urlscan.io logo urlscan.io
SecurityTrails logo

ultrasurf.ru.malavida.com
2a02:26f0:ab00::5c7a:d721  Public Scan Open in urlscan Pro

Go To Rescan Add Verdict Report
Submitted URL: http://ultrasurf.ru.malavida.com/ 3mo old
Effective URL: https://ultrasurf.ru.malavida.com/windows/ 3mo old
Submission: On January 21 via api from US — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 32 IPs in 6 countries across 16 domains to perform 159 HTTP transactions. The main IP is 2a02:26f0:ab00::5c7a:d721, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1 Akamai International B.V., NL. The main domain is ultrasurf.ru.malavida.com. 3mo old
TLS certificate: Issued by DigiCert Global G3 TLS ECC SHA384 202... on May 20th 2025. Valid for: 1yr.
This is the only time ultrasurf.ru.malavida.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 2a02:26f0:ab0... 20940 (AKAMAI-AS...)
2 2600:9000:28e... 16509 (AMAZON-02)
5 142.250.184.194 15169 (GOOGLE)
36 2a02:26f0:c90... 20940 (AKAMAI-AS...)
3 2a00:1450:400... 15169 (GOOGLE)
2 3.174.46.44 16509 (AMAZON-02)
2 6 142.251.208.2 15169 (GOOGLE)
1 2a02:2638:3::28 44788 (ASN-CRITE...)
4 142.251.141.97 15169 (GOOGLE)
4 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2 2a02:2638:3::d 44788 (ASN-CRITE...)
4 216.58.206.66 15169 (GOOGLE)
1 178.250.1.12 44788 (ASN-CRITE...)
10 2.17.100.203 20940 (AKAMAI-AS...)
3 2a00:1450:400... 15169 (GOOGLE)
2 142.251.141.66 15169 (GOOGLE)
23 216.58.206.34 15169 (GOOGLE)
13 172.67.74.129 13335 (CLOUDFLAR...)
8 2a00:1450:400... 15169 (GOOGLE)
1 142.251.141.132 15169 (GOOGLE)
3 5 104.18.27.193 13335 (CLOUDFLAR...)
2 142.250.185.194 15169 (GOOGLE)
11 35.214.168.80 15169 (GOOGLE)
4 34.111.60.239 396982 (GOOGLE-CL...)
1 172.217.18.6 15169 (GOOGLE)
2 216.58.206.65 15169 (GOOGLE)
2 34.111.133.51 396982 (GOOGLE-CL...)
1 23.197.133.195 16625 (AKAMAI-AS)
1 91.121.248.44 16276 (OVH OVH SAS)
159 32
2    2a02:26f0:ab00::5c7a:d721 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
ultrasurf.ru.malavida.com 3mo old
2    2600:9000:28eb:4e00:5:b7cc:d3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
sdk.privacy-center.org 8yr old
5    142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net
securepubads.g.doubleclick.net 9yr old
36    2a02:26f0:c900:b::5f65:4a0d (Schiphol, Netherlands)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
static.malavida.com 9yr old
imag.malavida.com 9yr old
www.malavida.com 9yr old
3    2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com 56yr old
2    3.174.46.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-174-46-44.fra60.r.cloudfront.net
sdk.privacy-center.org 8yr old
6    142.251.208.2 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-bp-in-f2.1e100.net
cm.g.doubleclick.net 9yr old
1    2a02:2638:3::28 (France)

ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR)
static.criteo.net 13yr old
4    142.251.141.97 (United States)

ASN15169 (GOOGLE, US)
PTR: tzfraa-ai-in-f1.1e100.net
08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com 3mo old
4    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com 4yr old
2    2a00:1450:400c:c0d::9a (Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net 56yr old
2    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.ch 9yr old
2    2a02:2638:3::d (France)

ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR)
gum.criteo.com 9yr old
4    216.58.206.66 (United States)

ASN15169 (GOOGLE, US)
PTR: tzfraa-aa-in-f2.1e100.net
ep1.adtrafficquality.google 2yr old
1    178.250.1.12 (France)

ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR)
mug.criteo.com 8yr old
10    2.17.100.203 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a2-17-100-203.deploy.static.akamaitechnologies.com
static.malavida.com 9yr old
3    2a00:1450:4001:81d::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ep2.adtrafficquality.google 2yr old
2    142.251.141.66 (United States)

ASN15169 (GOOGLE, US)
PTR: tzfraa-ar-in-f2.1e100.net
googleads.g.doubleclick.net 56yr old
23    216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f2.1e100.net
pagead2.googlesyndication.com 9yr old
13    172.67.74.129 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)
ad4m.at 9yr old
rs.ad4m.at 2yr old
as.ad4m.at 5yr old
assets.ad4m.at 7yr old
8    2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com 13yr old
1    142.251.141.132 (United States)

