FA431F2206CCBC2
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 2D7533B087C690879FB751650B27DA56
Requests: 3 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: 1E919A858346BC1E07DF8966C72A6386
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YgPLrMCo5ssAAMbdHC4AAAAA
Frame ID: 767DE1A71FB3DCB04B1A3ABC8283C5F4
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=eOadS4F5XcHq0OsdYUQn&pi=gumgum&tc=1
Frame ID: 2D796D4A56B7E8089C195E8D5ECB1264
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=837E04A6-7CA4-4AF2-900A-6801CAF37AD4
Frame ID: 2DBDF8A0236966B640D5B639614CD1B2
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YgPLrAAE8cj5vQBH&gdpr=0&gdpr_consent=
Frame ID: 40AAAA1ED6C7838E6ACBF2CC38F57E31
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:7f0d6203-cbac-4700-97a8-2920106b56b3&gdpr=0&gdpr_consent=
Frame ID: 08579A6CDEC5321E17412F8D4FF4C154
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=pbm&i=837E04A6-7CA4-4AF2-900A-6801CAF37AD4
Frame ID: EE05437ECEA5FB302CD2509E8D452133
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Microsoft Office 2019 Pro Plus v2110 (Build 14527.20226)

Page URL History Show full URLs

  1. http://filecr.com/windows/microsoft-office/?id=6320067552 HTTP 301
    https://filecr.com/windows/microsoft-office/?id=6320067552 HTTP 302
    https://filecr.com/windows/microsoft-office?id=6347414880 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

380
Requests

87 %
HTTPS

32 %
IPv6

74
Domains

112
Subdomains

71
IPs

10
Countries

3787 kB
Transfer

9479 kB
Size

98
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://filecr.com/windows/microsoft-office/?id=6320067552 HTTP 301
    https://filecr.com/windows/microsoft-office/?id=6320067552 HTTP 302
    https://filecr.com/windows/microsoft-office?id=6347414880 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 251
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 265
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 280
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=filecr.com&sn=ChromeSyncframe&so=0&topUrl=filecr.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=yy8IVHxEemN0akwrSFlRb3JnaFZ6TXQrRXh0NExMYWZWNmJxZWlqZ1FrSXRFUDRSUzhWRS9VT1JwTEVGR0Fnb1UrVmN2dms3WElwUWJjVTR6U0FGNlZXWm5kc0pNa2lLNDEvVUhqV3V1cHZOVDNkTS8xVzFvenRJcUx0bzVwM0RuV0gxSlJYbU9CVGFyVEJvSVNjOXpJWUtEa1dCZHYwUGR3eEQ5b1pGNWh4aXlHRFVyaG1Ub2c1dHBUTU1QV2xmNnJCNk1hVDJrWU4wZ05NTkpNeklWeTdnMjl5Q3FTODVOR3QrbldWb2V6UWxlNjc5L0Z2OVA0b3RuZ01ybGZ3YUQ2c0RWRWZLZzkybFNwenp1SUdTNTNNMEhDZz09fA&cppv=2
Request Chain 287
  • https://eb2.3lift.com/sync HTTP 302
  • https://eb2.3lift.com/sync?&ld=1
Request Chain 295
  • https://ad.mrtnsvr.com/sync/triplelift HTTP 302
  • https://eb2.3lift.com/xuidmid=7976&xuid=ujhh48Nfp&dongle=u6nf
Request Chain 297
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzAzMjg2MTAzMTUxMzk3NDk5ODk5
Request Chain 299
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/703286103151397499899?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-EbSYvG5E2oSEpeKSYeqJX9Uw5bk9sNcXaDjpMiefww--~A&dongle=0883
Request Chain 301
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=703286103151397499899 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=703286103151397499899&dcc=t
Request Chain 303
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Request Chain 306
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=rjrqv8k&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=rjrqv8k&ttd_tpi=1 HTTP 302
  • https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=3dc5b69b-558e-43ae-8659-881514f206a4
Request Chain 312
  • https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Request Chain 313
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
  • https://ads.servenobid.com/sync?pid=312&uid=5542501361551038612
Request Chain 314
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1 HTTP 302
  • https://ads.servenobid.com/sync?pid=310&uid=d430168dee9e42a50a2fea4a
Request Chain 315
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1644415916251 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1110524880 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/3dc5b69b-558e-43ae-8659-881514f206a4 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003 HTTP 302
  • https://ads.servenobid.com/sync?pid=321&uid=RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003
Request Chain 317
  • https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
  • https://ads.servenobid.com/sync?pid=324&uid=5134455420327300891
Request Chain 319
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
  • https://ads.servenobid.com/sync?pid=327&uid=7245c35b-f216-4d37-ab2a-d9e88c3c0193&gdpr=0&gdpr_consent=&us_privacy=1YN-
Request Chain 320
  • https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
  • https://ups.analytics.yahoo.com/ups/58559/occ?verify=true HTTP 302
  • https://ads.servenobid.com/sync?pid=337&uid=y-BtTDJm1E2uHJUWNERgk93PJBR0b_Mn8BfjuwL_0-~A
Request Chain 325
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHLqt5VIG0Wqyn_U2G6ut74&google_cver=1
Request Chain 326
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/oYFf6rg9BmUJ9aSKy_nKyMn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5059585561581475831
Request Chain 327
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjQ3MWU3YTkyMzFlODQzMTYzNzlmY2M4NWRmYmU3NzMyZGMzMTZmOA
Request Chain 328
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YgPLrAAE4pagwAAy HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YgPLrAAE4pagwAAy&_test=YgPLrAAE4pagwAAy
Request Chain 329
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=53c56203-cbac-4700-84cf-c2f40a1f4eb9
Request Chain 330
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pGTVJZUVgtMVEtNFVDOQ==
Request Chain 331
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZFMRYQX-1Q-4UC9&sigv=1&esig=2~eb4649fa5a1a8602080d3ee7b6a0f29c97e2813f
Request Chain 332
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://rtb.gumgum.com/usersync?b=apn&i=5542501361551038612
Request Chain 333
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_5b835ba8-ad58-4ee0-8c82-581cc08b0b31&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_5b835ba8-ad58-4ee0-8c82-581cc08b0b31&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgumgum2 HTTP 307
  • https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgumgum2 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=59&user_id=6315cdff-e8c8-44b9-8f28-752e853e1730&ssp=gumgum2 HTTP 302
  • https://rtb.gumgum.com/usersync?b=bsw&i=d0d17b81-5d7c-4d49-a88c-fae9f27e5b1a
Request Chain 334
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28SmCDPgsDGn3YEgDcGtAyhBGZ5jh-YAoEW1DCQGKtCi1cVXl9L6sJVq4aqIhdIV1i%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28SmCDPgsDGn3YEgDcGtAyhBGZ5jh-YAoEW1DCQGKtCi1cVXl9L6sJVq4aqIhdIV1i%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_5b835ba8-ad58-4ee0-8c82-581cc08b0b31&obuid=ENC(SmCDPgsDGn3YEgDcGtAyhBGZ5jh-YAoEW1DCQGKtCi1cVXl9L6sJVq4aqIhdIV1i) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://ice.360yield.com/server_match?partner_id=1863&r=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dimprove_digital%26uid%3D%7BPUB_USER_ID%7D%26obUid%3DSmCDPgsDGn3YEgDcGtAyhBGZ5jh-YAoEW1DCQGKtCi1cVXl9L6sJVq4aqIhdIV1i HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=improve_digital&uid=b13005cb-94c9-4240-9554-a472469451b5&obUid=SmCDPgsDGn3YEgDcGtAyhBGZ5jh-YAoEW1DCQGKtCi1cVXl9L6sJVq4aqIhdIV1i
Request Chain 335
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=opx&i=4e19fb01-b302-41d2-96ea-632ea12e3b67
Request Chain 336
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-39985bba-6949-492d-72c4-dacef272d359$ip$217.114.215.131
Request Chain 337
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=oth&i=y-_anijDNE2pf30DJY8DOH3LwDpHh8WEeuxkl6~A
Request Chain 338
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=vnt&i=3d4a34c1-89b2-11ec-8a96-67f41156c3d5
Request Chain 341
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_5b835ba8-ad58-4ee0-8c82-581cc08b0b31&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://stags.bluekai.com/site/23178?id=QoKWALf6YhXnphF9g6iV&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2ULPJNLUCTDGGZMWQWDOOBUEMOLHGZUVMJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2ULPJNLUCTDGGZMWQWDOOBUEMOLHGZUVMJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=QoKWALf6YhXnphF9g6iV&us_privacy=1---
Request Chain 342
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=idi&i=b13005cb-94c9-4240-9554-a472469451b5
Request Chain 343
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003&rndcb=492494793 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=d0d17b81-5d7c-4d49-a88c-fae9f27e5b1a&google_hm=ZDBkMTdiODEtNWQ3Yy00ZDQ5LWE4OGMtZmFlOWYyN2U1YjFh HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEB546xhMSDO5qk3xIYF3aKs&google_cver=1&ssp=adconductor&bsw_param=d0d17b81-5d7c-4d49-a88c-fae9f27e5b1a HTTP 302
  • https://sync.1rx.io/usersync/bidswitch/d0d17b81-5d7c-4d49-a88c-fae9f27e5b1a?gdpr=&gdpr_consent= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rhy&i=RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003
Request Chain 344
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://rtb.gumgum.com/usersync?b=pln&i=ZH87nswUQhsX&ev=1&pid=558355
Request Chain 347
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://rtb.gumgum.com/usersync?b=mmh&i=eb786203-cbac-4700-81c2-dfd4351e1f3a&gdpr=0&gdpr_consent=
Request Chain 348
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YgPLrAAE8cj5vQBH HTTP 302
  • https://rtb.gumgum.com/usersync?b=atm&i=YgPLrAAE8cj5vQBH&gdpr=0&gdpr_consent=&_test=YgPLrAAE8cj5vQBH
Request Chain 352
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=ttd&i=3dc5b69b-558e-43ae-8659-881514f206a4&t=1647007916
Request Chain 353
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 355
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=YgPLrMCo5ssAAMbdHC4AAAAA
Request Chain 356
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=eOadS4F5XcHq0OsdYUQn&pi=gumgum&tc=1
Request Chain 358
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YgPLrL_fAsmnLL_kbUmZKgAABGEAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YgPLrL_fAsmnLL_kbUmZKgAABGEAAAAB&dcc=t
Request Chain 360
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YgPLrL-fAsmnLL-kbUmZKgAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIDecMpZu3qK799A0bN9V50&google_cver=1&gdpr=1
Request Chain 361
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=7f0d6203-cbac-4700-97a8-2920106b56b3&gdpr=1&gdpr_consent=
Request Chain 362
  • https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YgPLrL-fAsmnLL-kbUmZKgAA%261121?gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YgPLrL-fAsmnLL-kbUmZKgAA%261121?gdpr_consent=&us_privacy=&gdpr=1
Request Chain 364
  • https://sync.srv.stackadapt.com/sync?nid=68&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=BMvGbcWVTip-sIHYv3hjhNly14M
Request Chain 367
  • https://pixel.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=B8dLEVKXGkEcwk8WCM1WFVPAGEMcl0sSBpM9TJlh
Request Chain 369
  • https://gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent= HTTP 302
  • https://gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent=&prevuid=05030002_6203cbac6030d&knw= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=69&partneruserid=05030002_6203cbac6030d&gdpr=0&gdpr_consent=
Request Chain 370
  • https://sync.mathtag.com/sync/img?mt_exid=39&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D25%26partneruserid%3D%5BMM_UUID%5D&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=eb786203-cbac-4700-81c2-dfd4351e1f3a&gdpr=0&gdpr_consent=
Request Chain 374
  • https://c1.adform.net/serving/cookie/match?party=14&cid=837E04A6-7CA4-4AF2-900A-6801CAF37AD4 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=837E04A6-7CA4-4AF2-900A-6801CAF37AD4
Request Chain 375
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YgPLrAAE8cj5vQBH&gdpr=0&gdpr_consent=
Request Chain 376
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:7f0d6203-cbac-4700-97a8-2920106b56b3&gdpr=0&gdpr_consent=
Request Chain 378
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=g34EpnykSvKQCmgByvN61A%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 380
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=7f0d6203-cbac-4700-97a8-2920106b56b3
Request Chain 381
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=ODM3RTA0QTYtN0NBNC00QUYyLTkwMEEtNjgwMUNBRjM3QUQ0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 382
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEPBQae4XpZFCJPhmpwA1oeU&google_cver=1
Request Chain 384
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3dc5b69b-558e-43ae-8659-881514f206a4
Request Chain 385
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7500832049792305899&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 387
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=837E04A6-7CA4-4AF2-900A-6801CAF37AD4&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-pulLTM1E2uV2sgEqkGgPfbjsGWQqrp0-~A&gdpr=0&gdpr_consent=
Request Chain 388
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5542501361551038612&gdpr=0&gdpr_consent=

380 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request microsoft-office
filecr.com/windows/
Redirect Chain
  • http://filecr.com/windows/microsoft-office/?id=6320067552
  • https://filecr.com/windows/microsoft-office/?id=6320067552
  • https://filecr.com/windows/microsoft-office?id=6347414880
192 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.27 PleskLin
Resource Hash
4eee65a7b95b6676193505c54970fa321715fe8242c0c4e9db48dfb364cd3810

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.4.27 PleskLin
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
link
<https://filecr.com/wp-json/>; rel="https://api.w.org/", <https://filecr.com/wp-json/wp/v2/posts/3860>; rel="alternate"; type="application/json", <https://filecr.com/?p=3860>; rel=shortlink
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7HJAeUrhQNE7JEgoH63oqbm%2FYqMLhGBfI2%2FdE81g8EylUabLIn4l3iAx9tJnnlLaDigSleq4b5QARuZFywiM0ZaiuMnQgvA7OSISug7KZgTKr6L%2F9MmgnVLmF9OcjTK2UgRu1r7nzqc4"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6dadb0748d529054-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-type
text/html; charset=UTF-8
location
https://filecr.com/windows/microsoft-office?id=6347414880
x-powered-by
PHP/7.4.27 PleskLin
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
x-redirect-by
WordPress
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AcUbj2jCZwj5bc3ZZL%2BfGk5rE3bRQubt20MJLOialZEUnXhXqipRpgKq5IJRGT4i80vErIlDoZhGFdGsGe5fJeuO%2BBwvHNHyXP%2BbYZl7cHBPpM5Ct7zBa2i9yElhQxrjyYdHxUQ%2FZd9y"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6dadb0733a039054-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
simple-line-icons.css
cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.5.5/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.5.5/css/simple-line-icons.css
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f903b0e68ac1cb80ad56c6da32fa545314baa698fb8f2e6a65b8e33fca427d96
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://filecr.com/
Origin
https://filecr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1318611
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2222
timing-allow-origin
*
last-modified
Mon, 10 Aug 2020 15:57:38 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f316e72-32ad"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BViauKlvjp5%2FdKXpVFi2DKAD4a2ev5TmgUo0vMdYaMlbwBUe7HsrnnUstvudxCuxZPvPdb%2FUETgoJc2mZO60t5eIlUY71O435UpRibj%2FXz7e9flTyGpXwpHt6DJfxJDYb26cO1pJCsyc%2F3dUcWLUYgBA"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6dadb076abe390e0-FRA
expires
Mon, 30 Jan 2023 14:11:51 GMT
style.min.css
filecr.com/wp-includes/css/dist/block-library/ 		77 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
7b6fef0a63424245b31b293b1a3bfd074c9da482e28fb9e920e1cf306e54e8a2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7124
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 26 Jan 2022 21:21:40 GMT
server
cloudflare
etag
W/"61f1bb64-1357b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p6abcleYHJQ2kZV3xLNp%2BoYdeu8gEOj3UxJgp2VrIOBNSycJi4PtoW2ti47XzH%2F%2B4RxS3QqCatmPWW28BlQQn8os8jMSwii8wbKw91aGAWeOaEUoRnvZwl0yqZfZTko4I4%2F3AoRct9c9"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31536000
cf-ray
6dadb0766fb79165-FRA
style.css
filecr.com/wp-content/themes/filecr/ 		61 B
705 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/style.css?ver=5.9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
574f5dc48c403fa7ede2cb0e9bcbc979c2cdf658c2268a4744140f5f174d3e93

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7124
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"19c-5cc72c9e32d40-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WJ0m910KOU2hw8bL4hNHT51TVPprVqSuAbarvq9lFglFqQ6jPL%2FP0%2BOg3Ux9Uhx7XubbMDsGFraXIxnBRYKeCXDyj5SEDJhMflv6QTu5mnQ6CoHUZjRjmB2%2Fwqk5%2BkxyZPvrnoGirhIc"}],"group":"cf-nel","max_age":604800}
content-type
text/css
x-accel-version
0.01
cache-control
max-age=31536000
cf-polished
origSize=412
cf-ray
6dadb0766fba9165-FRA
cf-bgj
minify
style.min.css
filecr.com/wp-content/themes/filecr/assets/css/ 		107 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/css/style.min.css?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
a99d9a63bc96ec98b7e05f106603236b4d6f5b53bd9d4ebabb25543047b35bef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7124
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-1adb3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Cx%2FB7VoF2YUBuJ19rtbn3eKulmrnXkjteJrj5UvGPBePfUe41XQrXeks5cqdauGrxRYrXWwooUyc2d7jmlkH%2FU6O6vLHKOkA%2BGvkeOOwUbeHmRQmziNYvIVGThmYhajpuJP%2BgvMByOR"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31536000
cf-ray
6dadb0766fbe9165-FRA
main.js
filecr.com/wp-content/plugins/wp-custom-parameter/js/ 		245 B
772 B 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/plugins/wp-custom-parameter/js/main.js?ver=1.0
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
be5f701f37218795787c585bdac8050f748447d710da0bdf08a22f15ee7b119e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7007
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 22 Sep 2021 13:43:35 GMT
server
cloudflare
etag
W/"10e-5cc95b36c8687-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6gVhF0krHnnQTi5a1DNbkKuNs1t2btc3763bBaBCXtbTO8wHw8g7B28PEuLEVVNSAWWmSWJ8jFTxReuK0mGJhh56sY6frOE5aVoUKdpGjbnkWFoDA5HbHAmuI4G%2FV1mY20fGHmzF0BQz"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-accel-version
0.01
cache-control
max-age=31536000
cf-polished
origSize=270
cf-ray
6dadb0766fc09165-FRA
cf-bgj
minify
jquery.min.js
filecr.com/wp-includes/js/jquery/ 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7124
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 27 Jul 2021 13:25:43 GMT
server
cloudflare
etag
W/"61000957-15db1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U%2B5A2QFUMMc6CZH9qvedtChaQFPtKhOIf0nnpjVKW%2F4ZYaZn1Gi3Pgo8DJsMGWx6ma2xgCkdnLFWwsm31lMVkwO1vVjZKMjv8L6xeC7eWDDo6H3SIh9emW3u63C6LcWAy0XaDzXHLTIQ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb0766fc19165-FRA
jquery-migrate.min.js
filecr.com/wp-includes/js/jquery/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7124
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 18 Nov 2020 09:06:06 GMT
server
cloudflare
etag
W/"5fb4e3fe-2bd8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZW%2F9VqkppKaXRGUtHib1Z875IxFfdwZM0wyavm14sGQCMejbOqchG0KJoGsV6xwMEgKdjX88wmoyVKfdvdYE%2Fx5Rv4tQinuZaBePJ7zwiBCmuXXnZQlTAqJia4D2Z96BknU5nD2fogAy"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb0766fc49165-FRA
advanced.min.js
filecr.com/wp-content/plugins/advanced-ads/public/assets/js/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/plugins/advanced-ads/public/assets/js/advanced.min.js?ver=1.31.1
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
f5ef63bcd883c3e6ecca9a17785b10ee897b51aec76328706887ceb220742d71

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5279
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Feb 2022 21:42:05 GMT
server
cloudflare
etag
W/"61fc4c2d-29e9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VS6%2BjCE6fA9u0FKIN%2Br0CP0Qu9qPW37Fsn%2Bj4XgEn6qBuaw39h2adtTNA6QkuB3z5LjopZ5R7n8FQvDAR1y9D9YbBJYt3UhgPxocPLqBLZLy4RJVbwKJ5Jni6fkXCTmYz4vX%2Ffstnv6o"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb0766fc79165-FRA
dmedianet.js
contextual.media.net/ 		430 KB
138 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c0fdd593eb3700cd3708e4cc12533cde6fde3de1896f85a65dab71bb1f909042
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-mnt-h
10-6
content-encoding
gzip
server
Apache
etag
"ba37658bddc1ae63c7e8e1771db7d1ab"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=300
date
Wed, 09 Feb 2022 14:11:51 GMT
strict-transport-security
max-age=604800
x-mnt-w
8-21
expires
Wed, 09 Feb 2022 14:16:51 GMT
js
www.googletagmanager.com/gtag/ 		90 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-139662474-1
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cd25d0887a9c23a9f44008a168cf5f6aa971bddea9cc3605c5fe088d7182ef5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36076
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 09 Feb 2022 14:11:51 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		153 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3553508983172692
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
316a463ff3007c65270f47e394db74792e475cae2f9112e2452fd13138949d4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://filecr.com/
Origin
https://filecr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53651
x-xss-protection
0
server
cafe
etag
14635039330525082360
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 09 Feb 2022 14:11:51 GMT
Microsoft-Office-2019-Professional-Plus-Free-Download.png
i0.wp.com/filecr.com/wp-content/uploads/2019/06/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/filecr.com/wp-content/uploads/2019/06/Microsoft-Office-2019-Professional-Plus-Free-Download.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
53c9feea97fea966c734faafd720ace56546a27de93d2f723d2baffe6423a784
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Wed, 09 Feb 2022 14:11:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:10:18 GMT
server
nginx
etag
"6bc6af431961189b"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2019/06/Microsoft-Office-2019-Professional-Plus-Free-Download.png>; rel="canonical"
content-length
42526
expires
Fri, 31 Mar 2023 01:10:18 GMT
Scr1_Microsoft-Office_free-download.jpg
i3.wp.com/filecr.com/wp-content/uploads/2018/12/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i3.wp.com/filecr.com/wp-content/uploads/2018/12/Scr1_Microsoft-Office_free-download.jpg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
b7f6b382321b107a47d93df38d0dae0c1bfa3488df9125d5c555498200f9b024
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 09 Feb 2022 14:11:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:10:20 GMT
server
nginx
etag
"7ab033cc0e84a013"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2018/12/Scr1_Microsoft-Office_free-download.jpg>; rel="canonical"
content-length
20068
expires
Fri, 31 Mar 2023 01:10:20 GMT
Scr2_Microsoft-Office_free-download.jpg
i1.wp.com/filecr.com/wp-content/uploads/2018/12/ 		65 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/filecr.com/wp-content/uploads/2018/12/Scr2_Microsoft-Office_free-download.jpg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
EXPIRED hhn 1
date
Wed, 09 Feb 2022 14:11:51 GMT
server
nginx
content-type
text/html; charset=utf-8
Scr3_Microsoft-Office_free-download.jpg
i3.wp.com/filecr.com/wp-content/uploads/2018/12/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i3.wp.com/filecr.com/wp-content/uploads/2018/12/Scr3_Microsoft-Office_free-download.jpg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
ccfb13f080c34a055931e40ffe53d5821ea75abca78e9e22863f862134e5fb28
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 09 Feb 2022 14:11:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:10:20 GMT
server
nginx
etag
"d6b1c0acecba8438"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2018/12/Scr3_Microsoft-Office_free-download.jpg>; rel="canonical"
content-length
19308
expires
Fri, 31 Mar 2023 01:10:20 GMT
Scr4_Microsoft-Office_free-download.jpg
i3.wp.com/filecr.com/wp-content/uploads/2018/12/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i3.wp.com/filecr.com/wp-content/uploads/2018/12/Scr4_Microsoft-Office_free-download.jpg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
2a0871fd53f2a0dd8aa6c9b4992ef79173a92abd3e3eb50d735f387a5480fe02
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 09 Feb 2022 14:11:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:14:26 GMT
server
nginx
etag
"12ee6ef1873b9435"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2018/12/Scr4_Microsoft-Office_free-download.jpg>; rel="canonical"
content-length
19784
expires
Fri, 31 Mar 2023 01:14:26 GMT
Microsoft-Office-Professional-Plus-2019-Free-Download.jpg
i3.wp.com/filecr.com/wp-content/uploads/2019/05/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i3.wp.com/filecr.com/wp-content/uploads/2019/05/Microsoft-Office-Professional-Plus-2019-Free-Download.jpg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
9cdfe09791d2560f2b183c76ff6504e28187ba36ffd71f90edb919391c98a88b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Wed, 09 Feb 2022 14:11:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:10:21 GMT
server
nginx
etag
"ac31c92d10403e98"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2019/05/Microsoft-Office-Professional-Plus-2019-Free-Download.jpg>; rel="canonical"
content-length
36552
expires
Fri, 31 Mar 2023 01:10:21 GMT
icon-avatar.svg
filecr.com/wp-content/themes/filecr/assets/images/ 		570 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://filecr.com/wp-content/themes/filecr/assets/images/icon-avatar.svg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
a83b1f3e821e72ac43110a8762ab91f070fca6c426c95e30c845b6c894f8848f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3577
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"23a-5cc72c9e32d40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RwtDlJlpEj0SCSu%2FS0puyYExjAcVgq2fPntRtQXinYvI86P9UZIs3n%2Fd1YUzyevA8XC%2FP%2BcvpDGfzryisaLMwH3IC4US%2B7XHOCUm91FAGZ0AqR%2F4fw8A1HPTFQQ5R6tG6jbXc9lI9Gdp"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
x-accel-version
0.01
cache-control
max-age=31536000
cf-ray
6dadb07709a39165-FRA
adobe-robohelp.png
i3.wp.com/filecr.com/wp-content/uploads/2021/03/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i3.wp.com/filecr.com/wp-content/uploads/2021/03/adobe-robohelp.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
7ad41489fea53c41286c8548a22aeabc91438558b2fbc10866d8b56321ad114f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 09 Feb 2022 14:11:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:22:04 GMT
server
nginx
etag
"da3bd1562b0824b4"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2021/03/adobe-robohelp.png>; rel="canonical"
content-length
3244
expires
Fri, 31 Mar 2023 01:22:04 GMT
doro-pdf-writer-logo.png
i1.wp.com/filecr.com/wp-content/uploads/2020/09/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/filecr.com/wp-content/uploads/2020/09/doro-pdf-writer-logo.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
5a1e1ea4371d2ed657a43e16e36e1f3dc272d51711d5af9c80fec27663333413
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 09 Feb 2022 14:11:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 14:21:59 GMT
server
nginx
etag
"dda0e6bd5e84d03c"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2020/09/doro-pdf-writer-logo.png>; rel="canonical"
content-length
2808
expires
Fri, 31 Mar 2023 02:21:59 GMT
Affinity_Publisher_Logo.png
i3.wp.com/filecr.com/wp-content/uploads/2020/10/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i3.wp.com/filecr.com/wp-content/uploads/2020/10/Affinity_Publisher_Logo.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
25b496003bedfabd2cf715329e2601f329ab5fc39ec66418684ae58e33439fc2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Wed, 09 Feb 2022 14:11:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:02:23 GMT
server
nginx
etag
"020b1689786d02eb"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2020/10/Affinity_Publisher_Logo.png>; rel="canonical"
content-length
5118
expires
Fri, 31 Mar 2023 01:02:23 GMT
modern-csv-logo.png
i1.wp.com/filecr.com/wp-content/uploads/2020/04/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/filecr.com/wp-content/uploads/2020/04/modern-csv-logo.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
37517faf41bdf9781fae236c13b3d855c3f4b233f2adf8e2f96b4f180f3304ee
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Wed, 09 Feb 2022 14:11:51 GMT
x-content-type-options
nosniff
last-modified
Thu, 01 Apr 2021 04:51:20 GMT
server
nginx
etag
"d11ca0f54c5a5ba2"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2020/04/modern-csv-logo.png>; rel="canonical"
content-length
3314
expires
Sat, 01 Apr 2023 16:51:20 GMT
pdfcompressor-cl-logo.png
i1.wp.com/filecr.com/wp-content/uploads/2020/07/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/filecr.com/wp-content/uploads/2020/07/pdfcompressor-cl-logo.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
fd8748fa72d75a8bf30df88eb29b37837a46a38318cd0b21a649d16aad82cbbc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Wed, 09 Feb 2022 14:11:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:32:56 GMT
server
nginx
etag
"a421bbb115a7c6f6"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/uploads/2020/07/pdfcompressor-cl-logo.png>; rel="canonical"
content-length
1906
expires
Fri, 31 Mar 2023 01:32:56 GMT
extension-feature-image.png
i1.wp.com/filecr.com/wp-content/themes/filecr/assets/images/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/filecr.com/wp-content/themes/filecr/assets/images/extension-feature-image.png
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
0e88ad62ff0a0c72ef67e1daf40764b12861d27f3c7d1ddce8e7124d69621d59
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 09 Feb 2022 14:11:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 24 May 2021 11:51:17 GMT
server
nginx
etag
"d80f3bfe22caf697"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://filecr.com/wp-content/themes/filecr/assets/images/extension-feature-image.png>; rel="canonical"
content-length
10528
expires
Wed, 24 May 2023 23:51:17 GMT
script.js
filecr.com/wp-content/plugins/advanced-ads-responsive/public/assets/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/plugins/advanced-ads-responsive/public/assets/js/script.js?ver=1.10.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
8af0b5fd87f0cf0c57915fb6094244ca5c108f21c063fd6917ee809259ae3a97

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5182
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 07 Jul 2021 11:56:39 GMT
server
cloudflare
etag
W/"60e59677-b92"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MTDHsUe%2FptfWEDuXL%2Bd0%2BTkpb7prFGpNA92r6AmbmOk%2FUJ0sDvehUWuAoEnbmLRO6n9vY%2Fl4y4HqxwjQ%2BLYJl9LvzJTMoE9Cc3BhvkVFcFD2frt3kFRE%2BlR7YbRUENZasBgSCK0N4mYq"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=2962
cf-ray
6dadb076d9089165-FRA
cf-bgj
minify
ads.js
filecr.com/wp-content/plugins/deblocker/js/ 		126 B
694 B 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/plugins/deblocker/js/ads.js?ver=3.1.0
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
3dbfe6eda0abf69eb1901f4696d5daf4e276cb6dd8c30dfaa26b724b60251635