ASN15169 (GOOGLE, US)
PTR: tzfraa-aj-in-f4.1e100.net
www.google.com 56yr old
5    104.18.27.193 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com 12yr old
2    142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
securepubads.g.doubleclick.net 9yr old
11    35.214.168.80 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 80.168.214.35.bc.googleusercontent.com
trace-eu.mediago.io 5yr old
gtrace.mediago.io 2yr old
4    34.111.60.239 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 239.60.111.34.bc.googleusercontent.com
images.mediago.io 3yr old
1    172.217.18.6 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f6.1e100.net
ad.doubleclick.net 9yr old
2    216.58.206.65 (United States)

ASN15169 (GOOGLE, US)
PTR: tzfraa-aa-in-f1.1e100.net
ep2.adtrafficquality.google 2yr old
2    34.111.133.51 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 51.133.111.34.bc.googleusercontent.com
cdn.mediago.io 6yr old
1    23.197.133.195 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-133-195.deploy.static.akamaitechnologies.com
www.awin1.com 13yr old
1    91.121.248.44 (France)

ASN16276 (OVH OVH SAS, FR)
PTR: ip44.ip-91-121-248.eu
pv.medialead.de 6yr old
Apex Domain
Subdomains		 Transfer
48 malavida.com
ultrasurf.ru.malavida.com 3mo old
static.malavida.com — Cisco Umbrella Rank: 764717 9yr old
imag.malavida.com — Cisco Umbrella Rank: 586326 9yr old
www.malavida.com — Cisco Umbrella Rank: 614623 9yr old
159 KB
35 googlesyndication.com
08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com 3mo old
pagead2.googlesyndication.com — Cisco Umbrella Rank: 164 9yr old
tpc.googlesyndication.com — Cisco Umbrella Rank: 238 13yr old
156 KB
18 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 302 9yr old
cm.g.doubleclick.net — Cisco Umbrella Rank: 333 9yr old
stats.g.doubleclick.net — Cisco Umbrella Rank: 261 56yr old
googleads.g.doubleclick.net — Cisco Umbrella Rank: 70 56yr old
ad.doubleclick.net — Cisco Umbrella Rank: 211 9yr old
308 KB
17 mediago.io
trace-eu.mediago.io — Cisco Umbrella Rank: 12040 5yr old
images.mediago.io — Cisco Umbrella Rank: 7214 3yr old
cdn.mediago.io — Cisco Umbrella Rank: 8717 6yr old
gtrace.mediago.io — Cisco Umbrella Rank: 2603 2yr old
21 KB
13 ad4m.at
ad4m.at — Cisco Umbrella Rank: 15665 9yr old
rs.ad4m.at — Cisco Umbrella Rank: 59922 2yr old
as.ad4m.at — Cisco Umbrella Rank: 47809 5yr old
assets.ad4m.at — Cisco Umbrella Rank: 68460 7yr old
120 KB
9 adtrafficquality.google
ep1.adtrafficquality.google — Cisco Umbrella Rank: 383 2yr old
ep2.adtrafficquality.google — Cisco Umbrella Rank: 387 2yr old
73 KB
5 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 842 12yr old
3 KB
5 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2634 4yr old
www.google.com — Cisco Umbrella Rank: 4 56yr old
568 B
4 privacy-center.org
sdk.privacy-center.org — Cisco Umbrella Rank: 4003 8yr old
116 KB
3 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 601 9yr old
mug.criteo.com — Cisco Umbrella Rank: 3265 8yr old
7 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 76 56yr old
398 KB
2 google.ch
www.google.ch — Cisco Umbrella Rank: 21754 9yr old
515 B
1 medialead.de
pv.medialead.de — Cisco Umbrella Rank: 66251 6yr old
291 B
1 awin1.com
www.awin1.com — Cisco Umbrella Rank: 21891 13yr old
701 B
1 criteo.net
static.criteo.net — Cisco Umbrella Rank: 1204 13yr old
13 KB
0 captrader-tracking.de Failed
captrader-tracking.de Failed 6yr old
159 16
Domain Requested by
32 static.malavida.com ultrasurf.ru.malavida.com
static.malavida.com
23 pagead2.googlesyndication.com 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
ep2.adtrafficquality.google
pagead2.googlesyndication.com
googleads.g.doubleclick.net
securepubads.g.doubleclick.net
13 imag.malavida.com ultrasurf.ru.malavida.com
8 tpc.googlesyndication.com 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
7 securepubads.g.doubleclick.net ultrasurf.ru.malavida.com
securepubads.g.doubleclick.net
6 assets.ad4m.at as.ad4m.at
6 trace-eu.mediago.io ultrasurf.ru.malavida.com
08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
6 cm.g.doubleclick.net 2 redirects securepubads.g.doubleclick.net
googleads.g.doubleclick.net
cdn.mediago.io
5 gtrace.mediago.io 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
cdn.mediago.io
5 dsum-sec.casalemedia.com 3 redirects googleads.g.doubleclick.net
5 ep2.adtrafficquality.google securepubads.g.doubleclick.net
ep2.adtrafficquality.google
googleads.g.doubleclick.net
4 images.mediago.io 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
4 ep1.adtrafficquality.google securepubads.g.doubleclick.net
ep2.adtrafficquality.google
4 region1.analytics.google.com www.googletagmanager.com
4 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com securepubads.g.doubleclick.net
4 sdk.privacy-center.org ultrasurf.ru.malavida.com
sdk.privacy-center.org
3 ad4m.at 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
ad4m.at
3 www.googletagmanager.com ultrasurf.ru.malavida.com
www.googletagmanager.com
2 as.ad4m.at ad4m.at
as.ad4m.at
2 rs.ad4m.at ad4m.at
2 cdn.mediago.io 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
2 googleads.g.doubleclick.net 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
pagead2.googlesyndication.com
2 gum.criteo.com 1 redirects static.criteo.net
2 www.google.ch ultrasurf.ru.malavida.com
2 stats.g.doubleclick.net www.googletagmanager.com
2 ultrasurf.ru.malavida.com 1 redirects
1 pv.medialead.de as.ad4m.at
1 www.awin1.com as.ad4m.at
1 ad.doubleclick.net 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
1 www.google.com ep2.adtrafficquality.google
1 mug.criteo.com
1 www.malavida.com ultrasurf.ru.malavida.com
1 static.criteo.net securepubads.g.doubleclick.net
0 captrader-tracking.de Failed as.ad4m.at
159 34
Subject Issuer Validity Valid
*.ru.malavida.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1		 2025-05-20 -
2026-05-20		 1yr crt.sh
*.privacy-center.org
Amazon RSA 2048 M03		 2025-02-23 -
2026-03-24		 1yr crt.sh
*.g.doubleclick.net
WE2		 2025-12-29 -
2026-03-23		 3mo crt.sh
*.malavida.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1		 2025-05-20 -
2026-05-20		 1yr crt.sh
*.google-analytics.com
WE2		 2025-12-29 -
2026-03-23		 3mo crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-12-27 -
2026-03-31		 3mo crt.sh
*.google.ch
WE2		 2025-12-29 -
2026-03-23		 3mo crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2026-01-20 -
2026-04-17		 3mo crt.sh
adtrafficquality.google
WE2		 2025-12-29 -
2026-03-23		 3mo crt.sh
ad4m.at
WE1		 2026-01-15 -
2026-04-15		 3mo crt.sh
tpc.googlesyndication.com
WE2		 2025-12-29 -
2026-03-23		 3mo crt.sh
*.google.com
WE2		 2025-12-29 -
2026-03-23		 3mo crt.sh
trace-eu.mediago.io
WR3		 2025-12-08 -
2026-03-08		 3mo crt.sh
images.mediago.io
WR3		 2025-12-04 -
2026-03-04		 3mo crt.sh
*.doubleclick.net
WE2		 2025-12-29 -
2026-03-23		 3mo crt.sh
cdn.mediago.io
WR3		 2025-12-04 -
2026-03-04		 3mo crt.sh
gtrace.mediago.io
R13		 2025-12-05 -
2026-03-05		 3mo crt.sh
www.awin1.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1		 2025-09-25 -
2026-09-25		 1yr crt.sh
pv.medialead.de
R12		 2025-11-25 -
2026-02-23		 3mo crt.sh

This page contains 15 frames:

Primary Page: https://ultrasurf.ru.malavida.com/windows/
Frame ID: 7BC945E961F107DE570C04003CCA6186
Requests: 72 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/partnerpixels?gdpr=0&us_privacy=1---&url=https%3A%2F%2Fultrasurf.ru.malavida.com%2Fwindows%2F
Frame ID: B22DA223A38884DDA1BF2924C318653B
Requests: 1 HTTP requests in this frame

Frame: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: 181F7EFD7C0CB8E807F8F74C65E2E636
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=ultrasurf.ru.malavida.com&gdpr=0&gdpr_consent=
Frame ID: 76676A659A0F3F08D12E1C81D8D0CD13
Requests: 2 HTTP requests in this frame

Frame: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: CEEE83A2348F0D9A8DF466331BB41EB1
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhC30jMYxbf9lQIwAQ&v=APEucNUZAvTuoFWh_Phh2lHBJPJXVq18JmLEyQLvbV3H3XwC-5164k5OpcxvheCki1HMwGcFlFx4Gk2tUncWPIBdl82JLGIkiD-1Ai-KPl8umPMl3BKT5yk
Frame ID: E0B18771D9EF061623394A276F751F6D
Requests: 4 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Frame ID: F654D00EEB408FBA90D9FA9A37E58C3D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6CE0617EDF3F8E6733BD3EE694CD68CB
Requests: 2 HTTP requests in this frame

Frame: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: CFD56398DE02A926AEBEE1637408BB50
Requests: 17 HTTP requests in this frame