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7124
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sun, 21 Mar 2021 11:33:20 GMT
server
cloudflare
etag
W/"33f-5be0a50e9c000-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F%2BUCa0feHlJUCEckKxcwDJvaF2KPpCCq9qfCv6G0NUSO60I9FlDv60EMZWVn9m8GCCwq4W8ZsThbi2AsPPs72N%2BP4vLHvpEUfJ5yrElrmVrgG0Fu9%2Fv0iOfDLBa0LitQy9rJ%2F4MGWECl"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-accel-version
0.01
cache-control
max-age=31536000
cf-polished
origSize=831
cf-ray
6dadb076d90e9165-FRA
cf-bgj
minify
advanced-ads-pro.min.js
filecr.com/wp-content/plugins/advanced-ads-pro/assets/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/plugins/advanced-ads-pro/assets/js/advanced-ads-pro.min.js?ver=2.16.0
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
308c252b2381b887baf74268990c582643dbdaad9e9b332d158112745e2c65ea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5182
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Feb 2022 21:42:10 GMT
server
cloudflare
etag
W/"61fc4c32-1620"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vFIp9bxuAUpa9wy1AUWlrqpDHn6gKbCV4ydZ7X%2BMOwi36ZPK1N1AMNaCJDxAjC%2F3kC4u%2BF18wgTJPcY4mhqwXcr0KcEJulbP1R%2FFprQGStPoDSFgoM69Ip2X90P%2BT5Wcs8a3mbr0z%2BoZ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb07709869165-FRA
comment-reply.min.js
filecr.com/wp-includes/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-includes/js/comment-reply.min.js?ver=5.9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6384
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 26 Jan 2022 21:21:40 GMT
server
cloudflare
etag
W/"61f1bb64-ba3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eMlKakmrux9GfD%2FP3hd7oPHNY3%2FKVn6YpsaoDxPKXXF3APN6BzgpoRUo8HIzRzusoT71LBkOUt37H0F%2F9Ja9e0j1LmnuL886raTvAqFhSeY%2FQhFEbTY2L5W6%2BZcUVAZTpKWFUipDN4g3"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb07709899165-FRA
script.js
filecr.com/wp-content/themes/filecr/assets/js/ 		272 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/js/script.js?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
11cd1e1d49bf0a95c35aeb868dd4673260a225078ed2e054ed0fa6a8cb64e99e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7124
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-4d0f6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0HPK3bt9F7OV21qYlR9%2BuNFHSN1XFqXZjINMjeMWSgJFmScYfJud3RO%2FIvBQRWWhNl3XmTtL5%2FqhXNBjvTmn8DcutsbtGi6tre6qwFKOM%2BxdU73jRpnmQUCYZJLDD43yhKiDqieOPDiv"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=315638
cf-ray
6dadb07709909165-FRA
cf-bgj
minify
ratings.js
filecr.com/wp-content/themes/filecr/assets/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/js/ratings.js?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
3e4609b61e3f7b1135d9d5dac5113fdeccf8085478d37cea8ea11cf63034e8af

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7124
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-f89"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ll7NWk%2Bgxit1Fb0bbj82XPaOA6y4u%2BH3YikN5M66fS21Oxr5N6p4r2kUUZCT%2BhixKOAycwjRPvOFjPgXemmrEjGt1HbnR5Uq6Pt3v6ASSPNe%2BtV8Ekba7elnj3mZFRafY0PS2aBZvHyp"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=3977
cf-ray
6dadb07709949165-FRA
cf-bgj
minify
confirm.js
filecr.com/wp-content/themes/filecr/assets/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/js/confirm.js?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
89e267039d32f778ee14f762d623290ef56cc3965c0d8843a9f81d5748322d72

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7124
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-842"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ppTk4UuSCJentoz%2FB26NI4chiAUpl6uJ0pg7Iqkk3ACGN%2BeDqb5TjCbFa%2F2L80jLhJXRkh8PiwZxJ0NJ8rcAsSW%2FHg3zqOt0qfmHepv8nsBlHBwP1RtE7cpWsRgsm1HY1yqLlztxcOZx"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=2114
cf-ray
6dadb07709989165-FRA
cf-bgj
minify
ext-notification.js
filecr.com/wp-content/themes/filecr/assets/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/js/ext-notification.js?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
15e116457c9d49a0e37d9128e98dd0da56c3413408aeb2e49903e490e98fc7c7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7124
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-88e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vcj7A5h5366gwXjolBSSyAkIDDEhZKfcNvtomH9b1DaS8ouASzO6%2FMNWcejObif1X5VHqNEZFCpN%2FQr5WSTIAImrZXEaF%2FkHGmvteE5Bkt8XqIwNdHgUoDwhDyYg%2FLQEu8flvsXjtcXv"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=2190
cf-ray
6dadb07709999165-FRA
cf-bgj
minify
custom-front.js
filecr.com/wp-content/themes/filecr/assets/js/ 		13 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/js/custom-front.js?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
e2b0c644e90d90d54a55d3c7dd7dde3f8897a92f18ee6d69d74d5cab0167405e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7124
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-47ff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pBGzaamrkROFu8H%2FOLCGJTqkMptiBUqE7SSnuDzWoNmlzlGFGxXXN%2BVJsh%2FYi92%2FmFLJT0odshuA5Qd01Ed6iiziVDwqjw9bCu8MBzqVUQoIVALzUhb%2BV8SHf7aJsGWiRo%2FYQy4lwSND"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=18431
cf-ray
6dadb077099c9165-FRA
cf-bgj
minify
ext.js
filecr.com/wp-content/themes/filecr/assets/js/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/themes/filecr/assets/js/ext.js?ver=1.1.2
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
e60ebb7a34b9e7d06c9c4ddf4a44eb523b03f2826b34159f04a86996625c0a21

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7124
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
W/"6148e94d-36a2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7uXvKttO1E5jdHtlaLrhcKKndbcvbq0hF%2FcqHfWGvGmBqofXlsI%2FobHqAoTQJkxi2iVhwA8o8wq5XtTABh5MGN18Fa1JQhnxB%2FLjrjTD%2FcpKLf%2BLpyOvdNasUsL6J143fLraI0lNHKqP"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-polished
origSize=13986
cf-ray
6dadb077099d9165-FRA
cf-bgj
minify
base.min.js
filecr.com/wp-content/plugins/advanced-ads-pro/assets/js/ 		72 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-content/plugins/advanced-ads-pro/assets/js/base.min.js?ver=2.16.0
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
e0a340168a7bd755ec03f037b0890a5963c7d4e01a371f818828de8e009bf818

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5182
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Feb 2022 21:42:10 GMT
server
cloudflare
etag
W/"61fc4c32-11e76"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u32mSE63KYfPspnvxlge3ocQ%2FOSSa1P7mQ9ebg7eSHXrQzL21ZqTBfluMhDuC5uAD8DPr8zTE0oqfs1gwV2Xr7Layi34E6UYSDbLvZpxL3T2hXUoGoVfMfS%2BXqhpBiKDR0ACcr%2BZ0jQD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb07709a09165-FRA
wp-emoji-release.min.js
filecr.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filecr.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/windows/microsoft-office?id=6347414880
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7028
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 27 Jul 2021 13:25:43 GMT
server
cloudflare
etag
W/"61000957-4705"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h0zI14MOhbMDbd9wzHrdMgnIQEAjD3j6hg9bq%2FQ1ffekNDCvd1DNPWytdezMTEhIrAEODeeGczp%2BIRNCEgb6vlv6xW0OQNp3NsUypMu1ek7meSacjjRcrh7jORikyLKsGGYhcOgcUG8q"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
6dadb07709a59165-FRA
filecr.js
cdn4.buysellads.net/pub/ 		561 KB
191 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.31.29.32 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS
94.31.29.32.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
2cf0d2564f162230fdc845a7a56be4a41d5846bf8443af42e367722f6889548e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
gzip
last-modified
Tue, 08 Feb 2022 23:08:55 GMT
server
NetDNA-cache/2.2
x-amz-request-id
A1GCJYB9Q867P8K5
etag
W/"2facaa4268d4dfe4ec2a259c809bae25"
x-cache
HIT
content-type
application/javascript
cache-control
max-age=31104000
x-amz-id-2
82sXnkVRySz0zZ1VM4Jq0xTxd9EKk/v74V2Z8L7Wff4xxkOBFh9M0Vc+it8DW1RM32ur0dVqcjQ=
expires
Sat, 04 Feb 2023 14:11:51 GMT
section_headline_bg.png
filecr.com/wp-content/themes/filecr/assets/images/ 		127 KB
127 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://filecr.com/wp-content/themes/filecr/assets/images/section_headline_bg.png
Requested by
Host: filecr.com
URL: https://filecr.com/wp-content/themes/filecr/assets/css/style.min.css?ver=1.1.2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:8bfc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
1a41c5e9b082e36f905dac595fd7455bea77ddb041fa520320ada039522e55ec

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/wp-content/themes/filecr/assets/css/style.min.css?ver=1.1.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7046
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
129753
last-modified
Mon, 20 Sep 2021 20:04:29 GMT
server
cloudflare
etag
"6148e94d-1fad9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XPy9PTl%2FiuR3EwvVL8yfeyzs8o02sXxBI1Y2JOal%2FvYZdd42vH8ZPJOWyIqTb%2FVX8sd5i1pK56WSCnkl1XehAqYSCh3HkU3Qeewd7bVCzf2rNJDN69ZIu3kWY5b50vohrKBueGKbyOii"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
6dadb07719be9165-FRA
Simple-Line-Icons.woff2
cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.5.5/fonts/ 		29 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.5.5/fonts/Simple-Line-Icons.woff2?v=2.4.0
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.5.5/css/simple-line-icons.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b139d2871e745eeca0ed22ce994df828a96faefe86aa5e47d06c58184845445
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.5.5/css/simple-line-icons.css
Origin
https://filecr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1318629
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
30064
timing-allow-origin
*
last-modified
Mon, 10 Aug 2020 15:57:38 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f316e72-7570"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NTa0Bghr2YRRt%2BTiYjHmoukQhJgosWbMqin4vD%2F59Cjs5HWV6LrJ1zoSlU9H0Aimj9F0tdZT8%2FhJC4ewsW1gp%2FczMYBbafqkjimqh1qjZdv114w9MC4jvCUapefvp949TWoNNbg5y4uGT8plgs7ZQrmR"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6dadb077ac70915e-FRA
expires
Mon, 30 Jan 2023 14:11:51 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7a31b0310331c8959b07a0fffd3bcbc1d7b67100ad78576323a5a0136146a080

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/svg+xml
comm
webcrx.io/extension/ Frame 3CC9 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://webcrx.io/extension/comm
Requested by
Host: filecr.com
URL: https://filecr.com/wp-content/themes/filecr/assets/js/ext.js?ver=1.1.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:5fcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a969b6aad84c69a5a60aa38b1dc211818c0b713f020ae274424e7546c4169501
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-type
text/html; charset=utf-8
x-dns-prefetch-control
off
strict-transport-security
max-age=15552000; includeSubDomains
x-download-options
noopen
x-content-type-options
nosniff
x-xss-protection
1; mode=block
access-control-allow-origin
*
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vEsdAeKjykSUXU%2FwYRl%2B1QQqictLndAOQ380Rl1JvUgMRJkIvS%2F7O8IcvOtwReU9OR8%2BOTSC6SXpW3hi8ohAklXc5AbCD3V%2FpTIMqQ0ps0z3CbOgDlXG0EUN6OIHwIMpb4a1XJFoxZ0%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6dadb078bc7c6909-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		150 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
60e8edb3c655059623f3a9b8d086368041c1d952d888c1ad5ac35753f1b94a71
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52819
x-xss-protection
0
server
cafe
etag
576535426367118890
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 09 Feb 2022 14:11:51 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/ 		289 KB
104 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3553508983172692
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d6b53be4a70b8548138a6bdb8e2667fb5df6b36cd28f35069b64c9c2420bb05d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
106377
x-xss-protection
0
server
cafe
etag
695211056848758975
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 09 Feb 2022 14:11:51 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220207/r20190131/ Frame 9706 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220207/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3553508983172692
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4612
x-xss-protection
0
date
Tue, 08 Feb 2022 18:49:46 GMT
expires
Tue, 22 Feb 2022 18:49:46 GMT
cache-control
public, max-age=1209600
age
69725
etag
18247940800414524076
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
checksync.php
contextual.media.net/ Frame D87B 		21 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CU5IBM9S&prvid=77%2C184%2C188%2C226%2C246%2C2033%2C3018&itype=HB-CM&rtime=3&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
93bb566051f9f593daa37a036a4d9c8d64c82394911c0aa519f81f654d44b9bd
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Fri, 11 Feb 2022 14:11:52 GMT
date
Wed, 09 Feb 2022 14:11:52 GMT
content-length
7832
rtbsmpubs.php
contextual.media.net/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/rtbsmpubs.php?&gdpr=1&gdprconsent=0&usp_enf=0&usp_status=0&cid=8CU5IBM9S&region=nv&ptrid=8PR6J4JSU&requestString=427153974*9%7C270x416%7C8CU709Q2E%7C158962444%7C&crid=427153974&sd=-1&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&bl=1&rt=5&dn=https://filecr.com&https=1&act=headerBid&prvReqId=413024604524662281644415911943&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.12505490521353946&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A5486%7D&itype=HB-CM&cc=DE&rc=HE&ct=FRANKFURT&bt=1&gcp=1&isRefresh=0&callback=window.hbCMBidxc.rtbsheaderBid3S0
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
88ba056dab5eb95d96dd6a3f8e11dffcbaa6ddc79a820bf1eedcdf8e0587e54c
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Wed, 09 Feb 2022 14:11:52 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*
content-length
971
x-mnet-hl2
E
expires
Wed, 09 Feb 2022 14:11:52 GMT
fcmain.js
contextual.media.net/2312347176/ 		93 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/2312347176/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU709Q2E&cpcd=J4KyVMDqN4ojQ3TohxUIjg%3D%3D&crid=158962444&size=270x416&cc=DE&chnm=Filecr&https=1&vif=1&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&nse=5&vi=1644415911219002771&lw=1&ugd=4&rtbs=1&hlt=1&dfp=1&nb=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8b568004a6d186b5352175251ec982a17a1398eca5b54c5a51dd88378d7d19ef
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
x-mnt-hl2
8-16
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
date
Wed, 09 Feb 2022 14:11:52 GMT
x-mnt-w
8-21
content-length
25995
expires
Wed, 09 Feb 2022 14:11:52 GMT
gpt.js
www.googletagservices.com/tag/js/ Frame B9BF 		79 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4eee9ceba58ea79ddb4c7e10ea8c3f63e4333e7be47e211cf59573c437080f86
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27136
x-xss-protection
0
server
sffe
etag
"1126 / 198 of 1000 / last-modified: 1644408663"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 09 Feb 2022 14:11:52 GMT
rtbsmpubs.php
contextual.media.net/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/rtbsmpubs.php?&gdpr=1&gdprconsent=0&usp_enf=0&usp_status=0&cid=8CU5IBM9S&region=nv&ptrid=8PR6J4JSU&requestString=943717648*4%7C300x600%7C8CU709Q2E%7C855267286%7C&crid=943717648&sd=-1&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&bl=1&rt=5&dn=https://filecr.com&https=1&act=headerBid&prvReqId=230955601135776391644415911961&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.3442892106454045&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A5486%7D&itype=HB-CM&cc=DE&rc=HE&ct=FRANKFURT&bt=1&gcp=1&isRefresh=0&callback=window.hbCMBidxc.rtbsheaderBid4S0
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2a83dd2082bc166c1b856a4b735fcea5748988836d02955621939a322a4c919b
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Wed, 09 Feb 2022 14:11:52 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*
content-length
2020
x-mnet-hl2
E
expires
Wed, 09 Feb 2022 14:11:52 GMT
fcmain.js
contextual.media.net/2312347176/ 		77 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/2312347176/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU709Q2E&cpcd=J4KyVMDqN4ojQ3TohxUIjg%3D%3D&crid=855267286&size=300x600&cc=DE&chnm=Filecr&https=1&vif=1&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&nse=5&vi=1644415911921107472&lw=1&ugd=4&rtbs=1&hlt=1&dfp=1&nb=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
76c3b43718fecbd717477416d09dcfcdac837d6889de4f9fa62047ef97bdadf2
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
x-mnt-hl2
8-16
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
date
Wed, 09 Feb 2022 14:11:52 GMT
x-mnt-w
10-3
content-length
15853
expires
Wed, 09 Feb 2022 14:11:52 GMT
gpt.js
www.googletagservices.com/tag/js/ Frame 6CB5 		79 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05c212f90103f69a4500957f49c6a92f82f755e0c08188eb4ecbe243d03bd7fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27136
x-xss-protection
0
server
sffe
etag
"1126 / 962 of 1000 / last-modified: 1644408561"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 09 Feb 2022 14:11:52 GMT
bping.php
lg3.media.net/ 		35 B
189 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?&gdpr=1&prid=8PR33J5R4&cid=8CU709Q2E&crid=158962444&vi=1644415911219002771&ugd=4&lf=6&cc=DE&sc=HE&wsip=2886781338&r=1644415911923&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=31103&vgd_rakh=1644415911149751287&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p1743623112t202202091411&vgd_pgids=1&vgd_uspa=0&hvsid=00001644415911920036481820161855&gdpr=1&vgd_end=1
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Wed, 09 Feb 2022 14:11:52 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Wed, 09 Feb 2022 14:11:52 GMT
bping.php
lg3.media.net/ 		35 B
189 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?&gdpr=1&prid=8PR33J5R4&cid=8CU709Q2E&crid=855267286&vi=1644415911921107472&ugd=4&lf=6&cc=DE&sc=HE&wsip=2886781338&r=1644415911961&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=31103&vgd_rakh=1644415911149751287&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p1743623112t202202091411&vgd_pgids=2&vgd_uspa=0&hvsid=00001644415911959036481820168010&gdpr=1&vgd_end=1
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Wed, 09 Feb 2022 14:11:52 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Wed, 09 Feb 2022 14:11:52 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-139662474-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
2218
date
Wed, 09 Feb 2022 13:34:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 09 Feb 2022 15:34:54 GMT
gpt.js
www.googletagservices.com/tag/js/ 		79 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05c212f90103f69a4500957f49c6a92f82f755e0c08188eb4ecbe243d03bd7fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27136
x-xss-protection
0
server
sffe
etag
"1126 / 729 of 1000 / last-modified: 1644408561"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 09 Feb 2022 14:11:52 GMT
acceptable.gif
cdn4.buysellads.net/ 		43 B
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn4.buysellads.net/acceptable.gif?ch=1&rn=0.9336354547474035
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.31.29.32 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS
94.31.29.32.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
last-modified
Fri, 19 Jul 2019 16:45:51 GMT
server
NetDNA-cache/2.2
x-amz-request-id
CC4GM7J25FQNA2XW
etag
"b4491705564909da7f9eaf749dbbfbb1"
x-cache
MISS
content-type
image/gif
cache-control
max-age=31104000
accept-ranges
bytes
content-length
43
x-amz-id-2
0WBFOhTpaFBt3zSRueVWsb4KcfDwZuu5Fr0WRzxQAZV4joIkHNhVR1A12Dct6doNf5cvd9wybKQ=
expires
Sat, 04 Feb 2023 14:11:52 GMT
acceptable.gif
cdn4.buysellads.net/ 		43 B
368 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn4.buysellads.net/acceptable.gif?ch=2&rn=0.9336354547474035
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.31.29.32 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS
94.31.29.32.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
last-modified
Fri, 19 Jul 2019 16:45:51 GMT
server
NetDNA-cache/2.2
x-amz-request-id
CC4P1XQ7RKETXW9E
etag
"b4491705564909da7f9eaf749dbbfbb1"
x-cache
MISS
content-type
image/gif
cache-control
max-age=31104000
accept-ranges
bytes
content-length
43
x-amz-id-2
GLFoLi1+qAGmzLcoCvaU/z4PWt11QEuZvgku/OgxwHMzCzOfjz4sd3U+wBxEQwtF/YQccGOeP/0=
expires
Sat, 04 Feb 2023 14:11:52 GMT
cookie.js
partner.googleadservices.com/gampad/ 		214 B
643 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=filecr.com&callback=_gfp_s_&client=ca-pub-3553508983172692
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
f47d2a73043063e5fc170a76db30e5d1a71f3ed193d1313c3f51c757167a96c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
198
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=filecr.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=filecr.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&tn=DIV&id=site-alert&cls=alert%20fixed&ign=false&pw=1600&ph=1200&x=1575&y=1175
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 488F 		159 KB
44 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&adk=1812271804&adf=3025194257&lmt=1644415912&plat=1%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644415911856&bpp=3&bdt=460&idt=184&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1348731551215&frm=20&pv=2&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=206
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
43c954a67d73e58ef9fe154eb00c8b00439b7c77cb802330c206aadf48e96232
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:11:52 GMT
server
cafe
content-length
44629
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:11:52 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 05B5 		81 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
593b563b15611d204f37f9963cfa48ed7ca209c4fbc7fd95c003b592395df3f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:11:53 GMT
server
cafe
content-length
30210
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:11:53 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 72FC 		57 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00f5600e279f46be47b806dda5d37c2f65387fa387cedd6ef312425cb64233f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-expose-headers
x-google-amp-ad-validated-version
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:11:52 GMT
server
cafe
content-length
12209
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:11:52 GMT
cache-control
private
pubads_impl_2022020301.js
securepubads.g.doubleclick.net/gpt/ 		351 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
sffe /
Resource Hash
05ed7424c6f3c3d2aec5dfe7fa92e5f617afe58a01666c1c584d342a8b57a0e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:00:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
674
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122037
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 09:34:49 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 09 Feb 2023 14:00:38 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		29 B
681 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=filecr.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
f312a20c6132b5c1b0ea46ee9d034b4ad198ceefbcf46b8e22672d4604182da5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45
x-xss-protection
0
expires
Wed, 09 Feb 2022 14:11:52 GMT
pubads_impl_2022020301.js
securepubads.g.doubleclick.net/gpt/ Frame B9BF 		351 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js?31064764
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
sffe /
Resource Hash
05ed7424c6f3c3d2aec5dfe7fa92e5f617afe58a01666c1c584d342a8b57a0e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:03:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4075
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122037
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 09:34:49 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 09 Feb 2023 13:03:57 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1824890661&t=pageview&_s=1&dl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&ul=en-us&de=UTF-8&dt=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=24842031&gjid=1038271739&cid=1668403507.1644415912&tid=UA-139662474-1&_gid=1293424647.1644415912&_r=1&gtm=2ou270&z=1475141916
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:52 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://filecr.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_2022020301.js
securepubads.g.doubleclick.net/gpt/ Frame 6CB5 		351 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
sffe /
Resource Hash
05ed7424c6f3c3d2aec5dfe7fa92e5f617afe58a01666c1c584d342a8b57a0e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:00:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
674
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122037
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 09:34:49 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 09 Feb 2023 14:00:38 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 696D 		83 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a39e436b69eeed0b08824724d781eddb472b888f10db05bed1aa33148c0f1d7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:11:52 GMT
server
cafe
content-length
22116
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:11:52 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 81D6 		69 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bf5f18f944db8fa2ac4107a89632f8f022503d0b9a98193571d167e393cbee4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-expose-headers
x-google-amp-ad-validated-version
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:11:52 GMT
server
cafe
content-length
17547
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:11:52 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 1F3E 		129 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
831c3bd125008785517c19607d3eed74ec7e2c53fbd6f0a9b5c699b260693a42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:11:52 GMT
server
cafe
content-length
34267
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:11:52 GMT
cache-control
private
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=filecr.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=filecr.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame B439 		139 KB
44 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=1857661183&adf=1050778348&pi=t.ma~as.2519109481&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=467&idt=327&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3ART%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280%2C292x600&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=NG0Kig8ifc&p=https%3A//filecr.com&dtd=330
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2562ebc6f767168ba073c9496eddd7f73b8d98815c9eeef5dc6a5916fc145843
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLy1v9Lm8vUCFdfxsgodVUkJ6w&gqi=qMsDYtnXDMSL9u8P6I-DiAI&layout=/sadbundle/%24csp%253Der3%24/14782640042450149374/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLy1v9Lm8vUCFdfxsgodVUkJ6w&gqi=qMsDYtnXDMSL9u8P6I-DiAI&layout=/sadbundle/%24csp%253Der3%24/14782640042450149374/index.html
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 09 Feb 2022 14:11:52 GMT
server
cafe
content-length
45477
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:11:52 GMT
cache-control
private
integrator.js
adservice.google.de/adsid/ Frame B9BF 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=filecr.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js?31064764
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame B9BF 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=filecr.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js?31064764
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame B9BF 		474 B
301 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=592967787732762&correlator=2609062180513122&output=ldjh&impl=fif&eid=31061814%2C31064671%2C31064764%2C31064539&vrg=2022020301&ptt=17&npa=1&sc=1&sfv=1-0-38&ecs=20220209&iu_parts=45361917%2C8CU709Q2E-158962444-Filecr_Subpage_KW_Unit_2_Imagizer&enc_prev_ius=%2F0%2F1&prev_iu_szs=240x400&prev_scp=crid%3D158962444%26mnet_segment%3D0.00%26mnet_variant%3D50%26pub_domain%3Dfilecr.com%26mnet_cc%3DDE&eri=4&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3ART%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&cdm=filecr.com&bc=31&abxe=1&dt=1644415912281&dlt=1644415911948&idt=311&ea=0&frm=23&biw=1600&bih=1200&isw=240&ish=400&oid=2&adxs=1103&adys=2737&adks=1402028754&ucis=12evqef7h4jm&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&nhd=1&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&loc=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&top=filecr.com&vis=1&scr_x=0&scr_y=0&psz=240x0&msz=240x0&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=57298157&ga_fc=true&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js?31064764
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1c3b9dcf4ade8c6f0da3988c3e88b0d857ef18c25ada1d1663d8ec87385944
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
271
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://filecr.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame B9BF 		13 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022020301&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js?31064764
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8607fa9b7b52dff2039919eeef6ef94700fe031c7eb7ae30fab07da7abab6096
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9869
x-xss-protection
0
container.html
2cb0187cd3d20e6650642c04dbdfecbc.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B7B8 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://2cb0187cd3d20e6650642c04dbdfecbc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js?31064764
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Wed, 09 Feb 2022 14:11:52 GMT
expires
Thu, 09 Feb 2023 14:11:52 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
integrator.js
adservice.google.de/adsid/ Frame 6CB5 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=filecr.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 6CB5 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=filecr.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame 6CB5 		488 B
314 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3393490968827255&correlator=3106149372248611&output=ldjh&impl=fif&eid=31061815%2C31064151&vrg=2022020301&ptt=17&npa=1&sc=1&sfv=1-0-38&ecs=20220209&iu_parts=45361917%2C8CU709Q2E-855267286-Filecr_Homepage_KW_Unit_2_Right_Trail_Text_Only&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&prev_scp=crid%3D855267286%26mnet_segment%3D0.02%26mnet_variant%3D454%26pub_domain%3Dfilecr.com%26mnet_cc%3DDE&eri=4&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3ART%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&cdm=filecr.com&bc=31&abxe=1&dt=1644415912309&dlt=1644415911963&idt=331&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=600&oid=2&adxs=1077&adys=3747&adks=3155232644&ucis=w5galj9oycqo&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&nhd=1&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&loc=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&top=filecr.com&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1000069487&ga_fc=true&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
c047e10603da7c1f49ccbbc77511e61bdee37c847a5676cb6aebf38b17659618
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
284
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://filecr.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 6CB5 		13 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022020301&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
be1fd50f867c52b5d4434babd426c2eb2079b0466a8a8f225ccb6f4f27649506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9905
x-xss-protection
0
container.html
455beac1592b3ea97440f892c734097e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3638 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://455beac1592b3ea97440f892c734097e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Wed, 09 Feb 2022 14:11:52 GMT
expires
Thu, 09 Feb 2023 14:11:52 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 6CB5 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:11:52 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame B9BF 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js?31064764
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:11:52 GMT
nrrV64488.js
contextual.media.net/48/ Frame FC35 		91 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/48/nrrV64488.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
593ebc50af967aed389190da039e98318c661c139e628260d7f28bdc0612c195
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"d92bed54b54112a3f1dff6910592e8ef"
vary
Accept-Encoding
x-mnet-h
8-13
content-type
text/javascript; charset=utf-8
cache-control
max-age=1209600
date
Wed, 09 Feb 2022 14:11:52 GMT
content-length
30029
expires
Wed, 23 Feb 2022 14:11:52 GMT
nrrV64488.js
contextual.media.net/48/ Frame 232E 		91 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/48/nrrV64488.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU709Q2E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
593ebc50af967aed389190da039e98318c661c139e628260d7f28bdc0612c195
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"d92bed54b54112a3f1dff6910592e8ef"
vary
Accept-Encoding
x-mnet-h
8-13
content-type
text/javascript; charset=utf-8
cache-control
max-age=1209600
date
Wed, 09 Feb 2022 14:11:52 GMT
content-length
30029
expires
Wed, 23 Feb 2022 14:11:52 GMT
log
hblg.media.net/ 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hblg.media.net/log?logid=awlog&pid=8PR6J4JSU&itype=HB-CM&dn=filecr.com&cid=8CU5IBM9S&svr=2022020912_198&servname=hbcm_na&gdpr=1&csex=2&suc=0&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=0&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001644415912403036481820168150&vsid=&sd=-1&gtd=400&inid=0&gfd=&cc=DE&sc=HE&ct=FRANKFURT&abte=gcp_w&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=0&vw=1600&vh=1200&pht=5486&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&lbr=0&floc_id=&floc_ver=&id_details=&mnkv=&pabte=&pbcm=0&pvid=4&prvAccId=855267286&prvApiId=8CU709Q2E&exid=31&pcId=0000EEA&pseat=4-BID_API&mowxReqId=230955601135776391644415911961&crid=943717648&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&plcmtt=0&rtime=56&dtc=nydc&rtbsv2=&mp_seg%3C%3E=44629%23%2344632%23%2344635%23%2360232%23%2346948%23%2315607%23%2315610%23%2315613%23%2317212%23%2317243%23%2324022%23%2354934%23%2353492%23%2360148%23%2361085%23%237685%23%237688%23%237691%23%2317152%23%2317191%23%2360208&apid=1&wsip=c10-mowx-web-34&ltime=235&abs=0&ae=0&ftr%3C%3E=&ssregion=&ssreqid=&sssvnm=&bdp=0.02&cbdp=0.02&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=unknown&dfpBd=0.02&nms=1&di=&dt=O&epc=855267286&ogbdp=0.02&s=1&snm=success&dbf=1&bdata=sd2%3Dnull~bb%3D100~vv%3D0~erpm%3D0.01~ogerpm%3D0.01~bm%3D2.04~smm_sd%3D2022020821~sid%3D855267286~sd%3D-1~uid%3D2IaaI1H7Yasqc86mx9~dc2%3D1~btd%3D1767288533930769930066028906116699112741166153344555372486849371925123072~bat%3D0%2C0%2C0~scd%3Dbc~v_asn%3D31103~uim%3D102~dmm_strg%3Dnull~url_tkc%3D0~ss%3D1600x1200~uiw%3D34~ce%3D0~last%3D0~CI%3D2645~ip%3D3YToNq~fbb%3D0~riipua%3D0%2C0~nts%3D1~MP2%3D.*window.*~tb%3D-1~et%3D34~ct%3Drimavska%20sobota~rc%3D1~basis2%3D196~url_b%3D0.04~basis1%3D196~isRef%3D0~lc%3D0~url_tvi%3D0~smm_wr%3D3.5783~url_l%3D50~bid%3D0.02~dc%3D7~gcat%3D500502~ogbid%3D0.02%7C%7Ccbdp%3D0.02%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cdtc%3Dnydc%7C%7Cabte%3Dgcp_w%7C%7Chsw%3D%25%25HAS_SECOND_WINNER%25%25~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D300x600~bsb%3D0~bsp%3D0~tmx%3D200&cmpid=&bId=&pcrid=8CU709Q2E-855267286-6-1&ruct=0&brs=&brr=&iurl=https%3A%2F%2Fiurl-a.akamaihd.net%2Fybntag%3F%26cid%3D8CU709Q2E%26crid%3D855267286%26size%3D300x600%26requrl%3Dhttps%253A%252F%252Ffilecr.com%252Fwindows%252Fmicrosoft-office%253F%2526query%253Dquery%252520value%2526id%253D6347414880&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cclt%3D0%7Cfl_rl%3D1%7CssProfile%3D0%7Cdbr%3D1%7Ctkd%3Dnull&bfs=0&seat=BID_API&nbr=0&ba=204&ybnca_gbid=&ybnca_erpm=0.01&ybnca_vbid=&yogbdp=0.02&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=81738921291324581_937824812_94371764841&dStat=0&ogbid=0.02&acid=380044628560708971644415911961&act=headerBid&dtfdl=&dspltime=&ttfd=&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&adj1=0&adj0=0&adj2=0&adj3=0&patkey=&patint%3C%3E=&pc=&spSource=0&spIvt=3&spId=&spFst=0&spIsReq=3&spTo=3&top=0&btm=0&lft=0&rght=0&mx_SD=&mx_PC=1&mx_SPRIG=1&mx_UCC=2&mx_lr_seg_cnt=0&mx_GCID=0&mx_IAB2=1&mx_ip_exp_verd=&mx_vsGap=&mx_epbc=8CU709Q2E&mx_bsBucket=0&mx_ssProfile=0&mx_lr=0&mx_g_one_uid_sent=None&mx_uid_sent=0&mx_yhs_enabled=&mx_SC=0&mx_lr_seg_deal=0&mx_yhs_target_bidders=&mx_g_uid_cvrg=&mx_mrpp_key=&mx_maq_call=false&mx_divid=&mx_dfpadpath=&mx_g_uid_sent%3C%3E=&mx_BCN_BF=&mx_BCE=&mx_BCI=&mx_BCT=&mx_BCN_YHS=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=0&mx_supply_path=&mx_sbp=-10&mx_yhs_selected_deal=&mx_tgs=300x600&mx_TAS=&mx_asset_id=&mx_adnm=&mx_aurl_hc=0&mx_yhs_deal_sent=&mx_aqcpl_crid=0&mx_aabpc=0&mx_adid=&mx_nsz=1&mx_isLossNtf=false&mx_aurt=0&mx_gpid_sent=false&pgcatiab=IAB3-4&pgcatiab2=602&pgcatsprig=1344&gFunDl=false&ngFunDl=false&rDl=false&actltime=237&auMxTm=&brf=0&dcs=&dfpDiv=&dfpPos=&dfpAdPath=&lper=1&td=r%3Dstr%7Cab%3D0%7C&oyaf=0&sbdrid=454&ra_sz=300x600&tk=&sc_pvid=&sc_ogbdp=0&sc_adj1=0&sc_adj0=0&sc_adj2=0&sc_prspt=&sc_act=&sc_bdata=&sc_bdp=0&sc_cbdp=0&sc_bId=&sc_cat=&sc_cmpid=&sc_advId=&sc_advNm=&sc_advUrl=&udc=&rti=-1&rme=ADPTR&bbdrid=&requrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3F%26query%3Dquery%2520value%26id%3D6347414880&kwrf=&epurl=
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.35.v20201120) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:52 GMT
server
Jetty(9.4.35.v20201120)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Wed, 09 Feb 2022 14:11:52 GMT
truncated
/ Frame 232E 		107 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame FC35 		430 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc037f53507ee9ef7b334b632b85b88a4ed22128458f100200289626f159d67a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame FC35 		107 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
Titillium_Regular.woff
res-a.akamaihd.net/__media__/fonts/Titillium_Regular/ Frame FC35 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://res-a.akamaihd.net/__media__/fonts/Titillium_Regular/Titillium_Regular.woff
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
92.123.194.171 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-194-171.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
75308b2efe76fc8e98d623d0ade7ab164b8bfebfe00d1fc36687a0f50109f263