Frame: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: 5EB55C7C50DE211EA00F01123B770C80
Requests: 18 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/Klz6NWr5.html
Frame ID: 372CB41EAA093610D552E056094936B0
Requests: 3 HTTP requests in this frame

Frame: https://cdn.mediago.io/js/cookieSync.html?tn=41b6e88a2b85b0e731ef8e73e5558712
Frame ID: 1DBC5209910081107BBF2C52F580D5DE
Requests: 3 HTTP requests in this frame

Frame: https://cdn.mediago.io/js/cookieSync.html?tn=41b6e88a2b85b0e731ef8e73e5558712
Frame ID: D611AC14167D5F85F8A50F9CE2FA35FF
Requests: 3 HTTP requests in this frame

Frame: https://ad4m.at/csf.html
Frame ID: 6D60A5443C7C7B2185950EED19E98C82
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=672%2C490984%2C59372&b=YAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePp%2CDZRPf3fwfMVkxFPCmH9t1tmMpPfxSmTYx5HXgwk%2CVQqMswfmfJD4ESGCbHAtRt4bmHBSzTg1mcbxeY&f=qxg9SmfWfwghKCgHDtRC7bqueSgTJwEhpjkb%2CdpJXtEfkfAwVkFVCjHwtqCj7zgheS4T5JEHJWpY%2CmQ9BsefGfxWbJUECZHZtQC3jptKSwTe9xfb2XB&c=300&d=600&e=&g=3fbd4c37d93d121fa71b338ebbb7f713%2F7550855424939657792&i=4631%2C188175%2C26474&j=16%2C16%2C41&k=0&l=0&m=0&n=&p=&q=&o=dbm_Netmix_Reach01_Mweb&r=1768997471030&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCIRSgXsJwaZKLC92QjuwPstzD2Qyz_Im4bv6BgOXUEvAuEAEgi8KYAmD1lc6B4ATIAQmpAqia_ovzqbM-qAMByAObBKoEtgJP0LHqNxFKyoY-FoZ4GShxZNvVu0e_Ft2-j7wdij2kPMbnjHPMDaYeiCUuzD-Jl8LCbAWuen6_VSQbGC2WciSeIJwV6PArmzkwE0tEI1VqrqasmOFJHQOLnIZ01juSmE6xvSTY8ct_ITJds1JRC87AJiLwdnpX2qRXcbOLDj0X8O10Mjj-q0Tx5iQ5y-muVWFKkRNhXiLiTtQEEUKax1DSG6LTtfSgq5c5TmtkrUfmI9jskNiEf23hmT8UjEEdSvd2R58IXDHg492rDBPDb3HsJfY2RDstoAGNfE4cjUxL8_NJVDEPjZTAzdPgYRM8sM09EhJN3MwA9CEzYclPut5YTXyl7chWdAOIOVkeJl2ALVl2HEV3zl4mPLJNb8xJMT9INxIqu0YUBXAOeUmh2KhcJHE_KAjgwASDjeSumwTgBAOIBcfIuetIkAYBoAZN2AYCgAfqk59DqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcAoAjf5rAEsAgC0ggvCIBhEAEYnQEyCIqCgICAgIAIOg2AQIDAgICAgKiAAqgDSL39wTpY66HFjs2ckgOACgGYCwHICwGADAGqDQJDSOINEwiG0MWOzZySAxVdiIMHHTLuMMvqDRMI8ofGjs2ckgMVXYiDBx0y7jDL8A0BiA7___________8BsBPfnYEc0BMA2BMDghQbGhl1bHRyYXN1cmYucnUubWFsYXZpZGEuY29tiBQB2BQB0BUByhYCCgD4FgGAFwGyFw4YAioKNzAwMjE5MDI5NqoYFwkAAAAA8NHyQBIKNzAwMjE5MDI5NhgBshgJEgLtThhNIgEA0BkB%2526ae%253D1%2526num%253D1%2526cid%253DCAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE%2526sig%253DAOD64_0WUBvqSk58KdX6njzG_VICx7fUXg%2526client%253Dca-pub-2181195710737927%2526dbm_c%253DAKAmf-B4vyWUs0MutfNchUF5KM1b-FLg17IpsB4aUPfUZnr6SaXJohxsyAxCbPa_9iOGMBuy_wktUrEQmpNTML5QIKnMv3OK4wyOYOm5SSB5GFjvLSK1Fibvq_iMJ4N51WT2hOD0hJYIUzEhwqECUnyi_zyy8FRymzbzu4MH7v2PATzXV6CWl6GZsg1x-xiM_3KzgrKzha5cFZ9AFTz5HwLIXYI4Y7Wf9Ddyn9IJ13BsUzMRTAJUYMu7wRQWEhDJ_FVmgHj17hqckAICwzX1kHWJl2GznyFb7X-gkJqpf7j0PzLhvZ7rXc0%2526cry%253D1%2526dbm_d%253DAKAmf-BTFpeZVTgcslED6B70kB7cCXGQWRC1gCogHddiCiwXWYP9r1028vrtqme1YGae3j0v0PV_5mA1HerTsY5dRofJ02A9Jwyb94Cd3NcCgaBpP3APoatuH3uhAgsHQK47ywcz0dpL7XR337QFIJ6eq6LYPG7IaPTj4i9uElvnltzHPFGulBBgEsKTg4hId-rgzJB76Onun7f_y9BLDQ0oOMVCbmmUDMb9MoKZD9M2F1Wo28gTZsrPhiceQa69ESISBMsWeT2dRVtJngSNwLpjIU_2gjayfJo76ZE445vjIv-46gKmMchMojrTUDta2uMn97n5IYrHTpR4ukIH6cVTZeLRc4q1qEb8o0EhQrnsuC6ZFgwxbRCrQKop9YCwTxpMX2n5k_2BgiO2RgmL_LueNALIA-w8L_GXxI_N1k1Ot0SwMyO6Pn_K0qBg4P0GbUhUDvLO-jGWQIEC4WUHRjv33TdDhql_MAUC-0sXya8oUhz5CC8Ac6wlDYgF96U-LvC_i3yrgvCEmujCrAHONDZyINWh70F7B42HATfSaesJMsjIIcXVYFEKQMfSXeXve6U0_pEgywh1XPj1k5uK4zLhQtuHQnepYA-77g1cQmWEIDxHA-cENI6cBs3oZVauV5VV-_7NpdzaisXncR9LjEl1sZfDg-2LZAS74hk-ny91CjjE0U_co3_tl8hnzY8HVHU_9uCFAHBw6yVLn3PT0wnofDK8lAF38Q%2526adurl%253D&y=1&s=&t=&z=0
Frame ID: 3226D520A17A07432DDAE881468F4241
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

UltraSurf 1.8.1 - Скачать на ПК бесплатно

Page URL History Show full URLs

  1. http://ultrasurf.ru.malavida.com/ HTTP 307
    https://ultrasurf.ru.malavida.com/ HTTP 301
    https://ultrasurf.ru.malavida.com/windows/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • sdk\.privacy-center\.org/.*/loader\.js
Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe
Overall confidence: 100%
Detected patterns
  • \.doubleclick\.net
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • \.googletagmanager\.com/
Overall confidence: 100%
Detected patterns
  • securepubads\.g\.doubleclick.net/tag/js/gpt\.js

Page Statistics

159
Requests

97 %
HTTPS

35 %
IPv6

16
Domains

34
Subdomains

32
IPs

6
Countries

1372 kB
Transfer

4634 kB
Size

24
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ultrasurf.ru.malavida.com/ HTTP 307
    https://ultrasurf.ru.malavida.com/ HTTP 301
    https://ultrasurf.ru.malavida.com/windows/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48
  • https://gum.criteo.com/sid/json?origin=publishertagids&domain=malavida.com&sn=AndroidSyncframe&so=0&topUrl=ultrasurf.ru.malavida.com&pm=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=qioWvXxYQTQ0blNIREg3YW81QWpHb1ovMkREMHIyNWRIWmNEalNYSlA5RVUwUEc2Ui9CVUdVcmViZURPT1l4bEk3NnN3cC9kcjBIRlh2LzNHK29rdGdROWRDSWx1ejJQUU0vd1FoMjVYbk4zWXBHYXYwL2R4bU1DaGptTCtZTXdnMUVnMVQxWWkremMyTmhDZXpuWFpPdlgwa2txRTFzaldsOWhqMG9sWmNmYndlemNFOHFjTldvK0NrcVFrajdwdnR5VkQ5cW1IODlOM1pwbHYvTGhVQ0hoblNMeUtKSlA1UmFsVGJuQ04zQkNXSzNkRVp1ek9SenlOYUxycDRXUjNwM1NtYkRFQ3ZlSDVqa3Nwc2FYQUJCcG93OUllTEl2Z05CMGMvSkJjTVRyYkFiOD18&cppv=2
Request Chain 82
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhPptYp9SDSg-st3dnPQCg&google_cver=1&gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhPptYp9SDSg-st3dnPQCg&google_cver=1&gdpr=0&C=1
Request Chain 83
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=aXDCXrmqPSYAKPvIBVX3AQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhPptYp9SDSg-st3dnPQCg&google_cver=1&gdpr=0
Request Chain 144
  • https://www.awin1.com/cshow.php?s=3065912&v=11795&q=430656&r=412871&pv=1&pref3=oneidYAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePponeid__dbm_Netmix_Reach01_Mweb&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://captrader-tracking.de/zanox-captrader-htlp.php