Request headers

Referer
https://filecr.com/
Origin
https://filecr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 09 Feb 2022 14:11:52 GMT
Last-Modified
Mon, 16 May 2016 10:39:41 GMT
Server
nginx
ETag
"5739a36d-74b0"
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
29872
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E0EB 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Wed, 09 Feb 2022 14:07:00 GMT
expires
Thu, 09 Feb 2023 14:07:00 GMT
cache-control
public, max-age=31536000
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
content-type
text/html
age
292
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 9E4F 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
0409cfba90dfd7ff958a88042d055afeaedf7112245f7dfa204f4e1d605328a9
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-DTToH2nA0BandjEfTB5JsA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Wed, 09 Feb 2022 14:11:52 GMT
date
Wed, 09 Feb 2022 14:11:52 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-DTToH2nA0BandjEfTB5JsA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
512
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
TitiliumWebRegular.woff
res-a.akamaihd.net/__media__/fonts/TitiliumWebRegular/ Frame 232E 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://res-a.akamaihd.net/__media__/fonts/TitiliumWebRegular/TitiliumWebRegular.woff
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
92.123.194.171 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-194-171.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2f1779d6d7ce15adeb7dff619526eae00fadb9dfdd48de710c9c53af10980bf8

Request headers

Referer
https://filecr.com/
Origin
https://filecr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 09 Feb 2022 14:11:52 GMT
Last-Modified
Wed, 31 Aug 2016 16:41:12 GMT
Server
nginx
ETag
"57c708a8-6e80"
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
28288
81a92e01-6661-460e-81d8-fc9855e813db.jpg
cvision.media.net/new/175x95/2/21/37/232/ Frame 232E 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/2/21/37/232/81a92e01-6661-460e-81d8-fc9855e813db.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
83975a92e1d180217901257877a34a5873823b84a0125a8d5c30840235c90cea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
last-modified
Thu, 30 May 2019 01:14:45 GMT
server
nginx
accept-ranges
bytes
etag
"5cef2e85-4263"
content-length
16995
content-type
image/jpeg
0a4502f7-c165-4e41-9031-dd5235401e37.jpg
cvision.media.net/new/175x95/2/151/31/184/ Frame 232E 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/2/151/31/184/0a4502f7-c165-4e41-9031-dd5235401e37.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
dbfcc6490f64e44df4da2b366c50e819abc68cacdfcd81f8ec7f91c7ab35ff27

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
last-modified
Sat, 10 Oct 2020 14:00:15 GMT
server
nginx
accept-ranges
bytes
etag
"5f81be6f-3ba0"
content-length
15264
content-type
image/jpeg
b3b5c460-a8f0-498d-9168-5959df0e849c.jpg
cvision.media.net/new/175x95/3/49/106/189/ Frame 232E 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/3/49/106/189/b3b5c460-a8f0-498d-9168-5959df0e849c.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
daa5a6bcff74bacdf2a5fa2fac05b4e3c879fa142901ae6c2dad103bb700a727

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
last-modified
Sat, 31 Oct 2020 20:48:44 GMT
server
nginx
accept-ranges
bytes
etag
"5f9dcdac-36c2"
content-length
14018
content-type
image/jpeg
c761728c-72b3-4f46-87e4-a6cd8d072484.jpg
cvision.media.net/new/175x95/2/199/139/20/ Frame 232E 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/2/199/139/20/c761728c-72b3-4f46-87e4-a6cd8d072484.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
0436e40135c028fe26cf6b445cd2ef5a55cac747ca1abdfd4a5dd61293995871

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
last-modified
Mon, 19 Mar 2018 05:43:10 GMT
server
nginx
accept-ranges
bytes
etag
"5aaf4dee-355e"
content-length
13662
content-type
image/jpeg
abd50992-d480-44f0-8e76-c0aa722acaa6.jpg
cvision.media.net/new/175x95/2/21/2/212/ Frame 232E 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/2/21/2/212/abd50992-d480-44f0-8e76-c0aa722acaa6.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
4ef36a3cc70bb8b63e873bfd3d1a7e97794443161f38851c42bb51879391c49c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
last-modified
Mon, 19 Mar 2018 01:34:47 GMT
server
nginx
accept-ranges
bytes
etag
"5aaf13b7-41a0"
content-length
16800
content-type
image/jpeg
727194a2-bb2e-4b78-8c6b-75685e59ef88.jpg
cvision.media.net/new/175x95/2/212/244/50/ Frame 232E 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/2/212/244/50/727194a2-bb2e-4b78-8c6b-75685e59ef88.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
aded5bc07bb3385f03851037ef55a4a235f25c24d2c6ee355b853f8898888264

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
last-modified
Mon, 15 Feb 2021 11:28:29 GMT
server
nginx
accept-ranges
bytes
etag
"602a5add-2b10"
content-length
11024
content-type
image/jpeg
e9318584-cb7a-4c84-9a94-867e7e31b317.jpg
cvision.media.net/new/175x95/2/122/244/84/ Frame 232E 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cvision.media.net/new/175x95/2/122/244/84/e9318584-cb7a-4c84-9a94-867e7e31b317.jpg?v=9
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
908c1604fe10d787ed9faf792055aa2a209bfbe1b81a5eee1f94e99be3024dbd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
last-modified
Mon, 19 Mar 2018 06:05:36 GMT
server
nginx
accept-ranges
bytes
etag
"5aaf5330-44f6"
content-length
17654
content-type
image/jpeg
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame AA37 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Wed, 09 Feb 2022 14:07:00 GMT
expires
Thu, 09 Feb 2023 14:07:00 GMT
cache-control
public, max-age=31536000
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
content-type
text/html
age
292
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame BED1 		783 B
736 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
33cc054c266a27f4195cc81fab4db7bac939a95f4575d0ad1368d727f9343cef
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-sNTMmRsrK81bquG0Dn8oNQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Wed, 09 Feb 2022 14:11:52 GMT
date
Wed, 09 Feb 2022 14:11:52 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-sNTMmRsrK81bquG0Dn8oNQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
512
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
localstore.js
script.4dex.io/ 		483 B
942 B 		Script
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1207226
x-amz-request-id
tx55e0171528d74adb9309d-0061f15fee
x-amz-id-2
tx55e0171528d74adb9309d-0061f15fee
last-modified
Wed, 26 Jan 2022 14:43:29 GMT
server
cloudflare
etag
W/"922cffdd75f7192f75231d92684885aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ST3ef27CHZAiek4ROfjnwXfd6JZQdgfngs%2F%2Bk7Z7XuWCnVIaURYG3RnHU0cDouyBFipCYVUEzHgKjCoUXfPJxOVakqJRWQZ6TbDtw%2FcZZTj45JMa193vLRi60%2BgzHeMf0Of9h4tXSonmubs9"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=1800
x-amz-version-id
1643208209303360
cf-ray
6dadb07daa58915c-FRA
prebid-request
onetag-sys.com/ 		15 B
357 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip252.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin
https://filecr.com
cache-control
no-transform, no-cache
access-control-allow-credentials
true
content-type
application/json
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
fastlane.json
fastlane.rubiconproject.com/a/api/ 		306 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=386922&zone_id=2155654&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!buysellads.com,13694,1,,,&rf=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&tk_flint=pbjs_lite_v4.43.0&x_source.tid=001f7153-173c-4613-8202-f7a4cf140ae9&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4089075650860736
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
5485f26ab06c1fce2ee3052c66c714f1ef809de09c5fab4beaab74e7b382a094

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:52 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://filecr.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
306
Expires
Wed, 17 Sep 1975 21:32:10 GMT
display
mantodea.mantisadnetwork.com/prebid/ 		56 B
337 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/display?tz=0&buster=1644415912537&secure=true&version=9&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&measurable=true&bids[0][bidId]=6b652da5c98b1b&bids[0][config][property]=6115725d81c45d000f945f3e&bids[0][config][zone]=FileCR_S2S_Leaderboard_ROS_ATF&bids[0][sizes][0][width]=728&bids[0][sizes][0][height]=90&bids[0][sizes][1][width]=970&bids[0][sizes][1][height]=90&bids[0][sizes][2][width]=970&bids[0][sizes][2][height]=250&property=6115725d81c45d000f945f3e&foo
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.80.147.122 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-80-147-122.compute-1.amazonaws.com
Software
/ Express
Resource Hash
19fc68709c711efb3ff32e46a0bd996def8d1b9a281391604f6552ab84269a0f

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:52 GMT
x-powered-by
Express
etag
W/"38-igFrrS6i/GHMYX8VZE9yQFr0gj0"
vary
Origin
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://filecr.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
56
expires
-1
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
110 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.184.27.79 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-184-27-79.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://filecr.com
date
Wed, 09 Feb 2022 14:11:52 GMT
access-control-allow-credentials
true
vary
Origin
adreq
ads.servenobid.com/ 		645 B
679 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/adreq?cb=4702
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.171.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-171-24.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
814eaa5fd7c8d187181cda7c49dcc436c92c4c488001691a82ef0ca39e557d3d

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://filecr.com
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/ 		144 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
b322b7014ac6581816262893648d6f31d242a5466e3c1268a2d4363471b424b1
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:52 GMT
X-Proxy-Origin
217.114.215.131; 217.114.215.131; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
abc22678-00be-491d-b986-eff6dd2c87de
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://filecr.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		358 B
704 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&CanonicalUrl=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%2F&PublisherDomain=https%3A%2F%2Ffilecr.com
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.255.84.151 Paris, France, ASN200271 (IGUANE-, FR),
Reverse DNS
Software
ayl-lb-fra02 /
Resource Hash
dc6e380f29dd967244b416ac3dffc7fcc345113af9b7a51337bd0eef22f32154
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:52 GMT
x-content-type-options
nosniff
server
ayl-lb-fra02
vary
Accept-Encoding
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://filecr.com
access-control-max-age
3600
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
49
access-control-allow-headers
Accept-Encoding, Content-Type
content-length
358
expires
0
prebid
mp.4dex.io/ 		99 B
572 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b4966d0d0a38f56595d4f8f59e77deba826ffb2c9b349605d51da270130d196

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

cf-ray
6dadb07dbbb95c6e-FRA
pragma
no-cache
date
Wed, 09 Feb 2022 14:11:52 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://filecr.com
expires
0
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-encoding
gzip
x-err
Validating the Prebid Request adunits. Sampled or No valid non-debug AdUnits
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969544017c7c276e6e27f4ecfe0019&pos=8a9691a0017c7c276934280b04cd001d&cmd=bid&secure=1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
2a9336e9fbbd930bfab70480566b4d5994443884702ad0a10bcf99b8ffdb8242

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://filecr.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969544017c7c276e6e27f4ecfe0019&pos=8a969544017c7c276e6e280a57d4001b&cmd=bid&secure=1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
95c245d493b2e08268f7e3bee46b2b2bea5b01a52dd1ad103f7f56ccb71de7f4

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://filecr.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
288 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969544017c7c276e6e27f4ecfe0019&pos=8a969d17017c7c2764ee2809e73b0016&cmd=bid&secure=1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e0304d9017fa7616d43ccbfd0b53758d9d7a6a9c9e4b5b5bb3ba652cd52608e6

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://filecr.com
access-control-allow-credentials
true
content-length
62
auction
tlx.3lift.com/header/ 		19 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=4.43.0&referrer=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&tmax=900
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.163.83 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-163-83.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:52 GMT
content-type
application/json; charset=utf-8
access-control-allow-origin
https://filecr.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
cdb
bidder.criteo.com/ 		18 B
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.43.0&cb=72279235570
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://filecr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://filecr.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
44
p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
pagead2.googlesyndication.com/bg/ Frame AA37 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a79a5f0cc3f8ccdf2355f8af3f8351e26ca4a2af5254fa5203d7f2346b6fe28e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 07:53:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
22714
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13808
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 07:53:18 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 9E4F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022020301&jk=3393490968827255&rc=
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ Frame BED1 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022020301&jk=592967787732762&rc=
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers
p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
pagead2.googlesyndication.com/bg/ Frame E0EB 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a79a5f0cc3f8ccdf2355f8af3f8351e26ca4a2af5254fa5203d7f2346b6fe28e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 07:53:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
22714
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13808
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 07:53:18 GMT
adagio.js
script.4dex.io/ 		71 KB
23 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7447c1664f6a06328cd895a4914acad40ad47827ebe00becbd570138ff7e785c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1207084
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-request-id
tx986efc69e6ee4096a9fbd-0061f15ff5
x-amz-id-2
tx986efc69e6ee4096a9fbd-0061f15ff5
last-modified
Wed, 26 Jan 2022 14:43:28 GMT
server
cloudflare
etag
W/"88567a823cfd2840dd0a3198b929d466"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LW0xhcyXPD8MBd%2BZy93WRrN0KB9qs2DxUFh9BVNJ4HkTwJdCW4Fr0cwpOi4dTa2cE330QNBJa8TZsVZtqzwNng5m3Ov1schZDGnLnaA0jAiolFW78vkfku9cygv%2FO0Hqkb2kUhw0Sb65CKjk"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800
access-control-allow-credentials
true
x-amz-version-id
1643208208262354
cf-ray
6dadb07e6f629241-FRA
access-control-allow-headers
Authorization
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/ 		150 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/reactive_library_fy2019.js?bust=31064716
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
998c8df172348a7eed85d2d7a25cca359d1cb5a8482e8b20c06699158ee3ecbe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54417
x-xss-protection
0
server
cafe
etag
4300253410921569799
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 09 Feb 2022 14:11:52 GMT
bql.php
lg3.media.net/ Frame FC35 		15 B
216 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001644415911920036481820161855&geo=50.12|8.68&lper=100&bdrid=7&fp=Nl0xqFbJAHUEHmTY6G8uVa7mxBNcilWzEdi9pJKsRRh3zTRFpJ0kod_MXgCf_8FZFbNsa3cdOIKeNzNP5k6qwy6uWtsTf-QdXFc8E4U8-0LIgFC33WYgrC9OmnBukcgz&lpid=&tsid=2338&q=&prv=&type=&ps=&cme=vxOR5UpBBSJS2DwKATtUrszkklio8jInx0Zswbc78wj2iOLX3-TTAsIRuxXwgtqnAjmrI7mXSWvl0MZqlIFyz-KeO01Fj085azVPaWJJGhoF7cZlyHj9wkfP9Wbf424MqlLyf_uVtLT9WYeYFhtH4WSZlpvzayOxh00zMgU75VThsFzb9UrkC50F4o0A5DR0ub4PoAg3CIYq7ZOW9uggyQ%3D%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7CzT5Md2DTyJDBmnk4lkFPyA%3D%3D%7CsRBSg3CPSiQ%3D%7CYdjFvixrVaFXqwBBP0Bt8sQp8UU6jVJJy4qrouRr2ZztLVLoWc6hOk8sWz-EojPAa5rx0r0GCXd3U68LflqZmwZDzI_72fyRyoO7U3KywXc%3D%7CN7fu2vKt8_s%3D%7CpVu6LaRFuVyL8zkxUYL7Tv0Z5k7ofc6FsgEUNfZPbGt2spncsMU_552ihQEkrChLc6QhlfGPYMPqjp6_JAbmQDBuxCfDy-7-5QCxNn-AMX4DzJz0qWM53IfMVfBlBGiOfGKvpVGFk1oryKikwqbAzr42n7TOo5WJcwdknJmAC6Xm89tczIAGDvYSj-kQhLlGGPFcu6D4P9_Q7hVHNHDq-gN7bfHdqz8Yz4Jsr81GDmo%3D%7C&hint=&td=&cc=DE&wsip=2886781338&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=0&vgde_kbbh=WoNWNY&vgde_setid=NW&&rc=0&ksu=75&vgd_opp_id=153740453778038591644415911941&fdkt=240&kwd[]=Top%20Antivirus%20For%20Windows%2010&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=1&kid[]=330006220&kbc2[]=rps_60%3D0.08%7C%7Crps%3D0.08%7C%7Cps%3D0.609%7C%7Crpc%3D0.91%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Best%20Antivirus%20Software%202021&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=2&kid[]=329900792&kbc2[]=rps_60%3D0.56%7C%7Crps%3D0.56%7C%7Cps%3D0.609%7C%7Crpc%3D0.40%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Best%20VPN%20Service&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=3&kid[]=324952854&kbc2[]=rps_60%3D0.86%7C%7Crps%3D0.86%7C%7Cps%3D0.609%7C%7Crpc%3D0.43%7C%7Clvl%3D1.00&ktd[]=274911592704&kwd[]=Best%20Antivirus%20for%20Windows&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=4&kid[]=48770207&kbc2[]=rps_60%3D0.56%7C%7Crps%3D0.56%7C%7Cps%3D0.609%7C%7Crpc%3D0.40%7C%7Clvl%3D1.17&ktd[]=274911592704&kwd[]=Time%20Tracking%20Software&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=5&kid[]=28491148&kbc2[]=rps_60%3D0.27%7C%7Crps%3D0.27%7C%7Cps%3D0.609%7C%7Crpc%3D0.27%7C%7Clvl%3D1.00&ktd[]=274911592704&kwd[]=Best%20Accounting%20Software%20For%20Contractors%20Deals&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=6&kid[]=330002769&kbc2[]=rps_60%3D0.41%7C%7Crps_12%3D0.73%7C%7Crps%3D0.44%7C%7Cps%3D0.609%7C%7Crpc%3D0.11%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Recommended%20Antivirus%20Software&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=7&kid[]=23989256&kbc2[]=rps_62%3D2.60%7C%7Crps_60%3D0.56%7C%7Crps_12%3D0.45%7C%7Crps%3D0.62%7C%7Cps%3D0.609%7C%7Crpc%3D0.18%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Camions%20militaires%20d%27occasion&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=8&kid[]=329484539&kbc2[]=rps_60%3D0.45%7C%7Crps_12%3D0.75%7C%7Crps%3D0.46%7C%7Cps%3D0.609%7C%7Crpc%3D0.18%7C%7Clvl%3D1.00&ktd[]=274894815488&rand=1644415912441&cid=8CU709Q2E&vwid=1644415911219002771&vi=1644415911219002771&l3ch=0&slnkp=no&bdrct=0.00&vgd_mseg=0.00&vgd_rt=249&bto=102&tdAdd[]=rtbsd%3D10&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1644415911149751287&vgd_l1rhst=contextual.media.net&vgd_lhl=719&vgd_ifrmode=00&sttm=1644415911920&upk=1644415912.1619&hvsid=00001644415911920036481820161855&verid=3121199&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D31103&vgd_hbReqId=T1644414336C8S37U73&vgd_isiolc=1&rtbsd=10&vgd_pgid=p1743623112t202202091411&matm=1644415912447&vgd_ltime=821&vgd_ltimesrc=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D31103&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_pdtid=1&vgd_implt=3&vgd_dfp_tgt=%7B%22crid%22%3A%22158962444%22%2C%22mnet_segment%22%3A%220.00%22%2C%22mnet_variant%22%3A%2250%22%2C%22pub_domain%22%3A%22filecr.com%22%2C%22mnet_cc%22%3A%22DE%22%7D&vgd_sbSup=1&vgd_l2wsip=2886781338&vgd_nrrsf=nrr&vgd_nrrv=64488&vgd_nrrs=64488&vgd_nrrmf=48&vgd_cntrdt=AS%7CDIV-158962444%7CDIV-filec-822354691&vgd_x_pos=1077&vgd_y_pos=2737&vgd_ren_page_h=5486&vgd_cty=FRANKFURT&vgd_l1hcsd=N6%7C949&vgd_sethcsd=A16%7C949&vgd_cfud=200415&vgd_is_amp=0&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=292_150&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=1&oRurl=http%3A%2F%2Fcdng%2Ffcmain.js%3F%26esi%3D1%26%26fvips%3D0%26vpf%3D000%26chost%3Dcontextual.media.net%26cb%3Dwindow._mNDetails.initAd%26%26gdpr%3D1%26cid%3D8CU709Q2E%26cpcd%3DJ4KyVMDqN4ojQ3TohxUIjg%253D%253D%26crid%3D158962444%26size%3D270x416%26cc%3DDE%26chnm%3DFilecr%26https%3D1%26vif%3D1%26requrl%3Dhttps%253A%252F%252Ffilecr.com%252Fwindows%252Fmicrosoft-office%253F%2526query%253Dquery%252520value%2526id%253D6347414880%26nse%3D5%26vi%3D1644415911219002771%26lw%3D1%26ugd%3D4%26rtbs%3D1%26hlt%3D1%26dfp%3D1%26nb%3D1%26blacpfl%3D1%26baeFlag%3D1%26blapd%3D0%26isOffice%3D0&tdAdd[]=uiparams%3D%3Brend_w%3A292%3Brend_h%3A150%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A8&vgd_end=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/48/nrrV64488.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Wed, 09 Feb 2022 14:11:52 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Wed, 09 Feb 2022 14:11:52 GMT
bql.php
lg3.media.net/ Frame 232E 		15 B
216 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001644415911959036481820168010&geo=50.12|8.68&lper=100&bdrid=4&subBdr=454&fp=Nl0xqFbJAHUEHmTY6G8uVa7mxBNcilWzEdi9pJKsRRh3zTRFpJ0kod_MXgCf_8FZFbNsa3cdOIKeNzNP5k6qwy6uWtsTf-QdZA752dYdC1Obk03DdrLM5w%3D%3D&lpid=&tsid=18&q=&prv=&type=&ps=&cme=9YhMspLYnVA3ABpAK6HPqHrrwrXEia1wCDjrCFZv9OIq__rDvYb2M9jBf7mto9v9UnBmqM4FVA2HJI6Uaq1ZHV88JOBlURBzV3uN5X4ysbLhgMDXMEKVp7aU9qSLz1A5rt_kqK0Ulqad7NMUGL4VQKDeM3UxkLvqnOeVIktRyZqimxKPWDwrw1L7JXJNcoTe2Mo_E9bnwqtTotIe9_sUZg%3D%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7CzT5Md2DTyJDBmnk4lkFPyA%3D%3D%7CsRBSg3CPSiQ%3D%7CYdjFvixrVaFXqwBBP0Bt8sQp8UU6jVJJy4qrouRr2ZztLVLoWc6hOk8sWz-EojPAa5rx0r0GCXd3U68LflqZmwZDzI_72fyRyoO7U3KywXc%3D%7CN7fu2vKt8_s%3D%7CF3J-eIwrhjAzh9V5r5eDIAb_1bNf8_yCOAvwk9ITGxp09G33Hx1-rXYwerGHtKL68lyWsnVCH700uN1nUurO6ZKyHUEWN7pVHbaRW0E0TLzu8Cm1aJfYFt9oKzkRG-4mahhk1erUw7r2DysZ3RVZPzRTLhemC7u9THXZVBMAqsGQJExBR2zrU5s6u5wBFmTA3ow6k90nZlUF3ojG9ovllmerTuA297Y0%7C&hint=&td=&cc=DE&wsip=2887305229&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=0&vgde_kbbh=u9oNu9&vgde_setid=Nu9&&rc=0&ksu=75&vgd_opp_id=380044628560708971644415911961&fdkt=240&kwd[]=Top%20Antivirus%20For%20Windows%2010&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=1&kid[]=330006220&kbc2[]=ir%3D1%7C%7Ciid%3D12175424%7C%7Cps%3D0.061%7C%7Crpc%3D0.91%7C%7Clvl%3D1.00&ktd[]=277042299136&kwd[]=Best%20Antivirus%20Software%202021&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=2&kid[]=329900792&kbc2[]=ir%3D1%7C%7Ciid%3D13183894%7C%7Cps%3D0.061%7C%7Crpc%3D0.40%7C%7Clvl%3D1.00&ktd[]=277042299136&kwd[]=Best%20VPN%20Service&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=3&kid[]=324952854&kbc2[]=ir%3D1%7C%7Ciid%3D9628745%7C%7Cps%3D0.061%7C%7Crpc%3D0.43%7C%7Clvl%3D1.00&ktd[]=275716899072&kwd[]=Best%20Antivirus%20for%20Windows&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=4&kid[]=48770207&kbc2[]=ir%3D1%7C%7Ciid%3D5645698%7C%7Cps%3D0.061%7C%7Crpc%3D0.40%7C%7Clvl%3D1.17&ktd[]=275716899072&kwd[]=Time%20Tracking%20Software&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=5&kid[]=28491148&kbc2[]=ir%3D1%7C%7Ciid%3D6531934%7C%7Cps%3D0.061%7C%7Crpc%3D0.27%7C%7Clvl%3D1.00&ktd[]=275716899072&kwd[]=Best%20Accounting%20Software%20For%20Contractors%20Deals&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=6&kid[]=330002769&kbc2[]=ir%3D1%7C%7Ciid%3D16650785%7C%7Cps%3D0.061%7C%7Crpc%3D0.11%7C%7Clvl%3D1.00&ktd[]=277042299136&kwd[]=Recommended%20Antivirus%20Software&kwt[]=240&kbc[]=4fc7242d597c1a7bb83b1312ebdcdbf0.d2s&kwp[]=7&kid[]=23989256&kbc2[]=ir%3D1%7C%7Ciid%3D5615048%7C%7Cps%3D0.061%7C%7Crpc%3D0.18%7C%7Clvl%3D1.00&ktd[]=277042299136&rand=1644415912459&cid=8CU709Q2E&vwid=1644415911921107472&vi=1644415911921107472&l3ch=0&slnkp=no&bdrct=0.02&vgd_mseg=0.02&vgd_rt=237&bto=0&tdAdd[]=rtbsd%3D10&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1644415911149751287&vgd_l1rhst=contextual.media.net&vgd_lhl=1601&vgd_ifrmode=00&vgd_matchstr=hr%3D0&sttm=1644415911959&upk=1644415912.1619&hvsid=00001644415911959036481820168010&verid=3121199&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D31103&vgd_hbReqId=T1644414336C8S37U73&vgd_isiolc=1&npgv=1&rtbsd=10&bidData=sd2%3Dnull~bb%3D100~vv%3D0~erpm%3D0.01~ogerpm%3D0.01~bm%3D2.04~smm_sd%3D2022020821~sid%3D855267286~sd%3D-1~uid%3D2IaaI1H7Yasqc86mx9~dc2%3D1~btd%3D1767288533930769930066028906116699112741166153344555372486849371925123072~bat%3D0%2C0%2C0~scd%3Dbc~v_asn%3D31103~uim%3D102~dmm_strg%3Dnull~url_tkc%3D0~ss%3D1600x1200~uiw%3D34~ce%3D0~last%3D0~CI%3D2645~ip%3D3YToNq~fbb%3D0~riipua%3D0%2C0~nts%3D1~MP2%3D.*window.*~tb%3D-1~et%3D34~ct%3Drimavska%20sobota~rc%3D1~basis2%3D196~url_b%3D0.04~basis1%3D196~isRef%3D0~lc%3D0~url_tvi%3D0~smm_wr%3D3.5783~url_l%3D50~bid%3D0.02~dc%3D7~gcat%3D500502~ogbid%3D0.02%7C%7Ccbdp%3D0.02%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cdtc%3Dnydc%7C%7Cabte%3Dgcp_w%7C%7Chsw%3D%25%25HAS_SECOND_WINNER%25%25~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D300x600~bsb%3D0~bsp%3D0~tmx%3D200&matchString=hr%3D0&vgd_pgid=p1743623112t202202091411&matm=1644415912467&vgd_ltime=794&vgd_ltimesrc=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D31103&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_pdtid=1&vgd_implt=3&vgd_dfp_tgt=%7B%22crid%22%3A%22855267286%22%2C%22mnet_segment%22%3A%220.02%22%2C%22mnet_variant%22%3A%22454%22%2C%22pub_domain%22%3A%22filecr.com%22%2C%22mnet_cc%22%3A%22DE%22%7D&vgd_sbSup=1&vgd_l2wsip=2887305229&vgd_nrrsf=nrr&vgd_nrrv=64488&vgd_nrrs=64488&vgd_nrrmf=48&vgd_cntrdt=AS%7CDIV-855267286%7CDIV-filec-1297072126&vgd_x_pos=1077&vgd_y_pos=3497&vgd_ren_page_h=5486&vgd_cty=FRANKFURT&vgd_l1hcsd=N6%7C949&vgd_sethcsd=A16%7C949&vgde_bdata=QOfvzxjj~GGvu99~eev9~JLEYv9.9u~myJLEYv9.9u~GYvf.9H~QYYMQOvf9ff9f9Wfu~Q8OvWXXfFhfWF~QOvou~x8OvfV11Vuqh31Q%20NWFY-i~ONfvu~G7OvuhFhfWWXAAiA9hFiiA99FF9fWi9FuuFFiiuufhHuuFFuXAAHHXXXAhfHWFWHiAhuifXufA9hf~G17v9%2C9%2C9~QNOvGN~eM1QzvAuu9A~x8Yvu9f~OYYMQ7Lyvzxjj~xLjM7UNv9~QQvuF99-uf99~x8BvAH~NJv9~j1Q7v9~%3DVvfFHX~8EvA3_mI%20~kGGv9~L88Ex1v9%2C9~z7Qvu~c0fv.*B8zOmB.*~7Gvou~J7vAH~N7vL8Y1eQU1nQmGm71~LNvu~G1Q8QfvuiF~xLjMGv9.9H~G1Q8QuvuiF~8QDJkv9~jNv9~xLjM7e8v9~QYYMBLvA.XhWA~xLjMjvX9~G8Ov9.9f~ONvh~yN17vX99X9f~myG8Ov9.9f%7C%7CNGOEv9.9f%7C%7CGkj1yv9%7C%7CQmGEv9%7C%7COO8ev%25%25rs0MrV%2F%25%25%7C%7COYYv%25%25rcbMb_DK_4Z3%25%25%7C%7CO7Nvz5ON%7C%7C1G7JvyNEMB%7C%7CwQBv%25%25qKbMb4%3DaIrMpVII4D%25%25~8GNvu~OO7vou~zQlvu~7yQvA99-F99~GQGv9~GQEv9~7Y-vf99&vgd_cfud=210405&vgd_is_amp=0&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=292_469&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&oRurl=http%3A%2F%2Fcdng%2Ffcmain.js%3F%26esi%3D1%26%26fvips%3D0%26vpf%3D000%26chost%3Dcontextual.media.net%26cb%3Dwindow._mNDetails.initAd%26%26gdpr%3D1%26cid%3D8CU709Q2E%26cpcd%3DJ4KyVMDqN4ojQ3TohxUIjg%253D%253D%26crid%3D855267286%26size%3D300x600%26cc%3DDE%26chnm%3DFilecr%26https%3D1%26vif%3D1%26requrl%3Dhttps%253A%252F%252Ffilecr.com%252Fwindows%252Fmicrosoft-office%253F%2526query%253Dquery%252520value%2526id%253D6347414880%26nse%3D5%26vi%3D1644415911921107472%26lw%3D1%26ugd%3D4%26rtbs%3D1%26hlt%3D1%26dfp%3D1%26nb%3D1%26blacpfl%3D1%26baeFlag%3D1%26blapd%3D0%26isOffice%3D0&tdAdd[]=uiparams%3D%3Brend_w%3A292%3Brend_h%3A469%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A7&vgd_end=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/48/nrrV64488.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.253.103 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-253-103.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Wed, 09 Feb 2022 14:11:52 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Wed, 09 Feb 2022 14:11:52 GMT
generate_204
tpc.googlesyndication.com/ Frame AA37 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?r3ylMw
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
generate_204
tpc.googlesyndication.com/ Frame E0EB 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?VldepQ
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012201141909000/ Frame 949E 		220 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8ade0d94aaf4b3d52776b75609e8d1c31995677a0a033a6fa2408425da07740
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
19377
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61542
x-xss-protection
0
server
sffe
date
Wed, 09 Feb 2022 08:48:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"00d9ef7efeb287da"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 09 Feb 2023 08:48:55 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 949E 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cb696ecd7c4f31fdd7c7c1cc37e8efc29614fbcbadf74f455aa496d72ce33250
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504034
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5698
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"919adc590e0ff503"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 949E 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-analytics-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc83fe6d180fd859f448bacd040799bf379ee7e0d9b1e6c3f19499c1c4358864
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504034
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29570
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"c52208c2e07002d5"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 949E 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-fit-text-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea29de07cdb14f2c6c59c06fdcd4ec30c2030b3ba8ee6a0aa325085496b9a94d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
48569
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1851
x-xss-protection
0
server
sffe
date
Wed, 09 Feb 2022 00:42:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"76a8c96b6aaec2c9"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 09 Feb 2023 00:42:23 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 949E 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-form-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7d040d5e84706dac2d471ad33830bd0ae361ca06e53e72e817701478c6d5afa
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
104586
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13611
x-xss-protection
0
server
sffe
date
Tue, 08 Feb 2022 09:08:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"7aefe3fe93cc7383"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 08 Feb 2023 09:08:46 GMT
amp-gwd-animation-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame 949E 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-gwd-animation-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
521a8eaf8c4a2ba9501acfdf35b7d1ebb4bbb4c7aca2d4ee43e01984d73991e5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504034
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2661
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d259f7ea2431535d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
css
fonts.googleapis.com/ Frame 949E 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Noto+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6823285eb46b5b3f5c60cedb96d66a4d18bdc335096705d9f9c72aa681ddab5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 12:52:16 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Feb 2022 14:11:52 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Feb 2022 14:11:52 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 949E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
16214
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 949E 		295 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
15527
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:53:05 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 949E 		0
21 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CMOr1qMsDYqbYDNiKxdwPl5CdcKDyvOphwZXVnbcPpOfy7ZUCEAEg1cKUdWCV-vCBjAegAanV7MICyAEJqQLiqQ6JljGzPqgDAcgDCKoE5wFP0BwnI4aJZTSYBFfCfx7xFUv5uzoMP8wNirenuMAkAtKC57yS8_0NvBDn5VpepA-WB0cqoEZ7eZzpp-Ku2Pk5b71e_OxEN-fgja7O5qhyx9_fdC3f-tPIAiXWMNmcWak1K0POhVwtGDUvxMhuS55mq3R9o-0OuQ8gX67d4E9VSIw30L_JY358DVrW-fmlnQK8I61rkzC44SP36_eyEMjdim8cX7gWscIIqIWk_m1PSmg-dUCEpKmypBjiatDuE-zXWdVNdOvuK6aA9XuQEBUxEvBmC8qUzpIaYmFKp_ZxCbpIVvMum9fABMj2ytKvA5IFBAgEGAGSBQQIBRgEoAYugAe_qpO9AagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEENWOEtIICQiA4YAQEAEYH4AKAcgLAdgTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi0zNTUzNTA4OTgzMTcyNjkyGAA&sigh=Usrn4nu3DQ4&uach_m=[UACH]&template_id=419
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Wed, 09 Feb 2022 14:11:52 GMT
5f9ae9f190dbfc0010f28960.png
tpc.googlesyndication.com/sadbundle/7316940882382349146/ Frame 949E 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/7316940882382349146/5f9ae9f190dbfc0010f28960.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=8163293761&adk=1533834926&adf=1953206475&pi=t.ma~as.8163293761&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911863&bpp=1&bdt=467&idt=302&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=3646&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=C0bWHItul7&p=https%3A//filecr.com&dtd=304
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47168af81d6da682065294d09fdd18596989831eee323959ac7d0646f7746a12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 13:18:18 GMT
x-content-type-options
nosniff
age
435214
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4889
x-xss-protection
0
last-modified
Fri, 18 Dec 2020 13:50:58 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 04 Feb 2023 13:18:18 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=filecr.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=filecr.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/ Frame 4161 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4612
x-xss-protection
0
date
Tue, 08 Feb 2022 18:59:57 GMT
expires
Tue, 22 Feb 2022 18:59:57 GMT
cache-control
public, max-age=1209600
age
69115
etag
18247940800414524076
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aaf44123f57f1327f74f8049c476dded.js
www.gstatic.com/mysidia/ Frame 696D 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/aaf44123f57f1327f74f8049c476dded.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1ffc9ca7657f3d655db7b79eb1e7316e4d23aab2df01606d8ce022385e4b985
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 02 Feb 2022 23:19:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
571928
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3501
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 22:35:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 03 May 2022 23:19:44 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 696D 		1 KB
875 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:01:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
638
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
848
x-xss-protection
0
server
cafe
etag
2277666839114365613
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:01:14 GMT
33f409315851bbf49571eff699404a30.js
www.gstatic.com/mysidia/ Frame 696D 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/33f409315851bbf49571eff699404a30.js?tag=exit_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c4037984cb7225ae934a56d854582d4bfe9df0dbb7c6cff4b0a6b5634c92710
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 00:13:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
136705
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7896
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 22:35:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 09 May 2022 00:13:27 GMT
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/ Frame 8495 		97 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/index.html
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5e7774065ee8135f58232b24b00c0e458a85bab2602ab8b576c0d7e99c5cd83
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

cross-origin-resource-policy
cross-origin
accept-ranges
bytes
vary
Accept-Encoding
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin
*
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
content-length
23224
date
Thu, 03 Feb 2022 03:58:45 GMT
expires
Fri, 03 Feb 2023 03:58:45 GMT
cache-control
public, max-age=31536000
age
555187
last-modified
Wed, 12 Jan 2022 23:12:31 GMT
content-type
text/html
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adview
googleads.g.doubleclick.net/pagead/ Frame 4DCD 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=ChwHIqMsDYrzBDtfjywXVkqXYDqKx5YRo1ZDKnpAP4cTeivcrEAEg1cKUdWCV-vCBjAegAfbWtOwDyAEJqQLiqQ6JljGzPqgDAcgDSKoE5QFP0JqR8aKw5ogGih6wfndDfdm2QB9uCoW0u6bl6ZEC60LvpJoacLMzhF_MM6wmolXzwZ-ElTC_4f4sbxKSaPQ8nGhkuzQzlLd9vXHXsIy-V0fUd4Yn_xpIFAGyfMO7ZapZNd2gEEF8k6i0ehZ_FVZ_RV6uyd3Vn-66Ckm7bdv2PrdSan8PJLF_pWRbnCvukq8mCHBHLxTkVy15e6KRkX0uZ4R-_lpAhYf2DxGbVoeRiNtRF9jR-3kstdmq3cEhXwMj-CEfIQ1Mr5hok3KalDzWdbvfomrrH16PWR2ClD8kDpPfg_7UwASO5eW2-gOgBi6AB_KoyxOoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBDo5iLSCAkIiOGAEBABGB-ACgHICwHYEwPQFQGYFgGAFwGyFxwKGggAEhRwdWItMzU1MzUwODk4MzE3MjY5MhgA&sigh=A1BsA4Etpco&uach_m=[UACH]&template_id=419
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=1857661183&adf=1050778348&pi=t.ma~as.2519109481&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=467&idt=327&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3ART%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280%2C292x600&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=NG0Kig8ifc&p=https%3A//filecr.com&dtd=330
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/ Frame 4DCD 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=1857661183&adf=1050778348&pi=t.ma~as.2519109481&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=467&idt=327&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3ART%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280%2C292x600&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=NG0Kig8ifc&p=https%3A//filecr.com&dtd=330
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:59:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
748
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7817
x-xss-protection
0
server
cafe
etag
7051432691878289762
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:59:24 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 4DCD 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=1857661183&adf=1050778348&pi=t.ma~as.2519109481&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=467&idt=327&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3ART%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280%2C292x600&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=NG0Kig8ifc&p=https%3A//filecr.com&dtd=330
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:05:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
386
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:05:26 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 4DCD 		124 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=1857661183&adf=1050778348&pi=t.ma~as.2519109481&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=467&idt=327&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3ART%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280%2C292x600&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=NG0Kig8ifc&p=https%3A//filecr.com&dtd=330
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cecd27ce9737114e23fa8dda3be3041f7c36cdafd31822d2e5bae793669bd13f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644237382599929"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:11:52 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 4DCD 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=1857661183&adf=1050778348&pi=t.ma~as.2519109481&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=467&idt=327&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3ART%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280%2C292x600&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=NG0Kig8ifc&p=https%3A//filecr.com&dtd=330
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:08:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
205
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:08:27 GMT
l
www.google.com/ads/measurement/ Frame 4DCD 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaR-Jh25KROZuITgNFMBR9UD5E3CmsvmV6tMa7-pnXq0qCnhWGfi_mXatbyTxcePlboVX0YEW9COhLnc293naHThwlccHA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=1857661183&adf=1050778348&pi=t.ma~as.2519109481&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=467&idt=327&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3ART%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280%2C292x600&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=NG0Kig8ifc&p=https%3A//filecr.com&dtd=330
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers
aaf44123f57f1327f74f8049c476dded.js
www.gstatic.com/mysidia/ Frame 1F3E 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/aaf44123f57f1327f74f8049c476dded.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1ffc9ca7657f3d655db7b79eb1e7316e4d23aab2df01606d8ce022385e4b985
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 02 Feb 2022 23:19:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
571928
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3501
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 22:35:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 03 May 2022 23:19:44 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/ Frame 696D 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:59:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
748
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7817
x-xss-protection
0
server
cafe
etag
7051432691878289762
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:59:24 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 696D 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:05:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
387
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:05:26 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 696D 		124 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cecd27ce9737114e23fa8dda3be3041f7c36cdafd31822d2e5bae793669bd13f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644237382599929"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:11:53 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 696D 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:08:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
205
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:08:27 GMT
truncated
/ Frame 949E 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
84e2210a9c51f7275f819006ec4fa311f65d09dfa1fc14b1114dc4f2de9dad91

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v25/ Frame 949E 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notosans/v25/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa5d2912bec294d33c9dc4be4a00a9a5f4ac993049a935f4535ae687e3b08d0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 02 Feb 2022 19:30:45 GMT
x-content-type-options
nosniff
age
585668
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16088
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 18:56:33 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Feb 2023 19:30:45 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 1F3E 		1 KB
875 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:01:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
638
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
848
x-xss-protection
0
server
cafe
etag
2277666839114365613
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:01:14 GMT
33f409315851bbf49571eff699404a30.js
www.gstatic.com/mysidia/ Frame 1F3E 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/33f409315851bbf49571eff699404a30.js?tag=exit_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c4037984cb7225ae934a56d854582d4bfe9df0dbb7c6cff4b0a6b5634c92710
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 00:13:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
136705
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7896
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 22:35:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 09 May 2022 00:13:27 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/ Frame 1F3E 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:59:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
748
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7817
x-xss-protection
0
server
cafe
etag
7051432691878289762
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:59:24 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 1F3E 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:05:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
387
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:05:26 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 1F3E 		124 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cecd27ce9737114e23fa8dda3be3041f7c36cdafd31822d2e5bae793669bd13f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644237382599929"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:11:53 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 1F3E 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:08:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
205
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:08:27 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B9BF 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022020301&jk=592967787732762&bg=!UlGlURXNAAa4sGsQuLA7ACkAdvg8WvXJvYSgOPXdIVgj9YWm8K-XX6OhM2RsTkzHS7CyJ6sN4if9rQIAAAEDUgAAAAJoAQcKAGAEJ0YMQN_IC80RGy5PFSwmZkMJ1gyrpyXu2MZwwpYr061Qq-15YEKPTlLEwUwC7lAGV74h_CHfpfBD3wwJ8X5cvgM80PVPyJUKGZaJ4CJXqWUzxOND5qz3OaVJ1xswyXqZAs4AC8Zyp0OVVVf-clb7HU0Cu4LqKHQNxjYHsqeDkkSWY4-prquiCHabAWx5rXMtlaLS0CUBxyX_VwhUF3MPO6_ftA7bGBcKv44Es-8Gl8PLGOMfdOVXDNDkcj1II0oW_6adBh7GYMqqBiyxoG_VkW6SgwPwj7l8Ha3mI2FfHbRxm0B8Hy7WkSHC1-tjKGxs_m3DMQxkhnxgNDj8pNzDx73x8gEwvVXNDQOASXuLa4_f5zAFCHKZSP3rxxFyutTBo04pRrYE29uARzyjBfAaLpAw7DlntDJJKGN18YCt0LetnItp_BN2Mbe4aC2rNx4P-nj09SX6VVlnj9vJlw0jVKuuZJfh8x71auC4N2xO43ZOZoWD0bv6dvJmEpzszpEx8sAyglWZEm2N7EPQTE7mhf_cBkVIrseS6HoiTAMKr_X6GWM80YiSMxD9IA6K5FMUXCTm0l1yusBvL3JV7qPmYRepBZe6u4S_PDy4_eFvbAhCAcbJOpE1ol4bpP7EdpEvfyNE2u_NczIkqm-RqX4iw462VMEiuzYqzucuvvnAoB4fljnsBJNl_RXmq59dSKU5mnLtSmmrpJv_Ar8JXKIkQoQKmdpt3UgZn-z8Xs6SmepjrI89cyL8Fd2kCRTeSPx1TnEebHrNY4Qwg3il2GLnzA2RdtigwqIOlbGP4bL3Sp3JMZr5PIWET4EcCVjjlwdu_DD8NsIxtqYoGMFpYX612vU1wj1qBNGYRkN_WIbkyd87USRMCJ8HUSJZKNVGJyMfDHEt_n0cCgnmr36X4TlB-zWFqTLXdr3iIfy1dPxqpl9eKOBDv5O2UYVAq34iYDE7n9W_tjg9q0Im7t0yRDUVMe3Kder5LHzrIr2rpbwfCQDlfdg_iexTxIWRsFbe_7Dh5vKWqzAYkgcJ7r7LIS2dXXxoXUgNJpnoGkTmWxPA0hT-CVASeBthAurI9J3Ib9Tr
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		53 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3738844641770988&correlator=1848007174895608&output=ldjh&impl=fifs&eid=31061815%2C31062931&vrg=2022020301&ptt=17&sc=1&sfv=1-0-38&ecs=20220209&iu_parts=8691100%2CFileCR_S2S_Leaderboard_ROS_ATF&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90%7C970x250&prev_scp=optimize_refresh_int%3D0%26optimize_ad_unit_id%3Dbsa-zone_1627508894724-7_123456%26optimize_inview%3Dfalse&eri=1&cust_params=optimize_refreshed%3Dfalse%26optimize_acceptable%3Dfalse%26optimize_adl_debug%3Dfalse%26optimize_ctv_debug%3Dfalse%26optimize_debug%3Dfalse%26optimize%3Dtrue%26optimize_adl_id%3D%26optimize_amp%3Dfalse%26optimize_audience%3Dlifestyle%26optimize_env%3Dprod%26optimize_pub%3Dfilecr&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&bc=31&abxe=1&dt=1644415912973&lmt=1644415912&dlt=1644415911396&idt=849&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=4797&adks=1202396793&ucis=1&ifi=9&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=true&fws=0&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
dee8e4b188600f82edb8b4c969ccca041e02911cfcd64cc0b9cd56d40e8c0ed0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:53 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12143
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://filecr.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
7df9b2a3865eed8f4b5a96cd199cdd0a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6073 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://7df9b2a3865eed8f4b5a96cd199cdd0a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Wed, 09 Feb 2022 14:11:53 GMT
expires
Thu, 09 Feb 2023 14:11:53 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6CB5 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022020301&jk=3393490968827255&bg=!RkWlRQHNAAa4sGsQuLA7ACkAdvg8Woc05qXdPKgMzqW4hwZmTVhGY_YtzYT5FZiKk6bSFr2RJHhEXgIAAAESUgAAAAJoAQcKAEojyIvaDtUCS717eTE0kaambFWN9XxKPU_CfKUHiVSmotLpNtOxCCeIBP50BmgeUonrJNsqzFPgrpIZVY-g9nUbJDdSgCEBAeJUtZkC07lDktelc_u9kO6ST0wY9FXE2-mOhpSO7GHZghdJvAjzi0nH02SoJWyBEWoh9vfJK5QbCIBEylm1UVO2wVlGpXiiWQaKd4AyzsBfvxar8JzAUqR_saPZo9He7DUOVm-CgVrVJ4iU7mAE8Wy3B-8wmHSml7VIFBgoHPvKL0TdqtPpX-u2258jhAhoWIF_q16nXf3E6zjlEjqlPetwnwsJmd36iKA51VIzX99hb_g05iWH-1WP5FlYuTbbziDN9-Sl23u5sVaMZFqpAKof78COt0fi6teZj8IPruTsTMgQjqbtgjnokUNJFm-2yTG3v5a2r-0YZj3RHB1ZM190t8xxpKo4nRbbkyxECI5ZyVcTRmXZyWcAHpziuzmk9Rh9mEjS6ymyw_C-zWYA_dVJawubdp2CC44cDXs4TPZ20E7-s-2RKhPBIkv7uC1B_uXnRM7EXJi-TOWynEnYPM4bCWvTeBYAYedofibN4uoG4hPoqh6BXw_niHo4Pf6p4AvS_Sp4EdA02YEIX-uVma0gBisYvDbr7vBDcID6SIpVQU6IzYphkBnIopt8uisTGrEKLSUhVOu72oZGxh0jhji2qpEmy6JVgeNLSuUAUV4NuhLP2nFjqB7yzKmbTOxPSAKqnmUFRa8EapFPKbI8d9a5IWr8_82RFYffVeEl3n7xQhn3kLn3eSStuPCZ8Pe_bn_oCxnYILGh1s8XQGuAo7rKS_XuFojPhkUvbg6sJNvVZLYANy2XzmL6RVbMdQ0tFQzNb3rPfZrOFD3EmwDsVv3a4LpCSdugA3r5pJAE37JPebSclGLjAYfRWiB5rU10uE0cAukC4AhRyFkOyoO86aJNwBx-8mu4kajXFSgYvNVznDp4sqj2MC0xVrGQOTKPBL0aVM41BnkuvJW6bn6KWKuouhlxSMQwNirwbDzXWrqMUO8IYZFyoWWLDuSkuJH4xNzRz0wVyeEH2w
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 17E7 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=1857661183&adf=1050778348&pi=t.ma~as.2519109481&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=467&idt=327&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3ART%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280%2C292x600&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=NG0Kig8ifc&p=https%3A//filecr.com&dtd=330
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=1857661183&adf=1050778348&pi=t.ma~as.2519109481&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=467&idt=327&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3ART%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280%2C292x600&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=NG0Kig8ifc&p=https%3A//filecr.com&dtd=330