159 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ultrasurf.ru.malavida.com/windows/
Redirect Chain
  • http://ultrasurf.ru.malavida.com/
  • https://ultrasurf.ru.malavida.com/
  • https://ultrasurf.ru.malavida.com/windows/
100 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::5c7a:d721 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
7948bdf84fb9c477f4d145f2a0a2fd3b841a43f5fd35091e0a333e1ac2833982
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

access-control-allow-credentials
true
cache-control
max-age=0, no-cache, no-store
content-encoding
br
content-length
21588
content-security-policy
frame-ancestors 'self';
content-type
text/html; charset=UTF-8
date
Wed, 21 Jan 2026 12:11:09 GMT
expires
Wed, 21 Jan 2026 12:11:09 GMT
last-modified
Mon, 19 Jan 2026 06:42:04 GMT
pragma
no-cache
server
Apache
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-test
Rule-CacheHonorExpires

Redirect headers

access-control-allow-credentials
true
alt-svc
h3=":443"; ma=93600
cache-control
max-age=0, no-cache, no-store
content-length
0
content-security-policy
frame-ancestors 'self';
content-type
text/html; charset=UTF-8
date
Wed, 21 Jan 2026 12:11:09 GMT
expires
Wed, 21 Jan 2026 12:11:09 GMT
location
https://ultrasurf.ru.malavida.com/windows/
pragma
no-cache
server
Apache
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-test
Rule-CacheHonorExpires
loader.js
sdk.privacy-center.org/63587a00-7436-4b96-9716-32fba5775251/ 		133 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.privacy-center.org/63587a00-7436-4b96-9716-32fba5775251/loader.js?target=www.malavida.com
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:28eb:4e00:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b8e43178e9e861c298b0fdd4adc992abb3171fcee35d64e4aaafe56fae768147

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

content-encoding
gzip
etag
W/"11f11d9c14cdec9e71b629c0505c0098"
age
373
x-amzn-requestid
74df1c04-4c69-40fd-b110-2ff3f5df8acd
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
IYVTqe7-t5VM1MvddYGdGvnRPmg3CMUZVAnoyMEi6QLIYx82Ebv1lA==
date
Wed, 21 Jan 2026 12:04:56 GMT
content-type
application/javascript; charset=utf-8
vary
accept-encoding
cache-control
max-age=7200, public
x-didomi-remote-config-metadata
multiReg:true;legacyGlobalGdpr:false
x-amzn-trace-id
Root=1-696ef061-1bb877c4442bb3931a374c87;Parent=26080e414ffc7f5b;Sampled=0;Lineage=1:eaae1266:0
via
1.1 a95e3ddc09a8118950740e900d11ffc8.cloudfront.net (CloudFront)
x-didomi-configs-version
133
x-amz-cf-pop
FRA60-P12
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		105 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
174ae973f0db984de5db88208b2da2c4d005d97a3fb19a6870fa157f497294a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