Response headers

x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
145
x-xss-protection
0
date
Wed, 09 Feb 2022 14:03:52 GMT
cache-control
public, max-age=3600
content-type
text/html; charset=UTF-8
age
481
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
css2
fonts.googleapis.com/ Frame 4161 		4 KB
634 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 12:20:16 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Feb 2022 14:11:53 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Feb 2022 14:11:53 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4161 		205 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 07:10:47 GMT
x-content-type-options
nosniff
age
25266
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 09 Feb 2023 07:10:47 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4161 		604 B
628 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 18:52:18 GMT
x-content-type-options
nosniff
age
69575
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 08 Feb 2023 18:52:18 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/elements/html/ Frame 4161 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a7b5f2e7e3fd51102d05b2706291210864e7890361d932311a18048073374ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:40:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1869
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8079
x-xss-protection
0
server
cafe
etag
5902764951541284931
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:40:44 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/9779681584961496582/ Frame 696D 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/9779681584961496582/downsize_200k_v1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb2308287201b92392dfb22f6980474a593b8310671e0d63f153af7df558be28
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:59:58 GMT
x-content-type-options
nosniff
age
15115
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18283
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 12:44:24 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 09 Feb 2023 09:59:58 GMT
16204520589674794282
tpc.googlesyndication.com/icore_images/ Frame 696D 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/icore_images/16204520589674794282
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6190cf08a97e8709e462d81f4c015ac058ebf5e887e96f8b6a1eceea22fde083
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 15:37:51 GMT
x-content-type-options
nosniff
age
81242
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13316
x-xss-protection
0
last-modified
Tue, 01 Jun 2021 13:07:30 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 08 Feb 2023 15:37:51 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/17057711813387064786/ Frame 696D 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/17057711813387064786/downsize_200k_v1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1940c2b95746fe210c43f83faefcde96815d5b8f0bbc18a25a0325eafdf2bfcf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 02 Feb 2022 18:37:29 GMT
x-content-type-options
nosniff
age
588864
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38403
x-xss-protection
0
last-modified
Fri, 16 Oct 2020 14:09:26 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 02 Feb 2023 18:37:29 GMT
7026231924826378588
tpc.googlesyndication.com/icore_images/ Frame 696D 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/icore_images/7026231924826378588
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
64cb9b870e594ab768f91fe6fa039119c4cdfd119998f33a5409f51e6f5fce33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 06 Feb 2022 07:35:13 GMT
x-content-type-options
nosniff
age
283000
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15746
x-xss-protection
0
last-modified
Thu, 01 Apr 2021 15:44:31 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 06 Feb 2023 07:35:13 GMT
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012201141909000/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/amp4ads-host-v0.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3fad63993e27fa3f20b4baf898d11e54029341a25af2e759acc5d41ae4a595b0
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504035
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7945
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"44a7bc0d085eadf3"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
Enabler.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 8495 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 04:22:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
35340
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5866
x-xss-protection
0
server
cafe
etag
544157900006238945
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Thu, 10 Feb 2022 04:22:53 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 8495 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 14:22:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
85787
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Wed, 09 Feb 2022 14:22:06 GMT
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012201141909000/ Frame ACA0 		220 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8ade0d94aaf4b3d52776b75609e8d1c31995677a0a033a6fa2408425da07740
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
19378
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61542
x-xss-protection
0
server
sffe
date
Wed, 09 Feb 2022 08:48:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"00d9ef7efeb287da"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 09 Feb 2023 08:48:55 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame ACA0 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cb696ecd7c4f31fdd7c7c1cc37e8efc29614fbcbadf74f455aa496d72ce33250
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504035
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5698
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"919adc590e0ff503"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame ACA0 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-analytics-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc83fe6d180fd859f448bacd040799bf379ee7e0d9b1e6c3f19499c1c4358864
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504035
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29570
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"c52208c2e07002d5"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame ACA0 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-fit-text-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea29de07cdb14f2c6c59c06fdcd4ec30c2030b3ba8ee6a0aa325085496b9a94d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
48570
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1851
x-xss-protection
0
server
sffe
date
Wed, 09 Feb 2022 00:42:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"76a8c96b6aaec2c9"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 09 Feb 2023 00:42:23 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame ACA0 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-form-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7d040d5e84706dac2d471ad33830bd0ae361ca06e53e72e817701478c6d5afa
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
104587
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13611
x-xss-protection
0
server
sffe
date
Tue, 08 Feb 2022 09:08:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"7aefe3fe93cc7383"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 08 Feb 2023 09:08:46 GMT
amp-gwd-animation-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame ACA0 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-gwd-animation-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
521a8eaf8c4a2ba9501acfdf35b7d1ebb4bbb4c7aca2d4ee43e01984d73991e5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504035
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2661
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d259f7ea2431535d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
css
fonts.googleapis.com/ Frame ACA0 		9 KB
877 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Noto+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6823285eb46b5b3f5c60cedb96d66a4d18bdc335096705d9f9c72aa681ddab5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 14:01:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Feb 2022 14:11:53 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Feb 2022 14:11:53 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame ACA0 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
16215
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame ACA0 		295 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
15528
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:53:05 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame ACA0 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C499UqMsDYoSICMOLygWlh6voAaDyvOphxJ2Bg5INv96llo8OEAEg1cKUdWCV-vCBjAegAanV7MICyAEJqQLiqQ6JljGzPqgDAcgDCKoE5wFP0Elx_XLWR4_G5sWEzThOWFBFYMBwMSFD8v7wVwCGqajaLMMJ3cNC8o3xNRGfL9Y9roQuJ66-v6k_s6Goa9CU0c7NEC_Oq5dhHLRH74z74etd6rSB5W2wzcFxAWatWEO0Jjn6k5gNNbR_rsZInNq2Rt9QZfttzewymSzplPH3yrtpCLaK70xdN49TXkwBw6IWU5JQk__pQWdY4TasPbxeYZlPmgUn2LrsLVt5AQCTmOq7kAzjk_J6mL3q24kH5mXoKMyBwDancY1jzu5ZsaBHMyduIb15mAZYEJOPoLtWsH9tBT_LeFvABOumlbK7A5IFBAgEGAGSBQQIBRgEoAYugAe_qpO9AagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcFEN-inQHSCAkIgOGAEBABGB-ACgHICwHYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItMzU1MzUwODk4MzE3MjY5MhgA&sigh=5i7JeIZ-Gyc&uach_m=[UACH]&template_id=419
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
604a1d75cb71100011e030ae.png
tpc.googlesyndication.com/sadbundle/17451995615519251597/ Frame ACA0 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/17451995615519251597/604a1d75cb71100011e030ae.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=7139257958&adk=3791395387&adf=3816304062&pi=t.ma~as.7139257958&w=752&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=752x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=229&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=1002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=5&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OKZnNJZuHh&p=https%3A//filecr.com&dtd=232
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9242bb9fa3a266b0b66c10d95bbbc5d8f9abd8b5b52326e8f0c51a7a350822d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 03:59:18 GMT
x-content-type-options
nosniff
age
123155
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4910
x-xss-protection
0
last-modified
Mon, 15 Mar 2021 12:07:51 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 08 Feb 2023 03:59:18 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 696D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C-DvxqMsDYpbRC4zjywXK_JWYA6DyvOphzfKqt_cNv96llo8OEAEg1cKUdSgEYJX68IGMB6ABqdXswgLIAQapArVyQCiIJbM-qAMByAMCqgTpAU_Q6K2HU9qsrNs8qEOQaMLT-W6xwIuHSTggKaUg4GIxdlrL4Ax-cyra81lLB61SGfhHLMhFyMD4WndyrLAxI-EXz6qo1Hm62jE-ml4NS51RGi2t0KvGCxwuRxn1BjWHGUP7JUoc63ko2_efwCig4SsSu-lbS25dZgz8TJGpWzT-zESEOHl5HVnIXae1buFJ7YQ-UoDhxVEUXCX7oeHmtmUEMW0QImo1nkTQYGP4RJGQtsKVvsQvg6uhkU5pK4Apqd5X6wgwNH4bRDdZw_Zx_aqmchMR-hHnQbGmuaqyctaWYYAw4FBcsb2GwATBzIvtzAOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGN4AHv6qTvQGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCe_wXSCAkIgOGAEBABGB-ACgHICwHCEwYYqdXswgLYEwyIFAHQFQGYFgGAFwGyFxwKGggAEhRwdWItMzU1MzUwODk4MzE3MjY5MhgA&sigh=qsEchmLaM2s&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 696D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C4VZTqMsDYpbRC4zjywXK_JWYA6XVnbEFjdzCup8Cpp6tjWsQAiDVwpR1KARglfrwgYwHyAEBqAMByAMCqgSoAU_QKOKdauMfH9BQp0aZbtOPtGKzFzCBeTonY-wp4IDqTgvX4Ah9Oj_aulZODqtDRbVLLood1sfyUW928PI1KfAK07ahxiD40zExkFhXHZAIESiq06jDDhAuT8kUA_F9Gap41Ug06u7nMT6CBXehCSDw_PRbTmm1ZRj6uRKhV9G5OUcOOIx66FrY3VqymeJJ7Xs9o4Ppx7QXqSb5oRTlQmYAMIUUCouOqMAEpcDLijSSBQQIGhgEoAZFwAYLgAfl9-I1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQnv8F0ggJCIDhgBAQARgfgAoByAsB0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=_Fcxufniq58&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 696D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Coa9JqMsDYpbRC4zjywXK_JWYA7e7i5ho15LmlJ0N8v6h_-gOEAMg1cKUdSgEYJX68IGMB6ABmZit2wPIAQaoAwHIAwKqBOgBT9D8G55K4ZUfaDfETJVhxMKlI73CXDxPCCIu72npYtOtYpr8DHpwY8_zEEQCpFQIpAogygeQ3v9QfGqo7HMn6wbStrTda-OYOD6VVAsRy1xDJqjXqMUOGSJHESXnMHvgQ3qnSd0pafIRP9OgPwERwONKArDN7LKN7hi8Z6pTLKp9sge4eXnor8vdL7mfF0rtjjSnduLFQQSp0_qj4eZDkwM1ZRrVnDaeRNCVlfpFkZFXJEuZmDunq6GRTmkrgCmp3lfrCDA1fmY4ASLP9hulwbd2E9LTM-dNpSisxsS25bRhjiYwRSOoW8AEmoKN_OoBkgUECAQYAZIFBAgFGASgBjeAB8_n0iSoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCe_wXSCAkIgOGAEBABGB-ACgHICwHCEwYYmZit2wPYEwyIFAbQFQGAFwGyFxwKGggAEhRwdWItMzU1MzUwODk4MzE3MjY5MhgA&sigh=BsZIfOwmLYY&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 696D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CGMUoqMsDYpbRC4zjywXK_JWYA6XVnbEFjdzCup8Cpp6tjWsQBCDVwpR1KARglfrwgYwHyAEBqAMByAMCqgSoAU_QKOKbauMfH9BQp0aZbtOPtGKzFzCBeTonY-wp4IDqTgvX4Ah9Oj_aulZODqtDRbVLLood1sfyUW928PI1KfAK07ahxiD40zExkFhXHZAIESiq06jDDhAuT8kUA_F9Gap41Ug06u7nMT6CBXehCSDw_PRbTmm1ZRj6uRKhV9G5OUcOOIx66FrY3VqymeJJ7Xs9o4Ppx7QXqSb5oRTlQmYAMIUUCouOqMAEpcDLijSSBQQIGhgEoAZFwAYLgAfl9-I1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQnv8F0ggJCIDhgBAQARgfgAoByAsB0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=pW5Cfnz3PBQ&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=188&slotname=3578224809&adk=1454755118&adf=3666377747&pi=t.ma~as.3578224809&w=752&fwrn=4&lmt=1644415912&rafmt=11&psa=0&format=752x188&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwrattr=true&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911862&bpp=1&bdt=466&idt=284&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=232&ady=2783&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=IRc5Tw7LTC&p=https%3A//filecr.com&dtd=289
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 949E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
16215
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 949E 		295 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
15528
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:53:05 GMT
5f9ae9f190dbfc0010f28960.png
tpc.googlesyndication.com/sadbundle/7316940882382349146/ Frame 949E 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/7316940882382349146/5f9ae9f190dbfc0010f28960.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47168af81d6da682065294d09fdd18596989831eee323959ac7d0646f7746a12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 13:18:18 GMT
x-content-type-options
nosniff
age
435215
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4889
x-xss-protection
0
last-modified
Fri, 18 Dec 2020 13:50:58 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 04 Feb 2023 13:18:18 GMT
truncated
/ Frame 4DCD 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
27e38fedb186b0323211ba77ee9c6af43c38393269510c66d382f213e5645913

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame ACA0 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bd36f905d2f4f9292d8ec4b5d66ada038c4807c0c30469cb54b667604c046a2c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
4435632710594132872
tpc.googlesyndication.com/daca_images/simgad/ Frame 1F3E 		187 KB
187 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/4435632710594132872
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6eccff95004d261e87dc2aec5d3a1197c9bdc9c57014a5bdf9611f8fc4798d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 21:56:03 GMT
x-content-type-options
nosniff
age
58550
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
191160
x-xss-protection
0
last-modified
Sat, 07 May 2016 00:39:18 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 08 Feb 2023 21:56:03 GMT
16204520589674794282
tpc.googlesyndication.com/icore_images/ Frame 1F3E 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/icore_images/16204520589674794282
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6190cf08a97e8709e462d81f4c015ac058ebf5e887e96f8b6a1eceea22fde083
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 15:37:51 GMT
x-content-type-options
nosniff
age
81242
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13316
x-xss-protection
0
last-modified
Tue, 01 Jun 2021 13:07:30 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 08 Feb 2023 15:37:51 GMT
3390854377214797770
tpc.googlesyndication.com/daca_images/simgad/ Frame 1F3E 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/3390854377214797770
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
97f7bc0dd1c363e132556d8046841da9919b71a0e4763c577c4d1a2e9d31870b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 07 Feb 2022 22:51:27 GMT
x-content-type-options
nosniff
age
141626
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
50751
x-xss-protection
0
last-modified
Fri, 29 Apr 2016 01:05:39 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 07 Feb 2023 22:51:27 GMT
15930113952286984652
tpc.googlesyndication.com/icore_images/ Frame 1F3E 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/icore_images/15930113952286984652
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
80d9e873e047105023e86119996fc2346c276f6da26ffdb95b8e45a716fd8f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 04:49:16 GMT
x-content-type-options
nosniff
age
120157
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14473
x-xss-protection
0
last-modified
Wed, 31 Mar 2021 14:46:48 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 08 Feb 2023 04:49:16 GMT
7026231924826378588
tpc.googlesyndication.com/icore_images/ Frame 1F3E 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/icore_images/7026231924826378588
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
64cb9b870e594ab768f91fe6fa039119c4cdfd119998f33a5409f51e6f5fce33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 06 Feb 2022 07:35:13 GMT
x-content-type-options
nosniff
age
283000
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15746
x-xss-protection
0
last-modified
Thu, 01 Apr 2021 15:44:31 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 06 Feb 2023 07:35:13 GMT
5115845860490748710
tpc.googlesyndication.com/icore_images/ Frame 1F3E 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/icore_images/5115845860490748710
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
048e8dd1bb8045173d95c8ed8a14b44d8d17e5b282e9fb68e5c39e7d8173ad57
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 08:09:16 GMT
x-content-type-options
nosniff
age
453757
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12563
x-xss-protection
0
last-modified
Tue, 24 Aug 2021 01:17:51 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 04 Feb 2023 08:09:16 GMT
16069586114690903957
tpc.googlesyndication.com/icore_images/ Frame 1F3E 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/icore_images/16069586114690903957
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ef0d9f83f7f5b72983e8ed62e57c73d69fe9cba93dee7eb13284d861998a086
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 07 Feb 2022 10:18:16 GMT
x-content-type-options
nosniff
age
186817
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12908
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 13:14:23 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 07 Feb 2023 10:18:16 GMT
truncated
/ Frame 696D 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
16553536fa5e09022114e37fc0bf9e6ce9ec34db09d318c5ca6dab518d6c294d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
adview
googleads.g.doubleclick.net/pagead/ Frame 1F3E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CQLMoqMsDYuTjDZWUxdwP5Yk4iJazmWekoaOi3g3AjbcBEAEg1cKUdSgHYJX68IGMB6ABwsXp1gPIAQGoAwHIA8MEqgTcAU_QEcnOVJzOYiLq3CYW8Ts_8i5mQ21aN5DuK8-qnvmTGgaIS-yZtJSrqCYadj8MVRZtLD1myK8X-1O8oUO1lI16Hg4ECdKRd5DGoP62vzjTFyP7yNXkYS71mQPXRrejuqRHtfpgM4DBdyNpEQnqWHi3jF7Qt0RpXRLqXQu_sX8XaH10vziCeXbLnExx7QY2-BU--SAd9oe8gE3VbZ5JeYnykrN2bakOeTeGXUfdoGy47aF2rOdU7xjZB4ZlA2L0_Uhh3PeEoK1ua_8yAP0kGHa3g34N1n8f-Jma4cnABI6qn9TeA5IFBAgEGAGSBQQIBRgEoAZRgAf4ochjqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ1ZgJ0ggJCIDhgBAQARgfgAoByAsBwhMGGMLF6dYD2BMC0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=aR1aNClJ_ZA&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1F3E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CZPOQqMsDYuTjDZWUxdwP5Yk4pdWdsQWN3MK6nwKmnq2NaxACINXClHUoB2CV-vCBjAfIAQGoAwHIA8MEqgSoAU_Q7lHzdJxEYpqNvywa_ixy429olgHnBK7uasvimBOi-W_FV-ie_si-4WAQejAbGAcsIn18jrYa-kCg-V3zmpZ2Hw4REpmKPJnJpfLqs2OHRS35zNXiYSf5kdvmoHanO05Fj_tG-r47h8iL5v8BW_WgJKgyMrFqXe_5HX60NYoUaIh9v02JfYPYnLl47_M1-OAt_dUW9nK_gLjWaWtCenzxk1NwsL62TsAEpcDLijSSBQQIGhgEoAZFwAYLgAfl9-I1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ1ZgJ0ggJCIDhgBAQARgfgAoByAsB0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=3QzOAIHhodI&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1F3E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CMDoAqMsDYuTjDZWUxdwP5Yk41srv7We8v6zIwQ_AjbcBEAMg1cKUdSgHYJX68IGMB6AB-IebsSjIAQGpAuKpDomWMbM-qAMByAPDBKoE8QFP0COn7VSezmIi6twmFvE7P_IuZkNtWjeQ7ivPqp75kxoGiEvsmbSUq6gmGnY_DFUWbSw9ZsivF_tTvKFDtZSNeh4OBAnSkXeQxqD-tr840xcj-8jV5GEu9ZkD10a3o8KnR_36rzE54fockPviAan-WGfYNlqyi1jv-R32rHGKFOiId79NiX0DwJi5eO3zP_jgLfnVDvRyv4K41mlrQn98-ZBGdW1cDXjChV2n22MQWAr_7T_kuaaC0yXOer20ARXmJMlXTzYiyO7qMv13GgOOajpWL9ZxDgrXgYV7EitEEZ8nFtIDcn3gJ7FmeiwQ2akLwASKptHj2gOSBQQIBBgBkgUECAUYBKAGUYAH-L_rkAOoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDVmAnSCAkIgOGAEBABGB-ACgHICwHCEwYY-IebsSjYEwrQFQGAFwGyFxwKGggAEhRwdWItMzU1MzUwODk4MzE3MjY5MhgA&sigh=U4WfuejDp2s&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1F3E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CORijqMsDYuTjDZWUxdwP5Yk4pdWdsQWN3MK6nwKmnq2NaxAEINXClHUoB2CV-vCBjAfIAQGoAwHIA8MEqgSoAU_Q7lH1dJxEYpqNvywa_ixy429olgHnBK7uasvimBOi-W_FV-ie_si-4WAQejAbGAcsIn18jrYa-kCg-V3zmpZ2Hw4REpmKPJnJpfLqs2OHRS35zNXiYSf5kdvmoHanO05Fj_tG-r47h8iL5v8BW_WgJKgyMrFqXe_5HX60NYoUaIh9v02JfYPYnLl47_M1-OAt_dUW9nK_gLjWaWtCenzxk1NwsL62TsAEpcDLijSSBQQIGhgEoAZFwAYLgAfl9-I1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ1ZgJ0ggJCIDhgBAQARgfgAoByAsB0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=6ay-mX3ctKI&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1F3E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CaE4AqMsDYuTjDZWUxdwP5Yk4pdWdsQWN3MK6nwKmnq2NaxAFINXClHUoB2CV-vCBjAfIAQGoAwHIA8MEqgSoAU_Q7lH0dJxEYpqNvywa_ixy429olgHnBK7uasvimBOi-W_FV-ie_si-4WAQejAbGAcsIn18jrYa-kCg-V3zmpZ2Hw4REpmKPJnJpfLqs2OHRS35zNXiYSf5kdvmoHanO05Fj_tG-r47h8iL5v8BW_WgJKgyMrFqXe_5HX60NYoUaIh9v02JfYPYnLl47_M1-OAt_dUW9nK_gLjWaWtCenzxk1NwsL62TsAEpcDLijSSBQQIGhgEoAZFwAYLgAfl9-I1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ1ZgJ0ggJCIDhgBAQARgfgAoByAsB0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=8UdRVR8SthA&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1F3E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CVNo3qMsDYuTjDZWUxdwP5Yk4pdWdsQWN3MK6nwKmnq2NaxAGINXClHUoB2CV-vCBjAfIAQGoAwHIA8MEqgSoAU_Q7lH3dJxEYpqNvywa_ixy429olgHnBK7uasvimBOi-W_FV-ie_si-4WAQejAbGAcsIn18jrYa-kCg-V3zmpZ2Hw4REpmKPJnJpfLqs2OHRS35zNXiYSf5kdvmoHanO05Fj_tG-r47h8iL5v8BW_WgJKgyMrFqXe_5HX60NYoUaIh9v02JfYPYnLl47_M1-OAt_dUW9nK_gLjWaWtCenzxk1NwsL62TsAEpcDLijSSBQQIGhgEoAZFwAYLgAfl9-I1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ1ZgJ0ggJCIDhgBAQARgfgAoByAsB0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=Zf0z61YB6Zc&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1F3E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CND0WqMsDYuTjDZWUxdwP5Yk4pdWdsQWN3MK6nwKmnq2NaxAHINXClHUoB2CV-vCBjAfIAQGoAwHIA8MEqgSoAU_Q7lH2dJxEYpqNvywa_ixy429olgHnBK7uasvimBOi-W_FV-ie_si-4WAQejAbGAcsIn18jrYa-kCg-V3zmpZ2Hw4REpmKPJnJpfLqs2OHRS35zNXiYSf5kdvmoHanO05Fj_tG-r47h8iL5v8BW_WgJKgyMrFqXe_5HX60NYoUaIh9v02JfYPYnLl47_M1-OAt_dUW9nK_gLjWaWtCenzxk1NwsL62TsAEpcDLijSSBQQIGhgEoAZFwAYLgAfl9-I1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ1ZgJ0ggJCIDhgBAQARgfgAoByAsB0BUBgBcBshccChoIABIUcHViLTM1NTM1MDg5ODMxNzI2OTIYAA&sigh=4nxhal95Cvg&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame 1F3E 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eeae3180f8c5e000c5ef19da57300c1df918605832d66f8aa62c117e8ef5f50e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v25/ Frame ACA0 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notosans/v25/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa5d2912bec294d33c9dc4be4a00a9a5f4ac993049a935f4535ae687e3b08d0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 02 Feb 2022 19:30:45 GMT
x-content-type-options
nosniff
age
585668
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16088
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 18:56:33 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Feb 2023 19:30:45 GMT
css
fonts.googleapis.com/ Frame 7736 		8 KB
888 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 13:18:05 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Feb 2022 14:11:53 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Feb 2022 14:11:53 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 7736 		1 KB
889 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:01:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
639
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
848
x-xss-protection
0
server
cafe
etag
2277666839114365613
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:01:14 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/ Frame 7736 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:59:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
749
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7817
x-xss-protection
0
server
cafe
etag
7051432691878289762
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:59:24 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 7736 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:05:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
387
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:05:26 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 7736 		124 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cecd27ce9737114e23fa8dda3be3041f7c36cdafd31822d2e5bae793669bd13f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644237382599929"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:11:53 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 7736 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:08:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
206
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:08:27 GMT
ff20f166b0acb5bbc58563e896201b58.js
www.gstatic.com/mysidia/ Frame 7736 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/ff20f166b0acb5bbc58563e896201b58.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
60b6fb70c39877b90333526914dbc0d47052cd8c4c298c421aaee2f9d6b48bcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 02 Feb 2022 23:19:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
571929
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11452
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 22:35:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 03 May 2022 23:19:44 GMT
null
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/ Frame 8495 		43 B
69 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/null
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:53 GMT
x-content-type-options
nosniff
server
sffe
x-dns-prefetch-control
off
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=0
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
expires
Wed, 09 Feb 2022 14:11:53 GMT
css
fonts.googleapis.com/ Frame 05B5 		6 KB
670 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 12:52:45 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Feb 2022 14:11:53 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Feb 2022 14:11:53 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 05B5 		1 KB
889 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:01:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
639
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
848
x-xss-protection
0
server
cafe
etag
2277666839114365613
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:01:14 GMT
p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
pagead2.googlesyndication.com/bg/ Frame C752 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=9622731939&adk=666936239&adf=3007687400&pi=t.ma~as.9622731939&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=468&idt=315&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=517&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=8YO86cXPMD&p=https%3A//filecr.com&dtd=317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a79a5f0cc3f8ccdf2355f8af3f8351e26ca4a2af5254fa5203d7f2346b6fe28e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 07:53:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
22715
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13808
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 07:53:18 GMT
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012201141909000/ Frame AA2E 		220 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8ade0d94aaf4b3d52776b75609e8d1c31995677a0a033a6fa2408425da07740
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
19378
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61542
x-xss-protection
0
server
sffe
date
Wed, 09 Feb 2022 08:48:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"00d9ef7efeb287da"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 09 Feb 2023 08:48:55 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame AA2E 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cb696ecd7c4f31fdd7c7c1cc37e8efc29614fbcbadf74f455aa496d72ce33250
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504035
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5698
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"919adc590e0ff503"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame AA2E 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc83fe6d180fd859f448bacd040799bf379ee7e0d9b1e6c3f19499c1c4358864
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504035
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29570
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"c52208c2e07002d5"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame AA2E 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea29de07cdb14f2c6c59c06fdcd4ec30c2030b3ba8ee6a0aa325085496b9a94d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
48570
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1851
x-xss-protection
0
server
sffe
date
Wed, 09 Feb 2022 00:42:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"76a8c96b6aaec2c9"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 09 Feb 2023 00:42:23 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame AA2E 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7d040d5e84706dac2d471ad33830bd0ae361ca06e53e72e817701478c6d5afa
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
104587
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13611
x-xss-protection
0
server
sffe
date
Tue, 08 Feb 2022 09:08:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"7aefe3fe93cc7383"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 08 Feb 2023 09:08:46 GMT
amp-gwd-animation-0.1.mjs
cdn.ampproject.org/rtv/012201141909000/v0/ Frame AA2E 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012201141909000/v0/amp-gwd-animation-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
521a8eaf8c4a2ba9501acfdf35b7d1ebb4bbb4c7aca2d4ee43e01984d73991e5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
504035
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2661
x-xss-protection
0
server
sffe
date
Thu, 03 Feb 2022 18:11:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d259f7ea2431535d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 03 Feb 2023 18:11:18 GMT
css
fonts.googleapis.com/ Frame AA2E 		9 KB
877 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Noto+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6823285eb46b5b3f5c60cedb96d66a4d18bdc335096705d9f9c72aa681ddab5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Feb 2022 12:26:05 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Feb 2022 14:11:53 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Feb 2022 14:11:53 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AA2E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
16215
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AA2E 		295 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
15528
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:53:05 GMT
5f9ae9f190dbfc0010f28960.png
tpc.googlesyndication.com/sadbundle/7316940882382349146/ Frame AA2E 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/7316940882382349146/5f9ae9f190dbfc0010f28960.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47168af81d6da682065294d09fdd18596989831eee323959ac7d0646f7746a12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 13:18:18 GMT
x-content-type-options
nosniff
age
435215
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4889
x-xss-protection
0
last-modified
Fri, 18 Dec 2020 13:50:58 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 04 Feb 2023 13:18:18 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame AA2E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=Cx_7DqcsDYqqpAYLCgAeq96vYCKDyvOphwZXVnbcPv96llo8OEAEg_N_oGWCVkqGCsAegAanV7MICyAEJqQKRj1CQaSuzPuACAKgDAcgDCKoEhwJP0C84VQoK-ssRUU7nM3b1YTHWPPgm_WFROng1MRw6_-7TNcqPMgbxMTbQKxOKtm86asnM8dG15y0b2nYvwuVAmVwIKr7WTav-6uziHFHrWStnOuzSCELUlPF-AAAW-5Q5rZoUZ_NPtvZ5nBolufvfz7NPCiVd9tT6_BLA_KTrC5GJ5HofwyYcql56tokKli7rIqohSE5qggfUNPZkZwubcLXFNmrHrlNQTiCSkLctc3AiUfC4W0scmSggasZuHReq1bSTSf8E3jmdDwnbmBleqW_l3AOG55QXIhhmIrVGgSrqi7iO6lvCF_jACWklXrYUM43_ULSD-aCiGxMigCN7PhzOk1mqZsAEyPbK0q8D4AQBkgUECAQYAZIFBAgFGASgBi6AB7-qk70BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQ6rYI0ggJCIDhgBAQARgdgAoDyAsB2BMM0BUBmBYBgBcBshceChwIABIUcHViLTIwNDk5NDgxODAwNzkyNjQYnJMP&sigh=vPzsRbO3lCE&uach_m=[UACH]&template_id=419
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame ACA0 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
16215
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame ACA0 		295 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
15528
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:53:05 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/ Frame 05B5 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 13:59:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
749
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7817
x-xss-protection
0
server
cafe
etag
7051432691878289762
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 13:59:24 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 05B5 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:05:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
387
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:05:26 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 05B5 		124 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cecd27ce9737114e23fa8dda3be3041f7c36cdafd31822d2e5bae793669bd13f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644237382599929"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:11:53 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/ Frame 05B5 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:08:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
206
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 23 Feb 2022 14:08:27 GMT
ff20f166b0acb5bbc58563e896201b58.js
www.gstatic.com/mysidia/ Frame 05B5 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/ff20f166b0acb5bbc58563e896201b58.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
60b6fb70c39877b90333526914dbc0d47052cd8c4c298c421aaee2f9d6b48bcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 02 Feb 2022 23:19:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
571929
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11452
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 22:35:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 03 May 2022 23:19:44 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/9779681584961496582/ Frame 05B5 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/9779681584961496582/downsize_200k_v1?w=400&h=209
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3abf391b0c5e5b90d6233e99d35a7ff487b9ee71b2a6268fdfcc935e866b4eea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 05:28:43 GMT
x-content-type-options
nosniff
age
31390
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4155
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 12:44:24 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 09 Feb 2023 05:28:43 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/5250848271080314985/ Frame 05B5 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/5250848271080314985/downsize_200k_v1?w=100&h=100
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
74cb2c29739ccfc2a6e21e9f2bbc924174e20ec375f9b8e10727567e1948cac2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 14:12:03 GMT
x-content-type-options
nosniff
age
86390
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1904
x-xss-protection
0
last-modified
Wed, 23 Sep 2020 12:48:53 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 08 Feb 2023 14:12:03 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 17E7
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=600&slotname=2519109481&adk=1857661183&adf=1050778348&pi=t.ma~as.2519109481&w=292&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=292x600&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911864&bpp=1&bdt=467&idt=327&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D215b71c10c2b07c1-221c2adf37cd0025%3AT%3D1644415912%3ART%3D1644415912%3AS%3DALNI_MZa9xdGuJalMyO6uuyXQotNINS3_g&prev_fmts=0x0%2C1158x280%2C752x280%2C752x188%2C752x280%2C292x600&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1077&ady=1448&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=NG0Kig8ifc&p=https%3A//filecr.com&dtd=330
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 09 Feb 2022 14:11:53 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:11:53 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 09 Feb 2022 14:11:53 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adview
googleads.g.doubleclick.net/pagead/ Frame 05B5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CQy0MqMsDYsquBsyH7_UP_rmFiAHBku-EaLyyy53GDuaZx7zUDhABINXClHVglfrwgYwHoAGp1ezCAsgBCakCQcVazgIqsz6oAwHIA8sEqgTrAU_QNp_NfE3yP9oSX-4Gi31e77-KyGI54CT-ayJH7WaZwtK4hjoS3iDf2OQxnlzWgOHr5NmpuxrCPVWxSKoIRNToCpAJxOrXvVVoSsABdEu9nTYqAotqrdncwjTWPYLzpjUKUyEOQxxMy8g13Tv91-B_Ccn_0gPBPW4xP2VqP7HGyBsqTSu743nTDAAgtSKSVANsALEHInu2dwzH86p2ekXAHkBKTTBv3BBmiOgDEkDDtLa-V5vfQMBECTxt3hjOh_bc1smBIuii9vAK-RVvgcOpC9o8wdilx-dWj8CXSslcEQ6CryF_4htJIGvABOjKztnxA5IFBAgEGAGSBQQIBRgEoAYugAe_qpO9AagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcFEPvi6QHSCAkIgOGAEBABGB-ACgHICwHYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItMzU1MzUwODk4MzE3MjY5MhgA&sigh=qqkXg3TLgjA&uach_m=[UACH]&template_id=484
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 09 Feb 2022 14:11:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame AA2E 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
710bcff389c698d3e9ec0c60b1bc2c4327accaa53a6bb2ec644f7d56937a3e53

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v25/ Frame AA2E 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notosans/v25/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa5d2912bec294d33c9dc4be4a00a9a5f4ac993049a935f4535ae687e3b08d0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://filecr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 02 Feb 2022 19:30:45 GMT
x-content-type-options
nosniff
age
585668
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16088
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 18:56:33 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Feb 2023 19:30:45 GMT
publishertag.prebid.js
static.criteo.net/js/ld/ 		90 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:53 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 09:04:35 GMT
server
nginx
etag
W/"61f7a623-16685"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Thu, 10 Feb 2022 14:11:53 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 8EE0 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1

Response headers

x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
145
x-xss-protection
0
date
Wed, 09 Feb 2022 14:03:52 GMT
cache-control
public, max-age=3600
content-type
text/html; charset=UTF-8
age
481
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 05B5 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a78eff31bbb35c545c9dfbb14706f65c71f63c56bf2c5bd4fd084e7d67fd89d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 05B5 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 02 Feb 2022 17:58:32 GMT
x-content-type-options
nosniff
age
591201
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:20 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Feb 2023 17:58:32 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 05B5 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 02 Feb 2022 17:56:19 GMT
x-content-type-options
nosniff
age
591334
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Feb 2023 17:56:19 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 05B5 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 09:48:03 GMT
x-content-type-options
nosniff
age
447830
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 04 Feb 2023 09:48:03 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AA2E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
16215
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AA2E 		295 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012201141909000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
15528
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Thu, 10 Feb 2022 09:53:05 GMT
publishertag.prebid.js
static.criteo.net/js/ld/ 		90 KB
28 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:53 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 09:04:35 GMT
server
nginx
etag
W/"61f7a623-16685"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Thu, 10 Feb 2022 14:11:53 GMT
p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
pagead2.googlesyndication.com/bg/ Frame ACB0 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3553508983172692&output=html&h=280&slotname=1110800257&adk=1741069232&adf=1565584583&pi=t.ma~as.1110800257&w=1158&fwrn=4&fwrnh=100&lmt=1644415912&rafmt=1&psa=0&format=1158x280&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1644415911859&bpp=3&bdt=462&idt=216&shv=r20220207&mjsv=m202202030101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1348731551215&frm=20&pv=1&ga_vid=1668403507.1644415912&ga_sid=1644415912&ga_hid=1824890661&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=221&ady=175&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C31064716%2C31062931&oid=2&pvsid=3738844641770988&pem=532&tmod=1913351722&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Q4APh6378M&p=https%3A//filecr.com&dtd=220
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a79a5f0cc3f8ccdf2355f8af3f8351e26ca4a2af5254fa5203d7f2346b6fe28e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 07:53:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
22715
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13808
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 07:53:18 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 8EE0
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 09 Feb 2022 14:11:53 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 09 Feb 2022 14:11:53 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 09 Feb 2022 14:11:53 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
pagead2.googlesyndication.com/bg/ Frame 519F 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a79a5f0cc3f8ccdf2355f8af3f8351e26ca4a2af5254fa5203d7f2346b6fe28e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 07:53:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
22715
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13808
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 07:53:18 GMT
p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
pagead2.googlesyndication.com/bg/ Frame 8495 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a79a5f0cc3f8ccdf2355f8af3f8351e26ca4a2af5254fa5203d7f2346b6fe28e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 07:53:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
22715
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13808
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 07:53:18 GMT
wideskyscraper_claim.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/ Frame 8495 		19 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/wideskyscraper_claim.svg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05a29beffdaaa41e78204f55ac02bd1d4cb9ca4dd4314b9828f8ae2860acfdd9
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
555187
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5388
x-xss-protection
0
last-modified
Wed, 12 Jan 2022 23:12:31 GMT
server
sffe
date
Thu, 03 Feb 2022 03:58:46 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 03 Feb 2023 03:58:46 GMT
wideSkyscraper_copy_bett.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/ Frame 8495 		23 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/wideSkyscraper_copy_bett.svg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a765eda49b6830c9999ee1edc81985ae522b4202ea4e7a9c2e0a765055260fcd
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
555187
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5486
x-xss-protection
0
last-modified
Wed, 12 Jan 2022 23:12:31 GMT
server
sffe
date
Thu, 03 Feb 2022 03:58:46 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 03 Feb 2023 03:58:46 GMT
wideSkyscraper_head_bett.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/ Frame 8495 		10 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/wideSkyscraper_head_bett.svg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0e3c892d9c4f52eca2918b1a64f4461a6419d2116003dd1c159c3b853d5ece26
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
555187
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3078
x-xss-protection
0
last-modified
Wed, 12 Jan 2022 23:12:31 GMT
server
sffe
date
Thu, 03 Feb 2022 03:58:46 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 03 Feb 2023 03:58:46 GMT
cta_hover.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/ Frame 8495 		7 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/cta_hover.svg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f2e21b59f04dcd1ab74e6f792bb25667313596b635cf575362c8c86d58463a92
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
555187
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2265
x-xss-protection
0
last-modified
Wed, 12 Jan 2022 23:12:31 GMT
server
sffe
date
Thu, 03 Feb 2022 03:58:46 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 03 Feb 2023 03:58:46 GMT
cta_normal.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/ Frame 8495 		7 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/cta_normal.svg
Requested by
Host: filecr.com
URL: https://filecr.com/windows/microsoft-office?id=6347414880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2820e0f543336a49b91e4bec33afc93b91859545d769c46b754948a5605993d3
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
555187
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2196
x-xss-protection
0
last-modified
Wed, 12 Jan 2022 23:12:31 GMT
server
sffe
date
Thu, 03 Feb 2022 03:58:46 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 03 Feb 2023 03:58:46 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		13 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220207&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b1ca8eaaa7e11adb1cd65c08e41c517d16479eb7294ca1a10653b87bfb7eb31a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 09 Feb 2022 14:11:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9849
x-xss-protection
0
syncframe
gum.criteo.com/ Frame 575F 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=filecr.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
cdf0b0f2c5cef0e09f6cc68cb1a183831eba5c571627b3862c0d959de0350678
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

cache-control
private, max-age=3600
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
server-processing-duration-in-ticks
1866
date
Wed, 09 Feb 2022 14:11:54 GMT
content-length
5182
strict-transport-security
max-age=31536000; preload;
cta_normal.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/ Frame 8495 		7 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/cta_normal.svg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2820e0f543336a49b91e4bec33afc93b91859545d769c46b754948a5605993d3
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
555188
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2196
x-xss-protection
0
last-modified
Wed, 12 Jan 2022 23:12:31 GMT
server
sffe
date
Thu, 03 Feb 2022 03:58:46 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 03 Feb 2023 03:58:46 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3553508983172692&plah=filecr.com&bust=31064716
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 09 Feb 2022 14:11:54 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FF5F 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Wed, 09 Feb 2022 14:07:00 GMT
expires
Thu, 09 Feb 2023 14:07:00 GMT
cache-control
public, max-age=31536000
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
content-type
text/html
age
294
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame AFF4 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
dac0248a66cdd0aaf50bdcbbe7a84c8786782b9734f45677646ae70986038d0b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-BgLN+J7rCx6ZfU7ihb3uAw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Wed, 09 Feb 2022 14:11:54 GMT
date
Wed, 09 Feb 2022 14:11:54 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-BgLN+J7rCx6ZfU7ihb3uAw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
pagead2.googlesyndication.com/bg/ Frame FF5F 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/p5pfDMP4zN8jVfivP4NR4mykoq9SVPpSA9fyNGtv4o4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a79a5f0cc3f8ccdf2355f8af3f8351e26ca4a2af5254fa5203d7f2346b6fe28e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 07:53:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
22716
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13808
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 07:53:18 GMT
sid
mug.criteo.com/ Frame 575F
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=filecr.com&sn=ChromeSyncframe&so=0&topUrl=filecr.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=yy8IVHxEemN0akwrSFlRb3JnaFZ6TXQrRXh0NExMYWZWNmJxZWlqZ1FrSXRFUDRSUzhWRS9VT1JwTEVGR0Fnb1UrVmN2dms3WElwUWJjVTR6U0FGNlZXWm5kc0pNa2lLNDEvVUhqV3V1cHZOVDNkTS8xVzFvenRJcUx0bz...
435 B
632 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=yy8IVHxEemN0akwrSFlRb3JnaFZ6TXQrRXh0NExMYWZWNmJxZWlqZ1FrSXRFUDRSUzhWRS9VT1JwTEVGR0Fnb1UrVmN2dms3WElwUWJjVTR6U0FGNlZXWm5kc0pNa2lLNDEvVUhqV3V1cHZOVDNkTS8xVzFvenRJcUx0bzVwM0RuV0gxSlJYbU9CVGFyVEJvSVNjOXpJWUtEa1dCZHYwUGR3eEQ5b1pGNWh4aXlHRFVyaG1Ub2c1dHBUTU1QV2xmNnJCNk1hVDJrWU4wZ05NTkpNeklWeTdnMjl5Q3FTODVOR3QrbldWb2V6UWxlNjc5L0Z2OVA0b3RuZ01ybGZ3YUQ2c0RWRWZLZzkybFNwenp1SUdTNTNNMEhDZz09fA&cppv=2
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
dfda93858277d6cdba6173939ca05b3c431c37df11728a946994d80e8e64464c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:54 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3729
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:53 GMT
strict-transport-security
max-age=31536000; preload;
content-type
text/html; charset=utf-8
location
https://mug.criteo.com/sid?cpp=yy8IVHxEemN0akwrSFlRb3JnaFZ6TXQrRXh0NExMYWZWNmJxZWlqZ1FrSXRFUDRSUzhWRS9VT1JwTEVGR0Fnb1UrVmN2dms3WElwUWJjVTR6U0FGNlZXWm5kc0pNa2lLNDEvVUhqV3V1cHZOVDNkTS8xVzFvenRJcUx0bzVwM0RuV0gxSlJYbU9CVGFyVEJvSVNjOXpJWUtEa1dCZHYwUGR3eEQ5b1pGNWh4aXlHRFVyaG1Ub2c1dHBUTU1QV2xmNnJCNk1hVDJrWU4wZ05NTkpNeklWeTdnMjl5Q3FTODVOR3QrbldWb2V6UWxlNjc5L0Z2OVA0b3RuZ01ybGZ3YUQ2c0RWRWZLZzkybFNwenp1SUdTNTNNMEhDZz09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
1693
content-length
541
expires
0
sodar
pagead2.googlesyndication.com/pagead/ Frame AFF4 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220207&jk=3738844641770988&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame FF5F 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?GZSjEQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:54 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
gen_204
pagead2.googlesyndication.com/pagead/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220207&jk=3738844641770988&bg=!SUqlSg7NAAa4sGsQuLA7ACkAdvg8WgFenpaoE8grRz-Gqj-cNV1ysoy2Gqy8m_6PNhaf3WShvVPgTQIAAABqUgAAAAJoAQcKAFL6wM5ZxB2aMtofBp1am6sGKpMAssw8t42QhtP1qPhb02qIy0AhaeNwvijSVrlQnksGA6dB7TBxLsCi-bFsuFuPqGV6QN7MQM6q44A08u7fcgTxmQKwXvd9SNiMpyv6dPSYKpNo6uoHT54rAarpcRfWolyR4rPpSjXCz2rb_m98t2HiDDIZISM7onLbjMpfZK2rvHonpXLOWNJfdLf2c1YdcxhVFAkARfnB-TuMiVMHVWR9tIWX2mi73Tqvs-5D4Obe0UNB5SP80JXSzv47QmBXGm3-AMgvfldVLEiIk6eV6EdXot6kFK91d8nvaas6kSQ2so0PJZ71qGJ1uaLlZU8Vy1z4xchStOWBAqim1ydn1DkJzrxMipKzfTZ6sKpYWUPnNvE6f_7AP1Qp1mqybi3dDAKt0nalYw-e79SMKgf_HbtrA8DerfJY8SRog5wkGfS-t5R-8lLFlaIfbr-MZcUmqslR9sgfz9W0Mbf1jXrm9RR6DsscA9GPOEuE3xwCepJkAkHmfFxV1N699AQfMlBR6x1RdrSMiTURYkEmmtGqIxgF2Ey9FwQ8Voxyni1HtegUn_QvCWoG7NzU2i7YscQKfVZQlpY6F_mcYgizfNlywkIRycpFfKOGWrLEOFkWGWbdH0rSuM8xL_jin1Yj6YF3uPX0-os-lsukq6fIqHdKHRM5Lli31yCky9UTnS9_UiAf7gWl-k66pH_sEBfNroLAbhCx37MaynMDC_DQMnAlZRMRWK3WPKJLiJl0KAqCOyBgZ3L2Mqvz_BnvTIX9WMwi4yVju3Yi3v6UFwrR6-EotPVo9vLOrAIjcEBKzgtwv-ONaB9GWp16ezlkozBkEajvhYue_TKMYZH2P1rXsXofbO97nYsvAArWy7ucqgrb9JyeJWoHonZ49OOEjMamLLo8hDOeR40El2w91ppRdMt5WTgYyEBSWqSh0ibVWX8MOCi8I2xg40vQJIQ7eBQ5oVvxtPE1xi9jJFgPb3dIZrv3kaHGufFpmKSYY_KGpdjBfIhSVHfz2g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:54 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 1F3E 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst3ZP-DgK60uCNKqDmA1LGs550UNIetwNxtbMBu97sojkUCH6UAojX7-ZYR4uAjGNghqj9kJaCfgmXqRA3PVdgYJgZ8ebcFp5LJPCK2eesCVg&sai=AMfl-YRpVXLD2lqg6J0V5A3Gr4tEv0Moc89SMh-hBcVYpzHNMaxBxPRelzOktZu-E_EDnSRLJAPtELDZByAH&sig=Cg0ArKJSzBjH4PNtMFc7EAE&id=lidar2&mcvt=1003&p=17,0,93.421875,292&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20220207&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=666936239&rs=2&la=0&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1644415912182&rpt=1150&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:54 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame ACA0 		42 B
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsugRBpXNZYUWxbd-z7SEQKd0_DYz_0ioaKfQX-Fj5Z1ESufJWeFefHq3uKeXKBMJZlMyImpPsxnCPudQAnAFqn9RZriTZ_4F0389vtZ7JGOlbZFO7pEkA&sai=AMfl-YRk4ZJabTEt_UbxwteLE3Wbij3H8sUjLE_Id7YGK1uSFgRPJXn21QESC42-OgrFPhzZbjYt09WEm4Pj&sig=Cg0ArKJSzHhIC405RxfyEAE&id=ampim&o=232,1002&d=752,194&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,0,1001,1001&tos=0,0,0,1001,0&tfs=528&tls=1529&g=100&h=100&tt=1529&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=3791395387
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:54 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 05B5 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvcEhktQE86xG3-LgnPizt1fERba-YKgyvF5lykJpUAQSKE4a3I57zGbMjpZqlyUp5k28Bv0sOJlBA0DMGz0G12y1JZrRnqucbHKk_jfDPZsQPfF0PD1g&sai=AMfl-YRrl0OukgeY5UvooRZ2PrLw6KgN7odqN04SbUXWJH3WEMtMutS2iBG6RAg76y2_bID3N7J_DtRUBkYc&sig=Cg0ArKJSzGfuS20TPVfvEAE&id=lidar2&mcvt=1000&p=0,0,280,1158&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220207&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=1741069232&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1644415912081&rpt=1591&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:54 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
eb2.3lift.com/ Frame 26AE
Redirect Chain
  • https://eb2.3lift.com/sync?
  • https://eb2.3lift.com/sync?&ld=1
1 KB
1022 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?&ld=1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
8c0f68521164f23c0904aab164a40ec6a4d6bc247b438c2bc563490e7e290164

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-type
text/html; charset=utf-8
content-length
458
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-length
0
location
/sync?&ld=1
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
async_usersync.html
acdn.adnxs.com/dmp/ Frame 3A1E 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Sun, 06 Feb 2022 02:33:27 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Wed, 09 Feb 2022 14:11:56 GMT
Age
41902
X-Served-By
cache-lga21969-LGA, cache-hhn4025-HHN
X-Cache
HIT, HIT
X-Cache-Hits
3, 618540
X-Timer
S1644415916.036629,VS0,VE0
Vary
Accept-Encoding
sync.html
public.servenobid.com/ Frame 2923 		8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://public.servenobid.com/sync.html
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::69 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bbfd30e5fd2bd475d319b5b55ab61469966d1517b703f9bd830a6f3207387c27

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

cache-control
max-age=86400
content-type
text/html
content-encoding
br
last-modified
Wed, 15 Dec 2021 19:31:35 GMT
accept-ranges
bytes
etag
"32347ab14bd5257f1f3d2e210ba82276"
server
AmazonS3
x-cache
TCP_HIT
x-amz-id-2
GInHvwcB0OLhatV2u5nB/Zgq5HLDdNKaTjNbeb/uzQb1HRitYw/BSAUBPLhS8Rh4ofaaLH9bWSk=
x-amz-request-id
44D0JH41AYMZJQQ2
x-amz-meta-codebuild-content-sha256
8644b4f52d5a37b8f0b84f0bbcfa66f9e0f7f97407e4d25c13a055f86b22baed
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:0897103a-6355-4b89-92f6-53a82b1da700
x-amz-meta-codebuild-content-md5
276cf0a41034befc9a603617ae1a1731
x-azure-ref-originshield
0LHwDYgAAAABVFngdXBysQq1IwwOE0wiSQU1TMDRFREdFMTgxNQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-azure-ref
0rMsDYgAAAAC2acQFwyJoRrrSf8yqk7MeRlJBRURHRTEwMTUAODRlN2RmYTItMTQ0Mi00MzM0LWIzNGYtZTQyZDNmN2RkYWQ5
date
Wed, 09 Feb 2022 14:11:55 GMT
/
onetag-sys.com/usync/ Frame 75E6 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?cb=1644415912610
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip252.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
usync.html
eus.rubiconproject.com/ Frame 6D08 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"40014-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 09 Feb 2022 14:11:56 GMT
Connection
keep-alive
Vary
Accept-Encoding
iframe
mantodea.mantisadnetwork.com/prebid/ Frame ACEB 		233 B
470 B 		Document
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1644415912968&secure=true&version=9&uuid=723285c9-4765-4aa6-b0e0-7483bd609333&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/filecr.js?1644415800000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.80.147.122 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-80-147-122.compute-1.amazonaws.com
Software
/ Express
Resource Hash
8852dc4007339811b06753da707b4815bb8f2abb9e46eb84a7d6a77949638bed

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-type
text/html; charset=utf-8
content-length
233
x-powered-by
Express
vary
Origin
access-control-allow-credentials
true
cache-control
private, no-cache, no-store, must-revalidate
pragma
no-cache
expires
-1
etag
W/"e9-GZ2E7tKvySh01E1LZd6JDT9X13Q"
/
onetag-sys.com/usync/ 		0
52 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/usync/?tag=img
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip252.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://filecr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-cache, no-transform
generic
match.adsrvr.org/track/cmf/ Frame 26AE 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
xuidmid=7976&xuid=ujhh48Nfp&dongle=u6nf
eb2.3lift.com/ Frame 26AE
Redirect Chain
  • https://ad.mrtnsvr.com/sync/triplelift
  • https://eb2.3lift.com/xuidmid=7976&xuid=ujhh48Nfp&dongle=u6nf
37 B
155 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuidmid=7976&xuid=ujhh48Nfp&dongle=u6nf
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
cache-control
no-cache, no-store, must-revalidate
x-error
Not Found
content-length
37
content-type
image/gif

Redirect headers

location
https://eb2.3lift.com/xuidmid=7976&xuid=ujhh48Nfp&dongle=u6nf
date
Wed, 09 Feb 2022 14:11:56 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
92
vary
Origin
content-type
text/html; charset=utf-8
pixel
cm.g.doubleclick.net/ Frame 26AE 		170 B
502 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 26AE
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzAzMjg2MTAzMTUxMzk3NDk5ODk5
170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzAzMjg2MTAzMTUxMzk3NDk5ODk5
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzAzMjg2MTAzMTUxMzk3NDk5ODk5
date
Wed, 09 Feb 2022 14:11:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame 26AE 		0
706 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=703286103151397499899&dbredirect=true&gdpr=1&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:55 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: F3AC86EAB5CA4AD99FE0F87EAA4597BE Ref B: FRAEDGE1313 Ref C: 2022-02-09T14:11:56Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXXlmqMFg/WrKbjTXm27g==
xuid
eb2.3lift.com/ Frame 26AE
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/703286103151397499899?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-EbSYvG5E2oSEpeKSYeqJX9Uw5bk9sNcXaDjpMiefww--~A&dongle=0883
37 B
353 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-EbSYvG5E2oSEpeKSYeqJX9Uw5bk9sNcXaDjpMiefww--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Wed, 09 Feb 2022 14:11:56 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-EbSYvG5E2oSEpeKSYeqJX9Uw5bk9sNcXaDjpMiefww--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
c.gif
c.bing.com/ Frame 26AE 		42 B
591 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?xid=703286103151397499899&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:55 GMT
etag
"9ea1ae3587d81:0"
last-modified
Wed, 12 Jan 2022 02:05:35 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 7F7394E1815348A6A2E57B0832BEF917 Ref B: FRAEDGE1208 Ref C: 2022-02-09T14:11:56Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
iu3
s.amazon-adsystem.com/ Frame 26AE
Redirect Chain
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=703286103151397499899
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=703286103151397499899&dcc=t
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=703286103151397499899&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
HTTP/1.1
Server
209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
BFZ37VYQT4RAVE8JNPCG
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=703286103151397499899&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
x.bidswitch.net/ Frame 26AE 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=triplelift&user_id=703286103151397499899&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.48.254 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-48-254.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 09 Feb 2022 14:11:56 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
xuid
eb2.3lift.com/ Frame 26AE
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
async_usersync
ib.adnxs.com/ Frame 3A1E 		0
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
X-Proxy-Origin
217.114.215.131; 217.114.215.131; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
ec6d7199-3cd2-4052-8b8c-d89b2ac2c37a
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
fltiu.js
pixel.yabidos.com/ Frame ACEB 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.yabidos.com/fltiu.js?qid=83233313f553333313f513430313&cid=1041&p=undefined&s=filecr.com
Requested by
Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1644415912968&secure=true&version=9&uuid=723285c9-4765-4aa6-b0e0-7483bd609333&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.200.58 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04e15c27c7c1e344842fec61d78bfb338739501f6d293a013d57a808efcc3674

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mantodea.mantisadnetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 28 Jan 2022 16:06:54 GMT
server
cloudflare
age
1577
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
cf-ray
6dadb093da0f692b-FRA
content-length
1168
expires
Wed, 09 Feb 2022 16:11:56 GMT
query
ecs.mantisadnetwork.com/sync/pixel/ Frame ACEB
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=rjrqv8k&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=rjrqv8k&ttd_tpi=1
  • https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=3dc5b69b-558e-43ae-8659-881514f206a4
35 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=3dc5b69b-558e-43ae-8659-881514f206a4
Requested by
Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1644415912968&secure=true&version=9&uuid=723285c9-4765-4aa6-b0e0-7483bd609333&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880
Protocol
H2
Server
54.80.147.122 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-80-147-122.compute-1.amazonaws.com
Software
/ Express
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mantodea.mantisadnetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
x-powered-by
Express
etag
W/"23-X71HIiL+uKIs9biqXcW44Tr4jis"
content-length
35
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=3dc5b69b-558e-43ae-8659-881514f206a4
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
241
usync.js
eus.rubiconproject.com/ Frame 6D08 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
111b501a94f330364d2803977ca2a9de037297abf7f1c54caa1d9c7c7d955a0a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 09 Feb 2022 14:11:56 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Dec 2021 23:04:16 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=34004
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9703
Expires
Wed, 09 Feb 2022 23:38:40 GMT
13926
g2.gumgum.com/usync/ Frame A417 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6e94b9af245d6e2d303ec4062011112e995a9744f6c73b9e437ebd8afd3a8097

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-type
text/html;charset=UTF-8
server
nginx
etag
W/"0b096689eacdf32fe030556f8dc48a01d"
timing-allow-origin
*
content-encoding
gzip
ps
pixel.33across.com/ Frame 7638 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip22.67-202-105.static.steadfastdns.net
Software
33XP001 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

x-33x-status
2000208
server
33XP001
date
Wed, 09 Feb 2022 14:11:55 GMT
/
onetag-sys.com/usync/ Frame DEDF 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip252.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
sync
ssbsync.smartadserver.com/api/ Frame 0FB2 		876 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.119 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
640db15304644891aaffe41635de72be1d4a8f479cc124e539169799798129d8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

content-length
876
content-type
text/html
date
Wed, 09 Feb 2022 14:11:56 GMT
usermatch
ssum-sec.casalemedia.com/ Frame 0F4C
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d4c706658c1948524e1c3646cc75a43fd6555c6277d2b6621c145357c6273265

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
230|241|39|45|3|221|111|123
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Expires
Wed, 09 Feb 2022 14:11:56 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
Content-Length
1681
Connection
keep-alive

Redirect headers

Server
Apache
Content-Length
311
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Wed, 09 Feb 2022 14:11:56 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
Connection
keep-alive
sync
ads.servenobid.com/ Frame 2923
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=312&uid=5542501361551038612
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=312&uid=5542501361551038612
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.171.171.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-171-24.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
X-Proxy-Origin
217.114.215.131; 217.114.215.131; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
4e8587b7-2f8a-422f-b8cf-3ff9623a175b
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ads.servenobid.com/sync?pid=312&uid=5542501361551038612
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
ads.servenobid.com/ Frame 2923
Redirect Chain
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1
  • https://ads.servenobid.com/sync?pid=310&uid=d430168dee9e42a50a2fea4a
0
347 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=310&uid=d430168dee9e42a50a2fea4a
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.171.171.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-171-24.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ads.servenobid.com/sync?pid=310&uid=d430168dee9e42a50a2fea4a
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap3ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
sync
ads.servenobid.com/ Frame 2923
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1644415916251
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1110524880
  • https://sync.1rx.io/usersync/tradedesk/3dc5b69b-558e-43ae-8659-881514f206a4
  • https://sync.targeting.unrulymedia.com/csync/RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003
  • https://ads.servenobid.com/sync?pid=321&uid=RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003
0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=321&uid=RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.171.171.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-171-24.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=321&uid=RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003
date
Wed, 09 Feb 2022 14:11:56 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX99bdd869c3974db0a0369dfcfc2e8b53003
content-type
text/html
101954
jadserve.postrelease.com/suid/ Frame 2923 		43 B
428 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/suid/101954?ntv_r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D322%26uid%3DNTV_USER_ID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.215.6.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-215-6-188.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
sync
ads.servenobid.com/ Frame 2923
Redirect Chain
  • https://p.rfihub.com/cm?pub=44007&in=1
  • https://ads.servenobid.com/sync?pid=324&uid=5134455420327300891
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=324&uid=5134455420327300891
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.171.171.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-171-24.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Location
https://ads.servenobid.com/sync?pid=324&uid=5134455420327300891
Date
Wed, 09 Feb 2022 14:11:56 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
usa
sync.go.sonobi.com/ Frame 2923 		0
0
sync
ads.servenobid.com/ Frame 2923
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
  • https://ads.servenobid.com/sync?pid=327&uid=7245c35b-f216-4d37-ab2a-d9e88c3c0193&gdpr=0&gdpr_consent=&us_privacy=1YN-
0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=327&uid=7245c35b-f216-4d37-ab2a-d9e88c3c0193&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.171.171.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-171-24.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=327&uid=7245c35b-f216-4d37-ab2a-d9e88c3c0193&gdpr=0&gdpr_consent=&us_privacy=1YN-
date
Wed, 09 Feb 2022 14:11:56 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
1
server
envoy
content-length
0
sync
ads.servenobid.com/ Frame 2923
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58559/occ
  • https://ups.analytics.yahoo.com/ups/58559/occ?verify=true
  • https://ads.servenobid.com/sync?pid=337&uid=y-BtTDJm1E2uHJUWNERgk93PJBR0b_Mn8BfjuwL_0-~A
0
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=337&uid=y-BtTDJm1E2uHJUWNERgk93PJBR0b_Mn8BfjuwL_0-~A
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.171.171.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-171-24.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=337&uid=y-BtTDJm1E2uHJUWNERgk93PJBR0b_Mn8BfjuwL_0-~A
date
Wed, 09 Feb 2022 14:11:56 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
flimpobj.js
pixel.yabidos.com/ Frame ACEB 		31 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.yabidos.com/flimpobj.js?cb=1644415916181&ver1=2.2.3&qid=83233313f553333313f513430313&rnd=ynber4ghn8f4&cid=1041
Requested by
Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=83233313f553333313f513430313&cid=1041&p=undefined&s=filecr.com
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.200.58 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4cf0498d6f16d928751dae8b235dab5e250f65d561f43e2dc20d982efac6016f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mantodea.mantisadnetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 28 Jan 2022 16:06:54 GMT
server
cloudflare
age
1578
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
cf-ray
6dadb0943afa692b-FRA
content-length
24217
expires
Wed, 09 Feb 2022 16:11:56 GMT
vbl.gif
pre.glotgrx.com/ Frame ACEB 		26 B
304 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pre.glotgrx.com/vbl.gif?cb=1644415916250&rnd=ynber4ghn8f4&ifm=1&uai=1&cid=1041&s=filecr.com&p=undefined&x=&adtg=&ats=0&atf=&nsi=&si=&nci=&nai=&pft=0&iip=0&adb=1&adc=0&adcd=i0_f0_o0_e0&ai=&icp=undefined&impid=&idl=&ttduid=&id5=&emh=
Requested by
Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1644415912968&secure=true&version=9&uuid=723285c9-4765-4aa6-b0e0-7483bd609333&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:79c3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mantodea.mantisadnetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
cf-cache-status
HIT
last-modified
Fri, 28 Jan 2022 16:06:46 GMT
server
cloudflare
age
1795
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
public, max-age=7200
accept-ranges
bytes
cf-ray
6dadb094f923698f-FRA
content-length
26
expires
Wed, 09 Feb 2022 16:11:56 GMT
nflrc.gif
pre.glotgrx.com/ Frame ACEB 		26 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pre.glotgrx.com/nflrc.gif?cb=1644415916239148&ver=1.2r81&qid=83233313f553333313f513430313&p=undefined&s=filecr.com&x=&cid=1041&od1=&od2=&adtg=&nci=&nai=&si=&ai=&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=ynber4ghn8f4&impid=&idl=&ttduid=&id5=&emh=&tps=2&ver1=2.2.3&1=8bc4b1d79e408f99c0da59b34ff29ffd&2=0.0&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%220%22%3A%22Chrome%2520PDF%2520Plugin%2520-%2520%2520-%2520internal-pdf-viewer%2520-%2520Portable%2520Document%2520Formatfl_br%22%2C%221%22%3A%22Chrome%2520PDF%2520Viewer%2520-%2520%2520-%2520mhjfbmdgcfjbbpaeojofohoefgiehjai%2520-%2520fl_br%22%2C%222%22%3A%22Native%2520Client%2520-%2520%2520-%2520internal-nacl-plugin%2520-%2520fl_br%22%7D%7D&6=2&7={%22e%22:%2211%22,%22m%22:%220%22,%22f%22:%223428%22}&ats=0&atf=&dbgcid=1041&ifm=1&penv=b&pt=&ptbp=&tw=0&ldp=1&icpl=23&icp=https%253A//filecr.com/&irfl=23&irf=https%253A//filecr.com/&cty=4&fcs=0&flky=ver-fl-6-qid-fl-28-p-fl-9-s-fl-10-x-fl-0-cid-fl-4-od1-fl-0-od2-fl-0-adtg-fl-0-nci-fl-0-nai-fl-0-si-fl-0-ai-fl-0-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-idl-fl-0-ttduid-fl-0-id5-fl-0-emh-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andWindows&adv=0&det=1&adb=1&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=0x0&gpu=Intel%20Iris%20OpenGL%20Engine&ncf=4g_9.8_undefined_null_0_undefined_false&chua={%22architecture%22:%22%22,%22brands%22:[],%22mobile%22:false,%22model%22:%22%22,%22platform%22:%22%22,%22platformVersion%22:%22%22,%22uaFullVersion%22:%22%22}&fli=&flerr=0&trim=&fio=17
Requested by
Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1644415912968&secure=true&version=9&uuid=723285c9-4765-4aa6-b0e0-7483bd609333&title=Microsoft%20Office%202019%20Pro%20Plus%20v2110%20(Build%2014527.20226)&url=https%3A%2F%2Ffilecr.com%2Fwindows%2Fmicrosoft-office%3Fid%3D6347414880
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:79c3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mantodea.mantisadnetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
cf-cache-status
HIT
last-modified
Fri, 28 Jan 2022 16:06:46 GMT
server
cloudflare
age
1796
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
public, max-age=7200
accept-ranges
bytes
cf-ray
6dadb094f92b698f-FRA
content-length
26
expires
Wed, 09 Feb 2022 16:11:56 GMT
709414.gif
id.rlcdn.com/ Frame 6D08 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers
tap.php
pixel.rubiconproject.com/ Frame 6D08
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHLqt5VIG0Wqyn_U2G6ut74&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHLqt5VIG0Wqyn_U2G6ut74&google_cver=1
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHLqt5VIG0Wqyn_U2G6ut74&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame 6D08
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/oYFf6rg9BmUJ9aSKy_nKyMn5EUdSAgOZEtemQ7w0kco?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5059585561581475831
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5059585561581475831
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Content-Type
image/gif