content-encoding
br
etag
330 / 20474 / m202601150101 / config-hash: 17095365778927917866
x-content-type-options
nosniff
expires
Wed, 21 Jan 2026 12:11:09 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 21 Jan 2026 12:11:09 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
34232
x-xss-protection
0
server
cafe
malavida_logo_mobile.svg
static.malavida.com/global/imag/ 		6 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/malavida_logo_mobile.svg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
7380f53ddeccd51acf15a6899f7bed4adb09af9851e3646a050980dffd12de1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=2969044
content-encoding
gzip
expires
Tue, 24 Feb 2026 20:55:14 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
2201
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Tue, 10 Mar 2020 08:22:29 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
verified-safety.svg
static.malavida.com/global/imag/ 		866 B
600 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/verified-safety.svg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
60ac96ebaeea612414283d9efad61fb01673133de7f9bb7c21a5314477a98938
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4388478
content-encoding
gzip
expires
Fri, 13 Mar 2026 07:12:28 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
402
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Tue, 14 Mar 2023 07:07:37 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
ultrasurf-6508-0.jpg
imag.malavida.com/mvimgbig/download-s/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imag.malavida.com/mvimgbig/download-s/ultrasurf-6508-0.jpg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
da4c854d593f264e7ac22708ce005b9c42070a8d37b1c3f6dbda55f53a3170b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=6125917
expires
Thu, 02 Apr 2026 09:49:46 GMT
accept-ranges
bytes
content-length
1577
date
Wed, 21 Jan 2026 12:11:09 GMT
last-modified
Tue, 08 Mar 2022 14:15:14 GMT
content-type
image/jpeg
server
Apache
ultrasurf-6508-1.jpg
imag.malavida.com/mvimg/main-m/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imag.malavida.com/mvimg/main-m/ultrasurf-6508-1.jpg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
fe909f859770570cd3560104a668729d8fa2e90e88c83c0f791fec6778859ad2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=7359787
expires
Thu, 16 Apr 2026 16:34:16 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=93600
content-length
13582
date
Wed, 21 Jan 2026 12:11:09 GMT
last-modified
Tue, 08 Mar 2022 14:15:14 GMT
content-type
image/jpeg
server
Apache
gtm.js
www.googletagmanager.com/ 		353 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?_=v2&id=GTM-MQ79NG
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
60ab8cea2718c7c468e087adeb56ef9242b8b0692134ccd90d44e36a34b65ba0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
zstd
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Wed, 21 Jan 2026 12:11:09 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
117251
date
Wed, 21 Jan 2026 12:11:09 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
malavida_top.svg
static.malavida.com/global/css/img/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/css/img/malavida_top.svg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
af5c498573363202188dde45141cb31eba0b6f3a8333ef55ad78d712ac1ce88d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4388478
content-encoding
gzip
expires
Fri, 13 Mar 2026 07:12:28 GMT
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=93600
content-length
1819
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 06 Nov 2017 08:43:44 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
ico-windows.svg
static.malavida.com/global/imag/ 		907 B
580 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-windows.svg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
930ec3cf0d87dc0253b5896dde84893138a93fd24aeedb864e8ab825b68e5666
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4391582
content-encoding
br
expires
Fri, 13 Mar 2026 08:04:12 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
396
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 15 Mar 2021 08:15:46 GMT
content-type
image/svg+xml
server
Apache
ico-android.svg
static.malavida.com/global/imag/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-android.svg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
ba41f6ce1e0a774e4f5227e4c3d385d92d58ba4705d6b046b35e9805569c4c54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4388621
content-encoding
gzip
expires
Fri, 13 Mar 2026 07:14:51 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
843
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 15 Mar 2021 08:15:46 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
ico-mac.svg
static.malavida.com/global/imag/ 		1 KB
876 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-mac.svg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
35732258dd77b93ba2a526f953f112f6bdfd3a54104c6cab6e5585082200de23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4391582
content-encoding
gzip
expires
Fri, 13 Mar 2026 08:04:12 GMT
accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=93600
content-length
653
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 15 Mar 2021 08:15:46 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
ico-user.svg
static.malavida.com/global/imag/ 		1 KB
719 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-user.svg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
b63acf295d63d201639bf7171cfe1d6e52f81677de78a735442cb94a705cc0ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4385512
content-encoding
br
expires
Fri, 13 Mar 2026 06:23:02 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
535
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 15 Mar 2021 08:15:46 GMT
content-type
image/svg+xml
server
Apache
star.svg
static.malavida.com/global/css/img/ 		586 B
605 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/css/img/star.svg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
7120fd9ed57bb7adcc067011568bceadee1c5c0dcde3a47f58c5900bd9dd29e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4388621
content-encoding
gzip
expires
Fri, 13 Mar 2026 07:14:51 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
406
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Tue, 10 Mar 2020 08:22:29 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
star2.svg
static.malavida.com/global/css/img/ 		701 B
656 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/css/img/star2.svg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
05329290613112ac35da62f2e34aded5a6ad39341f39a9089c99eb79d2a5b904
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4388478
content-encoding
gzip
expires
Fri, 13 Mar 2026 07:12:28 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
457
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Tue, 10 Mar 2020 08:22:29 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
ico-close.svg