Redirect headers

date
Wed, 09 Feb 2022 14:11:56 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5059585561581475831
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
pixel
cm.g.doubleclick.net/ Frame 6D08
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjQ3MWU3YTkyMzFlODQzMTYzNzlmY2M4NWRmYmU3NzMyZGMzMTZmOA
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjQ3MWU3YTkyMzFlODQzMTYzNzlmY2M4NWRmYmU3NzMyZGMzMTZmOA
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjQ3MWU3YTkyMzFlODQzMTYzNzlmY2M4NWRmYmU3NzMyZGMzMTZmOA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 6D08
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YgPLrAAE4pagwAAy
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YgPLrAAE4pagwAAy&_test=YgPLrAAE4pagwAAy
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YgPLrAAE4pagwAAy&_test=YgPLrAAE4pagwAAy
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
via
1.1 varnish
server
Varnish
x-timer
S1644415916.431115,VS0,VE0
x-served-by
cache-hhn4070-HHN
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YgPLrAAE4pagwAAy&_test=YgPLrAAE4pagwAAy
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
tap.php
pixel.rubiconproject.com/ Frame 6D08
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=53c56203-cbac-4700-84cf-c2f40a1f4eb9
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=53c56203-cbac-4700-84cf-c2f40a1f4eb9
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Content-Type
image/gif

Redirect headers

Date
Wed, 09 Feb 2022 14:11:56 GMT
Server
MT3 4133 baa842e master cdg-pixel-x27 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=53c56203-cbac-4700-84cf-c2f40a1f4eb9
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 09 Feb 2022 14:11:55 GMT
pixel
cm.g.doubleclick.net/ Frame 6D08
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pGTVJZUVgtMVEtNFVDOQ==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pGTVJZUVgtMVEtNFVDOQ==
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pGTVJZUVgtMVEtNFVDOQ==
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
v1
ads.yahoo.com/cms/ Frame 6D08
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZFMRYQX-1Q-4UC9&sigv=1&esig=2~eb4649fa5a1a8602080d3ee7b6a0f29c97e2813f
0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZFMRYQX-1Q-4UC9&sigv=1&esig=2~eb4649fa5a1a8602080d3ee7b6a0f29c97e2813f
Protocol
H2
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZFMRYQX-1Q-4UC9&sigv=1&esig=2~eb4649fa5a1a8602080d3ee7b6a0f29c97e2813f
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
usersync
rtb.gumgum.com/ Frame A417
Redirect Chain
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
  • https://rtb.gumgum.com/usersync?b=apn&i=5542501361551038612
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=apn&i=5542501361551038612
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
X-Proxy-Origin
217.114.215.131; 217.114.215.131; 535.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
13866bc1-457f-4a09-9afd-1e67ef703c1b
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://rtb.gumgum.com/usersync?b=apn&i=5542501361551038612
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame A417
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_5b835ba8-ad58-4ee0-8c82-581cc08b0b31&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_5b835ba8-ad58-4ee0-8c82-581cc08b0b31&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgumgum2
  • https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgumgum2
  • https://x.bidswitch.net/sync?dsp_id=59&user_id=6315cdff-e8c8-44b9-8f28-752e853e1730&ssp=gumgum2
  • https://rtb.gumgum.com/usersync?b=bsw&i=d0d17b81-5d7c-4d49-a88c-fae9f27e5b1a
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=bsw&i=d0d17b81-5d7c-4d49-a88c-fae9f27e5b1a
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
//rtb.gumgum.com/usersync?b=bsw&i=d0d17b81-5d7c-4d49-a88c-fae9f27e5b1a
Date
Wed, 09 Feb 2022 14:11:56 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
cookie-sync
sync.outbrain.com/ Frame A417
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28SmCDPgsDGn3YEgDcGtAyhBGZ5jh-YAoEW1DCQGKtCi1cVXl9L6sJVq4aqIhdIV1i%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_5b835ba8-ad58-4ee0-8c82-581cc08b0b31&obuid=ENC(SmCDPgsDGn3YEgDcGtAyhBGZ5jh-YAoEW1DCQGKtCi1cVXl9L6sJVq4aqIhdIV1i)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://ice.360yield.com/server_match?partner_id=1863&r=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dimprove_digital%26uid%3D%7BPUB_USER_ID%7D%26obUid%3DSmCDPgsDGn3YEgDcGtAyhBGZ5jh-YAoEW1DCQ...
  • https://sync.outbrain.com/cookie-sync?p=improve_digital&uid=b13005cb-94c9-4240-9554-a472469451b5&obUid=SmCDPgsDGn3YEgDcGtAyhBGZ5jh-YAoEW1DCQGKtCi1cVXl9L6sJVq4aqIhdIV1i
0
318 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=improve_digital&uid=b13005cb-94c9-4240-9554-a472469451b5&obUid=SmCDPgsDGn3YEgDcGtAyhBGZ5jh-YAoEW1DCQGKtCi1cVXl9L6sJVq4aqIhdIV1i
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
70.42.32.255 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 09 Feb 2022 14:11:57 GMT
Cache-Control
no-cache
X-TraceId
2d01a96cd8cabb661914284bd7396422
Content-Length
0

Redirect headers

location
https://sync.outbrain.com/cookie-sync?p=improve_digital&uid=b13005cb-94c9-4240-9554-a472469451b5&obUid=SmCDPgsDGn3YEgDcGtAyhBGZ5jh-YAoEW1DCQGKtCi1cVXl9L6sJVq4aqIhdIV1i
date
Wed, 09 Feb 2022 14:11:57 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
usersync
rtb.gumgum.com/ Frame A417
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://rtb.gumgum.com/usersync?b=opx&i=4e19fb01-b302-41d2-96ea-632ea12e3b67
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=opx&i=4e19fb01-b302-41d2-96ea-632ea12e3b67
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-encoding
gzip
server
OXGW/17.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://rtb.gumgum.com/usersync?b=opx&i=4e19fb01-b302-41d2-96ea-632ea12e3b67
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
usersync
rtb.gumgum.com/ Frame A417
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-39985bba-6949-492d-72c4-dacef272d359$ip$217.114.215.131
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-39985bba-6949-492d-72c4-dacef272d359$ip$217.114.215.131
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-39985bba-6949-492d-72c4-dacef272d359$ip$217.114.215.131
Date
Wed, 09 Feb 2022 14:11:56 GMT
Connection
keep-alive
Content-Length
124
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame A417
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=oth&i=y-_anijDNE2pf30DJY8DOH3LwDpHh8WEeuxkl6~A
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=oth&i=y-_anijDNE2pf30DJY8DOH3LwDpHh8WEeuxkl6~A
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Wed, 09 Feb 2022 14:11:56 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://rtb.gumgum.com/usersync?b=oth&i=y-_anijDNE2pf30DJY8DOH3LwDpHh8WEeuxkl6~A
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
usersync
rtb.gumgum.com/ Frame A417
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%...
  • https://rtb.gumgum.com/usersync?b=vnt&i=3d4a34c1-89b2-11ec-8a96-67f41156c3d5
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=vnt&i=3d4a34c1-89b2-11ec-8a96-67f41156c3d5
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=vnt&i=3d4a34c1-89b2-11ec-8a96-67f41156c3d5
Date
Wed, 09 Feb 2022 14:11:56 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
3d4a34c2-89b2-11ec-8a96-67f41156c3d5
services
sync.technoratimedia.com/ Frame A417 		0
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
129.159.70.95 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
566857194
access-control-allow-origin
https://g2.gumgum.com/
access-control-allow-credentials
true
142
match.deepintent.com/usersync/ Frame A417 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
38.91.45.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-length
0
server
b
usersync
rtb.gumgum.com/ Frame A417
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_5b835ba8-ad58-4ee0-8c82-581cc08b0b31&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://stags.bluekai.com/site/23178?id=QoKWALf6YhXnphF9g6iV&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2ULPJNLUCTDGGZMWQWDOOBUEMOLHGZUVMJTVONPXA...
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=QoKWALf6YhXnphF9g6iV&us_privacy=1---
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=QoKWALf6YhXnphF9g6iV&us_privacy=1---
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
P3p
CP="We do not support P3P header."
Location
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=QoKWALf6YhXnphF9g6iV&us_privacy=1---
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
118
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame A417
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://rtb.gumgum.com/usersync?b=idi&i=b13005cb-94c9-4240-9554-a472469451b5
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=idi&i=b13005cb-94c9-4240-9554-a472469451b5
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=idi&i=b13005cb-94c9-4240-9554-a472469451b5
date
Wed, 09 Feb 2022 14:11:56 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
usersync
rtb.gumgum.com/ Frame A417
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003&rndcb=492494793
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=d0d17b81-5d7c-4d49-a88c-fae9f27e5b1a&google_hm=ZDBkMTdiODEtNWQ3Yy00ZDQ5LWE4OGMtZmFlOWYyN2U1...
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEB546xhMSDO5qk3xIYF3aKs&google_cver=1&ssp=adconductor&bsw_param=d0d17b81-5d7c-4d49-a88c-fae9f27e5b1a
  • https://sync.1rx.io/usersync/bidswitch/d0d17b81-5d7c-4d49-a88c-fae9f27e5b1a?gdpr=&gdpr_consent=
  • https://sync.targeting.unrulymedia.com/csync/RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003
  • https://rtb.gumgum.com/usersync?b=rhy&i=RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=rhy&i=RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=rhy&i=RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003
date
Wed, 09 Feb 2022 14:11:56 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX99bdd869c3974db0a0369dfcfc2e8b53003
content-type
text/html
usersync
rtb.gumgum.com/ Frame A417
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://rtb.gumgum.com/usersync?b=pln&i=ZH87nswUQhsX&ev=1&pid=558355
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=pln&i=ZH87nswUQhsX&ev=1&pid=558355
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
de-DE
location
https://rtb.gumgum.com/usersync?b=pln&i=ZH87nswUQhsX&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-56659f45bd-p974l
expires
-1
sync
ssbsync.smartadserver.com/api/ Frame A417 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.119 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-length
0
sync
ads.servenobid.com/ Frame A417 		0
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=309&uid=e_5b835ba8-ad58-4ee0-8c82-581cc08b0b31
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.171.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-171-24.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
usersync
rtb.gumgum.com/ Frame D83D
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://rtb.gumgum.com/usersync?b=mmh&i=eb786203-cbac-4700-81c2-dfd4351e1f3a&gdpr=0&gdpr_consent=
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=mmh&i=eb786203-cbac-4700-81c2-dfd4351e1f3a&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Wed, 09 Feb 2022 14:11:56 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Access-Control-Allow-Origin
*
Server
MT3 4133 baa842e master cdg-pixel-x5 config:1.0.0
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://rtb.gumgum.com/usersync?b=mmh&i=eb786203-cbac-4700-81c2-dfd4351e1f3a&gdpr=0&gdpr_consent=
Expires
Wed, 09 Feb 2022 14:11:55 GMT
usersync
rtb.gumgum.com/ Frame 0679
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YgPLrAAE8cj5vQBH
  • https://rtb.gumgum.com/usersync?b=atm&i=YgPLrAAE8cj5vQBH&gdpr=0&gdpr_consent=&_test=YgPLrAAE8cj5vQBH
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=atm&i=YgPLrAAE8cj5vQBH&gdpr=0&gdpr_consent=&_test=YgPLrAAE8cj5vQBH
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

server
Varnish
retry-after
0
location
https://rtb.gumgum.com/usersync?b=atm&i=YgPLrAAE8cj5vQBH&gdpr=0&gdpr_consent=&_test=YgPLrAAE8cj5vQBH
accept-ranges
bytes
date
Wed, 09 Feb 2022 14:11:56 GMT
via
1.1 varnish
x-served-by
cache-hhn4070-HHN
x-cache
HIT
x-cache-hits
0
x-timer
S1644415916.459212,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
pixel
cm.g.doubleclick.net/ Frame 3F2D 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV81YjgzNWJhOC1hZDU4LTRlZTAtOGM4Mi01ODFjYzA4YjBiMzE=&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

content-type
image/png
date
Wed, 09 Feb 2022 14:11:56 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
server
HTTP server (unknown)
content-length
170
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 128A 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-254.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

last-modified
Tue, 01 Feb 2022 06:38:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5549
content-type
text/html; charset=UTF-8
cache-control
max-age=76709
expires
Thu, 10 Feb 2022 11:30:25 GMT
date
Wed, 09 Feb 2022 14:11:56 GMT
vary
Accept-Encoding
/
ssc-cms.33across.com/ps/ Frame FF4A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip22.67-202-105.static.steadfastdns.net
Software
33XP005 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

x-33x-status
2000208
server
33XP005
date
Wed, 09 Feb 2022 14:11:55 GMT
usersync
rtb.gumgum.com/ Frame 55E4
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=ttd&i=3dc5b69b-558e-43ae-8659-881514f206a4&t=1647007916
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=ttd&i=3dc5b69b-558e-43ae-8659-881514f206a4&t=1647007916
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-type
text/html
content-length
209
location
https://rtb.gumgum.com/usersync?b=ttd&i=3dc5b69b-558e-43ae-8659-881514f206a4&t=1647007916
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usync.html
eus.rubiconproject.com/ Frame 2D75
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"40014-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 09 Feb 2022 14:11:56 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

server
AkamaiGHost
content-length
0
location
https://eus.rubiconproject.com/usync.html?p=gumgum
date
Wed, 09 Feb 2022 14:11:56 GMT
access-control-allow-credentials
true
access-control-allow-origin
*
um
cs.emxdgt.com/ Frame 1E91 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

content-type
text/html
date
Wed, 09 Feb 2022 14:11:55 GMT
content-length
0
usersync
rtb.gumgum.com/ Frame 767D
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=YgPLrMCo5ssAAMbdHC4AAAAA
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=YgPLrMCo5ssAAMbdHC4AAAAA
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 09 Feb 2022 14:11:57 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Server
nginx
Date
Wed, 09 Feb 2022 14:11:56 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
private
Location
https://rtb.gumgum.com/usersync?b=sus&i=YgPLrMCo5ssAAMbdHC4AAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time
3
X-SO-HostName
m-ad105.dc4p.scaleout.jp
X-SO-LB-Hostname
a-tgng40007.dc2p.scaleout.jp
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":15,"gdpr":true,"ipv4":"0.0.0.0","key":"YgPLrMCo5ssAAMbdHC4AAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad105"}
X-SO-Key
YgPLrMCo5ssAAMbdHC4AAAAA
X-SO-IP
217.114.215.131
X-SO-Cluster-ID
15
X-SO-Upstream-ID
m-ad105
usersync
rtb.gumgum.com/ Frame 2D79
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1
  • https://rtb.gumgum.com/usersync?b=rth&i=eOadS4F5XcHq0OsdYUQn&pi=gumgum&tc=1
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=eOadS4F5XcHq0OsdYUQn&pi=gumgum&tc=1
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Wed, 09 Feb 2022 14:11:56 GMT Wed, 09 Feb 2022 14:11:56 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=eOadS4F5XcHq0OsdYUQn&pi=gumgum&tc=1
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-length
0
pixel
cm.g.doubleclick.net/ Frame 0F4C 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YgPLrL_fAsmnLL_kbUmZKgAABGEAAAAB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 0F4C
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YgPLrL_fAsmnLL_kbUmZKgAABGEAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YgPLrL_fAsmnLL_kbUmZKgAABGEAAAAB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YgPLrL_fAsmnLL_kbUmZKgAABGEAAAAB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
24DHB5H8TG7T2EE2S2BP
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
YCXZE32D7PX2XBG4ZS6G
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YgPLrL_fAsmnLL_kbUmZKgAABGEAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 0F4C 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame 0F4C
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YgPLrL-fAsmnLL-kbUmZKgAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIDecMpZu3qK799A0bN9V50&google_cver=1&gdpr=1
43 B
999 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIDecMpZu3qK799A0bN9V50&google_cver=1&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 09 Feb 2022 14:11:56 GMT

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIDecMpZu3qK799A0bN9V50&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 0F4C
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=7f0d6203-cbac-4700-97a8-2920106b56b3&gdpr=1&gdpr_consent=
43 B
1008 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=7f0d6203-cbac-4700-97a8-2920106b56b3&gdpr=1&gdpr_consent=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 09 Feb 2022 14:11:56 GMT

Redirect headers

Date
Wed, 09 Feb 2022 14:11:56 GMT
Server
MT3 4133 baa842e master cdg-pixel-x6 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=7f0d6203-cbac-4700-97a8-2920106b56b3&gdpr=1&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 09 Feb 2022 14:11:55 GMT
tpid=YgPLrL-fAsmnLL-kbUmZKgAA%261121
bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/ Frame 0F4C
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YgPLrL-fAsmnLL-kbUmZKgAA%261121?gdpr_consent=&us_privacy=&gdpr=1
  • https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YgPLrL-fAsmnLL-kbUmZKgAA%261121?gdpr_consent=&us_privacy=&gdpr=1
49 B
737 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YgPLrL-fAsmnLL-kbUmZKgAA%261121?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Server
34.249.68.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-68-36.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.0.206
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YgPLrL-fAsmnLL-kbUmZKgAA%261121?gdpr_consent=&us_privacy=&gdpr=1
cache-control
no-cache
x-server
10.45.30.12
content-length
0
expires
0
match
c1.adform.net/serving/cookie/ Frame 0F4C 		0
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c1.adform.net/serving/cookie/match?party=29&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
rum
dsum-sec.casalemedia.com/ Frame 0F4C
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=68&gdpr=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=BMvGbcWVTip-sIHYv3hjhNly14M
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=BMvGbcWVTip-sIHYv3hjhNly14M
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:56 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 09 Feb 2022 14:11:56 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=BMvGbcWVTip-sIHYv3hjhNly14M
Date
Wed, 09 Feb 2022 14:11:56 GMT
Connection
keep-alive
Content-Length
122
Content-Type
text/html; charset=utf-8
sync
ads.servenobid.com/ Frame 0F4C 		0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=333&uid=YgPLrL_fAsmnLL_kbUmZKgAABGEAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.171.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-171-24.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
sync
ads.servenobid.com/ Frame 0FB2 		0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=317&uid=2952271729695560553&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.171.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-171-24.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
/
rtb-csync.smartadserver.com/redir/ Frame 0FB2
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=B8dLEVKXGkEcwk8WCM1WFVPAGEMcl0sSBpM9TJlh
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=B8dLEVKXGkEcwk8WCM1WFVPAGEMcl0sSBpM9TJlh
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.137.133 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=B8dLEVKXGkEcwk8WCM1WFVPAGEMcl0sSBpM9TJlh
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
/
s.ad.smaato.net/c/ Frame 0FB2 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.ad.smaato.net/c/?adExInit=sas&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D133%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:bc00:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
via
1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront)
server
CloudFront
cache-control
no-cache, must-revalidate
x-amz-cf-pop
FRA56-P5
x-amz-cf-id
qSpueO17P8LcL18JDFRRok9Ks9ivc-0AmOJl638VSI0Tr1wEm5UNxw==
x-cache
FunctionGeneratedResponse from cloudfront
/
rtb-csync.smartadserver.com/redir/ Frame 0FB2
Redirect Chain
  • https://gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdp...
  • https://gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdp...
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=69&partneruserid=05030002_6203cbac6030d&gdpr=0&gdpr_consent=
43 B
411 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=69&partneruserid=05030002_6203cbac6030d&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.137.133 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

date
Wed, 09 Feb 2022 14:11:56 GMT
server
nginx
access-control-allow-origin
*
transfer-encoding
chunked
access-control-allow-methods
POST, GET, OPTIONS
p3p
CP="NOI DEV OUR BUS UNI"
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=69&partneruserid=05030002_6203cbac6030d&gdpr=0&gdpr_consent=
cache-control
no-cache
content-type
text/html; charset=UTF-8
access-control-allow-headers
Origin
keep-alive
timeout=10
/
rtb-csync.smartadserver.com/redir/ Frame 0FB2
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=39&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D25%26partneruserid%3D%5BMM_UUID%5D&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=eb786203-cbac-4700-81c2-dfd4351e1f3a&gdpr=0&gdpr_consent=
43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=eb786203-cbac-4700-81c2-dfd4351e1f3a&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.137.133 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Date
Wed, 09 Feb 2022 14:11:56 GMT
Server
MT3 4133 baa842e master cdg-pixel-x9 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=eb786203-cbac-4700-81c2-dfd4351e1f3a&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 09 Feb 2022 14:11:55 GMT
usync.js
eus.rubiconproject.com/ Frame 2D75 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
111b501a94f330364d2803977ca2a9de037297abf7f1c54caa1d9c7c7d955a0a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 09 Feb 2022 14:11:56 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Dec 2021 23:04:16 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=34004
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9703
Expires
Wed, 09 Feb 2022 23:38:40 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 128A 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=77083403&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.82.242.209 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
2017533eb08668b2494a8ac9133ecf9d14a8099d4c7cb5642243feef9494ebef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:55 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sync.php
pixel.rubiconproject.com/exchange/ Frame 2D75 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=KZFMRYQX-1Q-4UC9
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Content-Type
image/gif
match
c1.adform.net/serving/cookie/ Frame 2DBD
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=837E04A6-7CA4-4AF2-900A-6801CAF37AD4
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=837E04A6-7CA4-4AF2-900A-6801CAF37AD4
35 B
476 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=837E04A6-7CA4-4AF2-900A-6801CAF37AD4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Wed, 09 Feb 2022 14:11:57 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

server
nginx
date
Wed, 09 Feb 2022 14:11:57 GMT
content-length
0
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=837E04A6-7CA4-4AF2-900A-6801CAF37AD4
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame 40AA
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YgPLrAAE8cj5vQBH&gdpr=0&gdpr_consent=
1 B
412 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YgPLrAAE8cj5vQBH&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Wed, 09 Feb 2022 09:36:13 GMT
content-type
text/html; charset=utf-8
content-length
1
x-lat
amspug0022:0:463
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
Varnish
retry-after
0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YgPLrAAE8cj5vQBH&gdpr=0&gdpr_consent=
accept-ranges
bytes
date
Wed, 09 Feb 2022 14:11:57 GMT
via
1.1 varnish
x-served-by
cache-hhn4070-HHN
x-cache
HIT
x-cache-hits
0
x-timer
S1644415917.101393,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
Pug
simage2.pubmatic.com/AdServer/ Frame 0857
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:7f0d6203-cbac-4700-97a8-2920106b56b3&gdpr=0&gdpr_consent=
42 B
339 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:7f0d6203-cbac-4700-97a8-2920106b56b3&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Wed, 09 Feb 2022 14:11:56 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
amspug013:0:546
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Date
Wed, 09 Feb 2022 14:11:57 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Access-Control-Allow-Origin
*
Server
MT3 4133 baa842e master cdg-pixel-x8 config:1.0.0
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:7f0d6203-cbac-4700-97a8-2920106b56b3&gdpr=0&gdpr_consent=
Expires
Wed, 09 Feb 2022 14:11:56 GMT
usersync
rtb.gumgum.com/ Frame EE05 		35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=pbm&i=837E04A6-7CA4-4AF2-900A-6801CAF37AD4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.33.153.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-153-210.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Wed, 09 Feb 2022 14:11:57 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 128A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=g34EpnykSvKQCmgByvN61A%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-254.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:57 GMT
content-encoding
gzip
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3de4-5d6ef246ef4cf"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=76708
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5549
expires
Thu, 10 Feb 2022 11:30:25 GMT

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:57 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
420486.gif
idsync.rlcdn.com/ Frame 128A 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/420486.gif?partner_uid=837E04A6-7CA4-4AF2-900A-6801CAF37AD4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:57 GMT
via
1.1 google
alt-svc
clear
content-length
0
SPug
image4.pubmatic.com/AdServer/ Frame 128A
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=7f0d6203-cbac-4700-97a8-2920106b56b3
0
128 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=7f0d6203-cbac-4700-97a8-2920106b56b3
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Wed, 09 Feb 2022 14:11:57 GMT
Server
MT3 4133 baa842e master cdg-pixel-x26 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=7f0d6203-cbac-4700-97a8-2920106b56b3
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 09 Feb 2022 14:11:56 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 128A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=ODM3RTA0QTYtN0NBNC00QUYyLTkwMEEtNjgwMUNBRjM3QUQ0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
342 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:32:44 GMT
cache-control
no-store, no-cache, private
x-lat
amspug0021:0:282
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:57 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 128A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEPBQae4XpZFCJPhmpwA1oeU&google_cver=1
42 B
439 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEPBQae4XpZFCJPhmpwA1oeU&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 09:36:13 GMT
cache-control
no-store, no-cache, private
x-lat
amspug0022:0:467
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:57 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEPBQae4XpZFCJPhmpwA1oeU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame 128A 		43 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.122.14.34 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
22.0e.7a9f.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:57 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Tue, 08 Feb 2022 14:11:57 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 128A
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3dc5b69b-558e-43ae-8659-881514f206a4
42 B
604 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3dc5b69b-558e-43ae-8659-881514f206a4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:56 GMT
cache-control
no-store, no-cache, private
x-lat
amspug018:0:565
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Wed, 09 Feb 2022 14:11:57 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3dc5b69b-558e-43ae-8659-881514f206a4
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
simage2.pubmatic.com/AdServer/ Frame 128A
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7500832049792305899&gdpr=0&gdpr_consent=&us_privacy=
1 B
323 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7500832049792305899&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:55 GMT
cache-control
no-store, no-cache, private
x-lat
amspug009:0:391
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7500832049792305899&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Wed, 09 Feb 2022 14:11:56 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
837E04A6-7CA4-4AF2-900A-6801CAF37AD4
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 128A 		43 B
987 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/837E04A6-7CA4-4AF2-900A-6801CAF37AD4?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3605:29a3:4540:1075:3349 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:57 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
SPug
image4.pubmatic.com/AdServer/ Frame 128A
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=837E04A6-7CA4-4AF2-900A-6801CAF37AD4&redir=true&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-pulLTM1E2uV2sgEqkGgPfbjsGWQqrp0-~A&gdpr=0&gdpr_consent=
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-pulLTM1E2uV2sgEqkGgPfbjsGWQqrp0-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 14:11:55 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-pulLTM1E2uV2sgEqkGgPfbjsGWQqrp0-~A&gdpr=0&gdpr_consent=
date
Wed, 09 Feb 2022 14:11:57 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Pug
image2.pubmatic.com/AdServer/ Frame 128A
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5542501361551038612&gdpr=0&gdpr_consent=
42 B
388 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5542501361551038612&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 10:31:10 GMT
cache-control
no-store, no-cache, private
x-lat
amspug0023:0:405
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:57 GMT
X-Proxy-Origin
217.114.215.131; 217.114.215.131; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
62409f73-2ff5-421a-a1e7-e10da0597c70
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5542501361551038612&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 3A1E 		0
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 09 Feb 2022 14:11:57 GMT
X-Proxy-Origin
217.114.215.131; 217.114.215.131; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
8ffa2ea4-476a-4b81-94fa-34b078e5f3fa
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sync.go.sonobi.com
URL
https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Verdicts & Comments Add Verdict or Comment

175 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| _wpemojiSettings function| advanced_ads_ready object| advanced_ads_ready_queue object| cppVars undefined| $ function| jQuery object| advads_options object| advads number| advadsCfpExpHours number| advadsCfpClickLimit number| advadsCfpBan string| advadsCfpPath string| advadsCfpDomain object| advadsCfpQueue function| advadsCfpAd object| _mNHandle string| medianet_versionId string| medianet_chnm object| medianet_misc function| gtag object| dataLayer object| adsbygoogle string| ajaxurl number| parent_post_id number| cpage function| advanced_ads_check_adblocker object| advanced_ads_responsive number| advanced_ads_resizetimeout number| advanced_ads_cookieexpires number| advanced_ads_browser_width function| advanced_ads_resize_window function| advanced_ads_save_width function| advads_resize_delay function| advanced_ads_get_browser_width object| addComment object| __SVG_SPRITE__ object| ratingPlugin object| Confirm object| notification object| ShPublic function| updateQueryStringParameter function| setCookie function| onlyUnique object| advanced_ads_pro_ajax_object object| advanced_ads_pro object| advads_pro_utils object| Advads_passive_cb_Conditions object| advanced_ads_group_refresh function| Advads_passive_cb_Placement function| Advads_passive_cb_Ad function| Advads_passive_cb_Group function| advads_postscribe object| advads_admin_bar_items object| advads_has_ads object| sb35e function| _0xe17c object| advadsProCfp object| twemoji object| wp object| googletag object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue function| google_process_slots object| google_persistent_state_async function| google_spfd number| google_unique_id object| google_sv_map number| google_lpabyc object| google_tag_manager object| _mN object| _mNSrv function| setup string| _mN_Idf string| _mN_ctrM undefined| _mN_ctr object| mnjs object| hbCMBidxc function| _cR function| _cD object| _mNDetails function| _cmL1Require function| _cmL1Define undefined| _mNE string| google_user_agent_client_hint object| google_tag_data string| GoogleAnalyticsObject function| ga object| bsagpt object| bsaheaderbid function| pbjsChunk object| pbjs object| _pbjsGlobals object| ADAGIO string| nobidVersion object| nobid object| BSAOPTIMIZE_TARGETING object| BSAOPTIMIZE_targeting object| BSAS2S_TARGETING object| BSAS2S_targeting object| BSA_TARGETING object| bsa_targeting object| optimize object| bsas2s function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ object| google_image_requests function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| gaplugins object| gaData object| Criteo object| google_llp object| sas object| apntag object| _ADAGIO string| mantis_uuid object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP object| ONFOCUS object| criteo_syncframe_state object| criteo_pubtag object| criteo_pubtag_prebid_119 object| Criteo_prebid_119 object| advads_passive_ads object| advads_passive_groups object| advads_passive_placements object| advads_placement_tests object| advads_ajax_queries object| advads_js_items object| GoogleGcLKhOms

98 Cookies

Domain/Path Name / Value
.3lift.com/sync Name: sync
Value: CgoIgQIQ_a_O9u0vCgoI4gEQ_a_O9u0vCgoI5gEQ_a_O9u0vCgoIhwIQ_a_O9u0vCgkICRD9r8727S8KCQg6EP2vzvbtLwoJCAsQ_a_O9u0vCgoIjAIQ_a_O9u0vCgoIngIQ_a_O9u0vCgkIXxD9r8727S8=
.mrtnsvr.com/sync Name: userId
Value: ujhh48Nfp
filecr.com/ Name: PHPSESSID
Value: jpe0eprj08iqhhquvnqif1lanc
filecr.com/ Name: advanced_ads_browser_width
Value: 1600
filecr.com/ Name: session_depth
Value: filecr.com%3D1%7C158962444%3D1%7C855267286%3D1
.filecr.com/ Name: _ga
Value: GA1.2.1668403507.1644415912
.filecr.com/ Name: _gid
Value: GA1.2.1293424647.1644415912
.filecr.com/ Name: _gat_gtag_UA_139662474_1
Value: 1
.adnxs.com/ Name: icu
Value: ChgIvahBEAoYASABKAEwqJePkAY4AUABSAEQqJePkAYYAA..
.adnxs.com/ Name: uuid2
Value: 5542501361551038612
.rubiconproject.com/ Name: khaos
Value: KZFMRYQX-1Q-4UC9
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB3Krq5s1T2c2szzH/SUMvpGs1wMD2ZZQDJ2wHsFnqwQFA991A0MApdsANnOER36PY/ggJ3pD4CYm1IAbBVu7i8M0A+VO7RH1E0=
.doubleclick.net/ Name: IDE
Value: AHWqTUnbqfmsroX-3zp0uY96hOF_HWIusSxRM_UTGjmhTbzss-eE952Rtp0S6AFsObI
.filecr.com/ Name: __gads
Value: ID=215b71c10c2b07c1:T=1644415912:S=ALNI_MYoQBx_OLAQgMo3E2D8m8rkGmq2PA
.doubleclick.net/ Name: DSID
Value: NO_DATA
.criteo.com/ Name: uid
Value: c8aa6493-7503-4455-9e3a-23c25d6e1dc0
.filecr.com/ Name: cto_bundle
Value: XExTVV9LYkd0ZXVlVjdXSSUyQnVlblRyT2RoTWc0c1UxaEpROTZHQmZMUHFOVFBwVVAzVnJLaHNabGFVNU1uVXRoUFVnclB4b0ttcDNVSmhxclBEU2JVTjYlMkZDZEpFQWs5QlF4QXNKJTJCZSUyQiUyRlBRa05VVjVXc1Y4d1F6dHlxNWNYJTJGSnozUkdLczN1MHZjT1QlMkY3JTJGSUw3QmNQTWttN3d3JTNEJTNE
.3lift.com/ Name: tluid
Value: 703286103151397499899
.bing.com/ Name: MUID
Value: 33C6D541D2D662CD2EEBC407D3046396
.adsrvr.org/ Name: TDID
Value: 3dc5b69b-558e-43ae-8659-881514f206a4
.yahoo.com/ Name: A3
Value: d=AQABBKzLA2ICEHnzxcBhcaAkwZd8TEsnh-IFEgEBAQEdBWINYgAAAAAA_eMAAA&S=AQAAAhibnZmSGxrtvWQKpJ_pKqY
.servenobid.com/ Name: pid_312
Value: 5542501361551038612
.casalemedia.com/ Name: CMID
Value: YgPLrL-fAsmnLL-kbUmZKgAA
.casalemedia.com/ Name: CMPS
Value: 3192
.lijit.com/ Name: ljt_reader
Value: d430168dee9e42a50a2fea4a
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&ebe1e7da-9529-4302-84da-53f94155ed13"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NDQ0MTU5MTY7MjswMjHOXivRWVFDdTzMAK+oyyklz+SsvsWH3gI7osqohD3dJw==
.linkedin.com/ Name: lidc
Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2186:u=1:x=1:i=1644415916:t=1644502316:v=2:sig=AQElZw0cEAh2BeaGemxo_XoEo7zDCTQ1"
.lijit.com/ Name: _ljtrtb_273657
Value: 273657
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0NjExNTUxMjA2Mjc2MLCwNBTiM9TVDchKSysIzipwzMmX4jU0MzExMTS1NDQzsjAEAK6XLIY0AAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAADslzmtoZmJiYmhqaWhmZGEIADISeREQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0NjExNTUxMjA2Mjc2MLCwNBTiM9TVDchKSysIzipwzMkHAH7_my4lAAAA
.gumgum.com/ Name: vst
Value: e_5b835ba8-ad58-4ee0-8c82-581cc08b0b31
.casalemedia.com/ Name: CMPRO
Value: 1121
.casalemedia.com/ Name: CMST
Value: YgPLrGIDy6wA
.servenobid.com/ Name: pid_310
Value: d430168dee9e42a50a2fea4a
.servenobid.com/ Name: pid_324
Value: 5134455420327300891
.servenobid.com/ Name: pid_337
Value: y-BtTDJm1E2uHJUWNERgk93PJBR0b_Mn8BfjuwL_0-~A
.bidswitch.net/ Name: tuuid
Value: d0d17b81-5d7c-4d49-a88c-fae9f27e5b1a
.bidswitch.net/ Name: c
Value: 1644415916
.bidswitch.net/ Name: tuuid_lu
Value: 1644415916
.smartadserver.com/ Name: pid
Value: 2952271729695560553
.servenobid.com/ Name: pid_309
Value: e_5b835ba8-ad58-4ee0-8c82-581cc08b0b31
.servenobid.com/ Name: pid_333
Value: YgPLrL_fAsmnLL_kbUmZKgAABGEAAAAB
.openx.net/ Name: i
Value: 6a886028-3290-4673-ab47-bb2b0d5909dc|1644415916
.mathtag.com/ Name: uuid
Value: 7f0d6203-cbac-4700-97a8-2920106b56b3
.servenobid.com/ Name: pid_317
Value: 2952271729695560553
.creativecdn.com/ Name: u
Value: eOadS4F5XcHq0OsdYUQn
.creativecdn.com/ Name: ts
Value: 1644415916
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003%22%7D
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YgPLrAAE8cj5vQBH
.360yield.com/ Name: tuuid
Value: b13005cb-94c9-4240-9554-a472469451b5
.360yield.com/ Name: tuuid_lu
Value: 1644415916
.dyntrk.com/ Name: dyn_u
Value: 05030002_6203cbac6030d
.ads.pubmatic.com/ Name: KCCH
Value: YES
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003%22%2C%22nxtrdr%22%3Afalse%7D
.quantserve.com/ Name: d
Value: EHkBDQGzJYir0QA
.quantserve.com/ Name: mc
Value: 6203cbac-74498-7b5ca-b007f
.servenobid.com/ Name: pid_321
Value: RX-99bdd869-c397-4db0-a036-9dfcfc2e8b53-003
.postrelease.com/ Name: opt_out
Value: 1
ads.avct.cloud/ Name: uuid
Value: 6315cdff-e8c8-44b9-8f28-752e853e1730
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: c55e25a366887aacb500013da4169e9a
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmNQSDY1TTUyTTQ2M7OwME9MTE4yNTAwMDROSTQxNLNMtUxkAIIk5tNrQDQUAABNZQqF"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBIYj69BkhBAQAWfQHd"
.a-mo.net/ Name: amuid2
Value: 7245c35b-f216-4d37-ab2a-d9e88c3c0193
.smartadserver.com/ Name: csync
Value: 69:05030002_6203cbac6030d
.zemanta.com/ Name: zuid
Value: QoKWALf6YhXnphF9g6iV
.servenobid.com/ Name: pid_327
Value: 7245c35b-f216-4d37-ab2a-d9e88c3c0193
.technoratimedia.com/ Name: tads_uid
Value: GDPR
.outbrain.com/ Name: obuid
Value: 70116ca4-ad4a-4ae3-9418-e7b3b4f96532
.ipredictive.com/ Name: cu
Value: 3d4a34c1-89b2-11ec-8a96-67f41156c3d5|1644415916710
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-04cbc66d-c595-4e2a-7eb0-81d8bf786384.KgrfjAEtjna9ADSY3%2BmvFlvZX7VOj9MJwZDogsRWmVE
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3ABMvGbcWVTip-sIHYv3hjhNly14M.iFZAffBlMbbHeBnKP016Gd%2B%2BU1YdfFDJV6ayVCBS3XA
.casalemedia.com/ Name: CMRUM3
Value: e66203cbac2760&036203cbac05a0&276203cbac0b40&f16203cbac05a0&7b6203cbac2760BMvGbcWVTip-sIHYv3hjhNly14M&dd6203cbac2760&6f6203cbac05a0&2d6203cbac2760CAESEIDecMpZu3qK799A0bN9V50
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 698166407be93a86
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 837E04A6-7CA4-4AF2-900A-6801CAF37AD4
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: pi
Value: 0:2
.pubmatic.com/ Name: DPSync3
Value: 1645574400%3A201_197%7C1644969600%3A164%7C1644451200%3A174
.pubmatic.com/ Name: SyncRTB3
Value: 1645574400%3A220_21_71_7_13_54_22_3%7C1644969600%3A223_2
.analytics.yahoo.com/ Name: IDSYNC
Value: "196n~2352:18z8~2352"
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIcHVibWF0aWMSCwi-jcyfhfi1OhAFGAEgASgCMgsIvoXPzJv4tToQBTgBWghwdWJtYXRpY2AC
.simpli.fi/ Name: suid
Value: D2ACF721518F468C9B63E27350CCF1D7
.pubmatic.com/ Name: SPugT
Value: 1644415916
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-3dc5b69b-558e-43ae-8659-881514f206a4&KRTB&22918-3dc5b69b-558e-43ae-8659-881514f206a4&KRTB&23031-3dc5b69b-558e-43ae-8659-881514f206a4
.pubmatic.com/ Name: PUBMDCID
Value: 3
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-5542501361551038612&KRTB&23339-5542501361551038612
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEPBQae4XpZFCJPhmpwA1oeU&KRTB&16514-CAESEPBQae4XpZFCJPhmpwA1oeU&KRTB&23025-CAESEPBQae4XpZFCJPhmpwA1oeU
.turn.com/ Name: uid
Value: 7500832049792305899
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-YgPLrAAE8cj5vQBH&KRTB&22978-YgPLrAAE8cj5vQBH&KRTB&23194-YgPLrAAE8cj5vQBH&KRTB&23209-YgPLrAAE8cj5vQBH
.adform.net/ Name: C
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:7f0d6203-cbac-4700-97a8-2920106b56b3&KRTB&16736-uid:7f0d6203-cbac-4700-97a8-2920106b56b3&KRTB&23019-uid:7f0d6203-cbac-4700-97a8-2920106b56b3&KRTB&23208-uid:7f0d6203-cbac-4700-97a8-2920106b56b3
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-7500832049792305899
.pubmatic.com/ Name: PugT
Value: 1644415915
.adform.net/ Name: uid
Value: 341311855659067915
.outbrain.com/ Name: improve_digital
Value: b13005cb-94c9-4240-9554-a472469451b5

9 Console Messages

Source Level URL
Text
network error URL: https://i1.wp.com/filecr.com/wp-content/uploads/2018/12/Scr2_Microsoft-Office_free-download.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://cdn.ampproject.org/rtv/012201141909000/v0/amp-ad-exit-0.1.mjs
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://cdn.ampproject.org/rtv/012201141909000/v0/amp-ad-exit-0.1.mjs
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://cdn.ampproject.org/rtv/012201141909000/v0/amp-ad-exit-0.1.mjs
Message:
Unrecognized feature: 'attribution-reporting'.
network error URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14782640042450149374/null
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://eb2.3lift.com/xuidmid=7976&xuid=ujhh48Nfp&dongle=u6nf
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://id.rlcdn.com/709414.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://c1.adform.net/serving/cookie/match?party=29&gdpr=1
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://idsync.rlcdn.com/420486.gif?partner_uid=837E04A6-7CA4-4AF2-900A-6801CAF37AD4
Message:
Failed to load resource: the server responded with a status of 451 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2cb0187cd3d20e6650642c04dbdfecbc.safeframe.googlesyndication.com
455beac1592b3ea97440f892c734097e.safeframe.googlesyndication.com
7df9b2a3865eed8f4b5a96cd199cdd0a.safeframe.googlesyndication.com
acdn.adnxs.com
ad.360yield.com
ad.mrtnsvr.com
ad.turn.com
ads.avct.cloud
ads.pubmatic.com
ads.servenobid.com
ads.yahoo.com
adservice.google.com
adservice.google.de
b1sync.zemanta.com
bcp.crwdcntrl.net
bh.contextweb.com
bidder.criteo.com
btlr.sharethrough.com
c.bing.com
c1.adform.net
c2shb.ssp.yahoo.com
cdn.ampproject.org
cdn4.buysellads.net
cdnjs.cloudflare.com
ce.lijit.com
cm.g.doubleclick.net
contextual.media.net
creativecdn.com
cs.emxdgt.com
cvision.media.net
dsum-sec.casalemedia.com
eb2.3lift.com
ecs.mantisadnetwork.com
eus.rubiconproject.com
fastlane.rubiconproject.com
filecr.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
googleads.g.doubleclick.net
gu.dyntrk.com
gum.criteo.com
hb-api.omnitagjs.com
hblg.media.net
i0.wp.com
i1.wp.com
i3.wp.com
ib.adnxs.com
ice.360yield.com
id.rlcdn.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
jadserve.postrelease.com
lg3.media.net
mantodea.mantisadnetwork.com
match.adsrvr.org
match.deepintent.com
mp.4dex.io
mug.criteo.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.33across.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.yabidos.com
pr-bh.ybp.yahoo.com
pre.glotgrx.com
prebid.a-mo.net
public.servenobid.com
px.ads.linkedin.com
res-a.akamaihd.net
rtb-csync.smartadserver.com
rtb.gumgum.com
s.ad.smaato.net
s.amazon-adsystem.com
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.criteo.net
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
tg.socdm.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
webcrx.io
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
sync.go.sonobi.com
104.102.28.254
104.16.200.58
104.89.20.125
104.90.192.27
129.159.70.95
13.248.245.213
135.125.160.77
142.250.181.226
142.250.185.66
147.75.61.140
151.101.65.108
151.101.66.49
159.122.14.34
178.250.0.165
178.250.2.146
18.184.27.79
18.195.155.181
185.184.8.65
185.255.84.151
185.29.134.248
185.64.189.110
185.86.137.133
185.86.138.119
192.0.77.2
192.82.242.209
193.0.160.128
198.148.27.140
198.47.127.20
2.18.234.21
2001:678:cb4:bbbb::11
202.241.208.57
209.54.176.128
213.19.147.44
23.37.42.132
2600:9000:223f:bc00:1b:5138:8a40:93a1
2602:803:c004:200::141
2606:4700:20::681a:9a9
2606:4700:3035::6815:5fcf
2606:4700:3035::ac43:8bfc
2606:4700::6810:135e
2606:4700::6810:79c3
2606:4700::6812:372
2620:116:800d:21:3175:5196:e3fd:8c1d
2620:1ec:21::14
2620:1ec:bdf::69
2620:1ec:c11::200
2a00:1288:80:800::7000
2a00:1450:4001:801::2001
2a00:1450:4001:803::2003
2a00:1450:4001:809::2003
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2001
2a00:1450:4001:812::2002
2a00:1450:4001:813::2002
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::2008
2a00:1450:4001:831::200a
2a02:2638::1c
2a02:2638::3
2a05:d018:d29:3605:29a3:4540:1075:3349
3.122.48.254
3.126.56.137
3.210.4.50
3.215.6.188
3.33.220.150
34.102.163.6
34.249.68.36
35.157.246.167
35.244.159.8
35.244.174.68
37.157.4.24
37.252.172.250
37.252.173.62
38.91.45.7
44.193.191.16
51.89.9.252
52.29.163.83
54.171.171.24
54.229.65.185
54.80.147.122
63.33.153.210
63.34.220.234
67.202.105.22
69.173.144.139
69.173.144.165
70.42.32.255
70.42.32.31
72.251.249.9
92.122.253.103
92.123.194.171
94.31.29.32
00f5600e279f46be47b806dda5d37c2f65387fa387cedd6ef312425cb64233f0
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0409cfba90dfd7ff958a88042d055afeaedf7112245f7dfa204f4e1d605328a9
0436e40135c028fe26cf6b445cd2ef5a55cac747ca1abdfd4a5dd61293995871
048e8dd1bb8045173d95c8ed8a14b44d8d17e5b282e9fb68e5c39e7d8173ad57
04e15c27c7c1e344842fec61d78bfb338739501f6d293a013d57a808efcc3674
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05a29beffdaaa41e78204f55ac02bd1d4cb9ca4dd4314b9828f8ae2860acfdd9
05c212f90103f69a4500957f49c6a92f82f755e0c08188eb4ecbe243d03bd7fb
05ed7424c6f3c3d2aec5dfe7fa92e5f617afe58a01666c1c584d342a8b57a0e7
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
0b4966d0d0a38f56595d4f8f59e77deba826ffb2c9b349605d51da270130d196
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e3c892d9c4f52eca2918b1a64f4461a6419d2116003dd1c159c3b853d5ece26
0e88ad62ff0a0c72ef67e1daf40764b12861d27f3c7d1ddce8e7124d69621d59
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
111b501a94f330364d2803977ca2a9de037297abf7f1c54caa1d9c7c7d955a0a
11cd1e1d49bf0a95c35aeb868dd4673260a225078ed2e054ed0fa6a8cb64e99e
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
15e116457c9d49a0e37d9128e98dd0da56c3413408aeb2e49903e490e98fc7c7
16553536fa5e09022114e37fc0bf9e6ce9ec34db09d318c5ca6dab518d6c294d
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1940c2b95746fe210c43f83faefcde96815d5b8f0bbc18a25a0325eafdf2bfcf
19fc68709c711efb3ff32e46a0bd996def8d1b9a281391604f6552ab84269a0f
1a41c5e9b082e36f905dac595fd7455bea77ddb041fa520320ada039522e55ec
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
2017533eb08668b2494a8ac9133ecf9d14a8099d4c7cb5642243feef9494ebef
2562ebc6f767168ba073c9496eddd7f73b8d98815c9eeef5dc6a5916fc145843
25b496003bedfabd2cf715329e2601f329ab5fc39ec66418684ae58e33439fc2
27e38fedb186b0323211ba77ee9c6af43c38393269510c66d382f213e5645913
2820e0f543336a49b91e4bec33afc93b91859545d769c46b754948a5605993d3
2a0871fd53f2a0dd8aa6c9b4992ef79173a92abd3e3eb50d735f387a5480fe02
2a83dd2082bc166c1b856a4b735fcea5748988836d02955621939a322a4c919b
2a9336e9fbbd930bfab70480566b4d5994443884702ad0a10bcf99b8ffdb8242
2b139d2871e745eeca0ed22ce994df828a96faefe86aa5e47d06c58184845445
2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
2cf0d2564f162230fdc845a7a56be4a41d5846bf8443af42e367722f6889548e
2ef0d9f83f7f5b72983e8ed62e57c73d69fe9cba93dee7eb13284d861998a086
2f1779d6d7ce15adeb7dff619526eae00fadb9dfdd48de710c9c53af10980bf8
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
308c252b2381b887baf74268990c582643dbdaad9e9b332d158112745e2c65ea
316a463ff3007c65270f47e394db74792e475cae2f9112e2452fd13138949d4d
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
33cc054c266a27f4195cc81fab4db7bac939a95f4575d0ad1368d727f9343cef
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
37517faf41bdf9781fae236c13b3d855c3f4b233f2adf8e2f96b4f180f3304ee
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
3a7b5f2e7e3fd51102d05b2706291210864e7890361d932311a18048073374ae
3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d
3abf391b0c5e5b90d6233e99d35a7ff487b9ee71b2a6268fdfcc935e866b4eea
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3dbfe6eda0abf69eb1901f4696d5daf4e276cb6dd8c30dfaa26b724b60251635
3e4609b61e3f7b1135d9d5dac5113fdeccf8085478d37cea8ea11cf63034e8af
3fad63993e27fa3f20b4baf898d11e54029341a25af2e759acc5d41ae4a595b0
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
43c954a67d73e58ef9fe154eb00c8b00439b7c77cb802330c206aadf48e96232
47168af81d6da682065294d09fdd18596989831eee323959ac7d0646f7746a12
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4cf0498d6f16d928751dae8b235dab5e250f65d561f43e2dc20d982efac6016f
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eee65a7b95b6676193505c54970fa321715fe8242c0c4e9db48dfb364cd3810
4eee9ceba58ea79ddb4c7e10ea8c3f63e4333e7be47e211cf59573c437080f86
4ef36a3cc70bb8b63e873bfd3d1a7e97794443161f38851c42bb51879391c49c
521a8eaf8c4a2ba9501acfdf35b7d1ebb4bbb4c7aca2d4ee43e01984d73991e5
53c9feea97fea966c734faafd720ace56546a27de93d2f723d2baffe6423a784
5485f26ab06c1fce2ee3052c66c714f1ef809de09c5fab4beaab74e7b382a094
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
574f5dc48c403fa7ede2cb0e9bcbc979c2cdf658c2268a4744140f5f174d3e93
593b563b15611d204f37f9963cfa48ed7ca209c4fbc7fd95c003b592395df3f2
593ebc50af967aed389190da039e98318c661c139e628260d7f28bdc0612c195
5a1e1ea4371d2ed657a43e16e36e1f3dc272d51711d5af9c80fec27663333413
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
60b6fb70c39877b90333526914dbc0d47052cd8c4c298c421aaee2f9d6b48bcc
60e8edb3c655059623f3a9b8d086368041c1d952d888c1ad5ac35753f1b94a71
6190cf08a97e8709e462d81f4c015ac058ebf5e887e96f8b6a1eceea22fde083
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
640db15304644891aaffe41635de72be1d4a8f479cc124e539169799798129d8
64cb9b870e594ab768f91fe6fa039119c4cdfd119998f33a5409f51e6f5fce33
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
6823285eb46b5b3f5c60cedb96d66a4d18bdc335096705d9f9c72aa681ddab5a
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e94b9af245d6e2d303ec4062011112e995a9744f6c73b9e437ebd8afd3a8097
710bcff389c698d3e9ec0c60b1bc2c4327accaa53a6bb2ec644f7d56937a3e53
7447c1664f6a06328cd895a4914acad40ad47827ebe00becbd570138ff7e785c
74cb2c29739ccfc2a6e21e9f2bbc924174e20ec375f9b8e10727567e1948cac2
75308b2efe76fc8e98d623d0ade7ab164b8bfebfe00d1fc36687a0f50109f263
76c3b43718fecbd717477416d09dcfcdac837d6889de4f9fa62047ef97bdadf2
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7a31b0310331c8959b07a0fffd3bcbc1d7b67100ad78576323a5a0136146a080
7ad41489fea53c41286c8548a22aeabc91438558b2fbc10866d8b56321ad114f
7b6fef0a63424245b31b293b1a3bfd074c9da482e28fb9e920e1cf306e54e8a2
7c4037984cb7225ae934a56d854582d4bfe9df0dbb7c6cff4b0a6b5634c92710
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80d9e873e047105023e86119996fc2346c276f6da26ffdb95b8e45a716fd8f73
814eaa5fd7c8d187181cda7c49dcc436c92c4c488001691a82ef0ca39e557d3d
831c3bd125008785517c19607d3eed74ec7e2c53fbd6f0a9b5c699b260693a42
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83975a92e1d180217901257877a34a5873823b84a0125a8d5c30840235c90cea
84e2210a9c51f7275f819006ec4fa311f65d09dfa1fc14b1114dc4f2de9dad91
8607fa9b7b52dff2039919eeef6ef94700fe031c7eb7ae30fab07da7abab6096
8852dc4007339811b06753da707b4815bb8f2abb9e46eb84a7d6a77949638bed
88ba056dab5eb95d96dd6a3f8e11dffcbaa6ddc79a820bf1eedcdf8e0587e54c
89e267039d32f778ee14f762d623290ef56cc3965c0d8843a9f81d5748322d72
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8af0b5fd87f0cf0c57915fb6094244ca5c108f21c063fd6917ee809259ae3a97
8b568004a6d186b5352175251ec982a17a1398eca5b54c5a51dd88378d7d19ef
8c0f68521164f23c0904aab164a40ec6a4d6bc247b438c2bc563490e7e290164
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
908c1604fe10d787ed9faf792055aa2a209bfbe1b81a5eee1f94e99be3024dbd
9242bb9fa3a266b0b66c10d95bbbc5d8f9abd8b5b52326e8f0c51a7a350822d4
93bb566051f9f593daa37a036a4d9c8d64c82394911c0aa519f81f654d44b9bd
95c245d493b2e08268f7e3bee46b2b2bea5b01a52dd1ad103f7f56ccb71de7f4
97f7bc0dd1c363e132556d8046841da9919b71a0e4763c577c4d1a2e9d31870b
998c8df172348a7eed85d2d7a25cca359d1cb5a8482e8b20c06699158ee3ecbe
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9cdfe09791d2560f2b183c76ff6504e28187ba36ffd71f90edb919391c98a88b
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a39e436b69eeed0b08824724d781eddb472b888f10db05bed1aa33148c0f1d7a
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b
a6eccff95004d261e87dc2aec5d3a1197c9bdc9c57014a5bdf9611f8fc4798d0
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a765eda49b6830c9999ee1edc81985ae522b4202ea4e7a9c2e0a765055260fcd
a78eff31bbb35c545c9dfbb14706f65c71f63c56bf2c5bd4fd084e7d67fd89d7
a79a5f0cc3f8ccdf2355f8af3f8351e26ca4a2af5254fa5203d7f2346b6fe28e
a7d040d5e84706dac2d471ad33830bd0ae361ca06e53e72e817701478c6d5afa
a83b1f3e821e72ac43110a8762ab91f070fca6c426c95e30c845b6c894f8848f
a969b6aad84c69a5a60aa38b1dc211818c0b713f020ae274424e7546c4169501
a99d9a63bc96ec98b7e05f106603236b4d6f5b53bd9d4ebabb25543047b35bef
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
aded5bc07bb3385f03851037ef55a4a235f25c24d2c6ee355b853f8898888264
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1ca8eaaa7e11adb1cd65c08e41c517d16479eb7294ca1a10653b87bfb7eb31a
b322b7014ac6581816262893648d6f31d242a5466e3c1268a2d4363471b424b1
b7f6b382321b107a47d93df38d0dae0c1bfa3488df9125d5c555498200f9b024
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbfd30e5fd2bd475d319b5b55ab61469966d1517b703f9bd830a6f3207387c27
bc037f53507ee9ef7b334b632b85b88a4ed22128458f100200289626f159d67a
bd36f905d2f4f9292d8ec4b5d66ada038c4807c0c30469cb54b667604c046a2c
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
be1fd50f867c52b5d4434babd426c2eb2079b0466a8a8f225ccb6f4f27649506
be5f701f37218795787c585bdac8050f748447d710da0bdf08a22f15ee7b119e
bf5f18f944db8fa2ac4107a89632f8f022503d0b9a98193571d167e393cbee4d
c047e10603da7c1f49ccbbc77511e61bdee37c847a5676cb6aebf38b17659618
c0fdd593eb3700cd3708e4cc12533cde6fde3de1896f85a65dab71bb1f909042
c1ffc9ca7657f3d655db7b79eb1e7316e4d23aab2df01606d8ce022385e4b985
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
cb696ecd7c4f31fdd7c7c1cc37e8efc29614fbcbadf74f455aa496d72ce33250
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cc83fe6d180fd859f448bacd040799bf379ee7e0d9b1e6c3f19499c1c4358864
ccfb13f080c34a055931e40ffe53d5821ea75abca78e9e22863f862134e5fb28
cd25d0887a9c23a9f44008a168cf5f6aa971bddea9cc3605c5fe088d7182ef5f
cdf0b0f2c5cef0e09f6cc68cb1a183831eba5c571627b3862c0d959de0350678
cecd27ce9737114e23fa8dda3be3041f7c36cdafd31822d2e5bae793669bd13f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d4c706658c1948524e1c3646cc75a43fd6555c6277d2b6621c145357c6273265
d6b53be4a70b8548138a6bdb8e2667fb5df6b36cd28f35069b64c9c2420bb05d
d8ade0d94aaf4b3d52776b75609e8d1c31995677a0a033a6fa2408425da07740
daa5a6bcff74bacdf2a5fa2fac05b4e3c879fa142901ae6c2dad103bb700a727
dac0248a66cdd0aaf50bdcbbe7a84c8786782b9734f45677646ae70986038d0b
dbfcc6490f64e44df4da2b366c50e819abc68cacdfcd81f8ec7f91c7ab35ff27
dc6e380f29dd967244b416ac3dffc7fcc345113af9b7a51337bd0eef22f32154
dee8e4b188600f82edb8b4c969ccca041e02911cfcd64cc0b9cd56d40e8c0ed0
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
dfda93858277d6cdba6173939ca05b3c431c37df11728a946994d80e8e64464c
e0304d9017fa7616d43ccbfd0b53758d9d7a6a9c9e4b5b5bb3ba652cd52608e6
e0a340168a7bd755ec03f037b0890a5963c7d4e01a371f818828de8e009bf818
e2b0c644e90d90d54a55d3c7dd7dde3f8897a92f18ee6d69d74d5cab0167405e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e60ebb7a34b9e7d06c9c4ddf4a44eb523b03f2826b34159f04a86996625c0a21
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ea29de07cdb14f2c6c59c06fdcd4ec30c2030b3ba8ee6a0aa325085496b9a94d
eb2308287201b92392dfb22f6980474a593b8310671e0d63f153af7df558be28
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
eeae3180f8c5e000c5ef19da57300c1df918605832d66f8aa62c117e8ef5f50e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef1c3b9dcf4ade8c6f0da3988c3e88b0d857ef18c25ada1d1663d8ec87385944
f2e21b59f04dcd1ab74e6f792bb25667313596b635cf575362c8c86d58463a92
f312a20c6132b5c1b0ea46ee9d034b4ad198ceefbcf46b8e22672d4604182da5
f47d2a73043063e5fc170a76db30e5d1a71f3ed193d1313c3f51c757167a96c1
f5e7774065ee8135f58232b24b00c0e458a85bab2602ab8b576c0d7e99c5cd83
f5ef63bcd883c3e6ecca9a17785b10ee897b51aec76328706887ceb220742d71
f903b0e68ac1cb80ad56c6da32fa545314baa698fb8f2e6a65b8e33fca427d96
f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b
fa5d2912bec294d33c9dc4be4a00a9a5f4ac993049a935f4535ae687e3b08d0b
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
fd8748fa72d75a8bf30df88eb29b37837a46a38318cd0b21a649d16aad82cbbc