static.malavida.com/global/imag/ 		1 KB
735 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-close.svg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
5b73d1f909925a4f2258b46d5ad53ada2d749d3905f3a8f95adbec741f678b6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4388622
content-encoding
gzip
expires
Fri, 13 Mar 2026 07:14:52 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
536
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
ultrasurf-6508-2.jpg
imag.malavida.com/mvimg/main-m/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imag.malavida.com/mvimg/main-m/ultrasurf-6508-2.jpg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
b5be31e4aa7df6849f50ddbb28aa3be26fbfe3a6e49a5e56f1938b3c1ddd48da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=7776000
expires
Tue, 21 Apr 2026 12:11:09 GMT
accept-ranges
bytes
content-length
13325
date
Wed, 21 Jan 2026 12:11:09 GMT
last-modified
Tue, 08 Mar 2022 14:15:14 GMT
content-type
image/jpeg
server
Apache
ultrasurf-6508-3.jpg
imag.malavida.com/mvimg/main-m/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imag.malavida.com/mvimg/main-m/ultrasurf-6508-3.jpg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
18e834cc219d24f39e74a56d70342b12b371dfef33b850f34f26d0fd6e747411
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=6125917
expires
Thu, 02 Apr 2026 09:49:46 GMT
accept-ranges
bytes
content-length
9851
date
Wed, 21 Jan 2026 12:11:09 GMT
last-modified
Tue, 08 Mar 2022 14:15:14 GMT
content-type
image/jpeg
server
Apache
ultrasurf-6508-4.jpg
imag.malavida.com/mvimg/main-m/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imag.malavida.com/mvimg/main-m/ultrasurf-6508-4.jpg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
0372ba8da9f98122575994fca6d871f0181a8e25bed462ec77b0eff3fa6b3f3b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=7776000
expires
Tue, 21 Apr 2026 12:11:10 GMT
accept-ranges
bytes
content-length
9683
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Tue, 08 Mar 2022 14:15:15 GMT
content-type
image/jpeg
server
Apache
ultrasurf-6508-5.jpg
imag.malavida.com/mvimg/main-m/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imag.malavida.com/mvimg/main-m/ultrasurf-6508-5.jpg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
f1695017f435e12919bad7772cb669d49836f08d4a6339d42dee40727412fb8e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=5628878
expires
Fri, 27 Mar 2026 15:45:47 GMT
accept-ranges
bytes
content-length
13885
date
Wed, 21 Jan 2026 12:11:09 GMT
last-modified
Tue, 08 Mar 2022 14:45:36 GMT
content-type
image/jpeg
server
Apache
elies.jpg
imag.malavida.com/autores/ 		929 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imag.malavida.com/autores/elies.jpg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
8263d975082ced2d2166dbe86443ebc6bf3842a5543e68cfb1b66a907a249a9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=7558414
expires
Sat, 18 Apr 2026 23:44:43 GMT
accept-ranges
bytes
content-length
929
date
Wed, 21 Jan 2026 12:11:09 GMT
last-modified
Tue, 08 Mar 2022 14:10:42 GMT
content-type
image/jpeg
server
Apache
maria-juscov.jpg
imag.malavida.com/autores/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imag.malavida.com/autores/maria-juscov.jpg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
4614be8a1ce5f76283844f9d433584183b4939e5544f9cfbb723f4ab5e53ad73
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=5503738
expires
Thu, 26 Mar 2026 05:00:07 GMT
accept-ranges
bytes
content-length
1143
date
Wed, 21 Jan 2026 12:11:09 GMT
last-modified
Tue, 08 Mar 2022 14:10:42 GMT
content-type
image/jpeg
server
Apache
noimg.jpg
imag.malavida.com/autores/ 		1014 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imag.malavida.com/autores/noimg.jpg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
b6c566e7e15cd7f1bfd157b5fe67f3a4f6d3767fd339bc52892a106eb4d5d31a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=6469094
expires
Mon, 06 Apr 2026 09:09:23 GMT
accept-ranges
bytes
content-length
1014
date
Wed, 21 Jan 2026 12:11:09 GMT
last-modified
Tue, 08 Mar 2022 14:10:42 GMT
content-type
image/jpeg
server
Apache
proxy-switcher-11054-0.jpg
imag.malavida.com/mvimg/soft-xs/ 		883 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imag.malavida.com/mvimg/soft-xs/proxy-switcher-11054-0.jpg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
b73c8db9bd6fc0562c0d8cad131ca8eab44ea6e508a6bc644564259ba258bbff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=5660270
expires
Sat, 28 Mar 2026 00:28:59 GMT
accept-ranges
bytes
content-length
883
date
Wed, 21 Jan 2026 12:11:09 GMT
last-modified
Tue, 08 Mar 2022 14:49:17 GMT
content-type
image/jpeg
server
Apache
psiphon-16716-0.jpg
imag.malavida.com/mvimg/soft-xs/ 		844 B
1017 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imag.malavida.com/mvimg/soft-xs/psiphon-16716-0.jpg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
33f2d8dbaf0d45811ce7854506bdec22ff1f4d5d3304f7de96ac7ec42b41daac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=7630964
expires
Sun, 19 Apr 2026 19:53:53 GMT
accept-ranges
bytes
content-length
844
date
Wed, 21 Jan 2026 12:11:09 GMT
last-modified
Tue, 08 Mar 2022 14:15:16 GMT
content-type
image/jpeg
server
Apache
fiddler-8611-0.jpg
imag.malavida.com/mvimg/soft-xs/ 		735 B
907 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imag.malavida.com/mvimg/soft-xs/fiddler-8611-0.jpg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
02dc1979eef04e794fc219c0b2ad305f6a96aad360a0f64fe90887aa592fe972
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=7341120
expires
Thu, 16 Apr 2026 11:23:09 GMT
accept-ranges
bytes
content-length
735
date
Wed, 21 Jan 2026 12:11:09 GMT
last-modified
Tue, 08 Mar 2022 14:15:16 GMT
content-type
image/jpeg
server
Apache
your-freedom-16473-0.jpg
imag.malavida.com/mvimg/soft-xs/ 		809 B
981 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imag.malavida.com/mvimg/soft-xs/your-freedom-16473-0.jpg
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
d4e361036ecce0cfdc797a986c58868852551b578d54e8655abb79ff31711bc0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=7365718
expires
Thu, 16 Apr 2026 18:13:07 GMT
accept-ranges
bytes
content-length
809
date
Wed, 21 Jan 2026 12:11:09 GMT
last-modified
Tue, 08 Mar 2022 14:15:16 GMT
content-type
image/jpeg
server
Apache
sdk.ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c.js
sdk.privacy-center.org/sdk/ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c/modern/ 		325 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.privacy-center.org/sdk/ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c/modern/sdk.ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c.js
Requested by
Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/63587a00-7436-4b96-9716-32fba5775251/loader.js?target=www.malavida.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:28eb:4e00:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b1c17de4951938d0ef7d99131d2feced071c694c3bec690e3917583543d0686b

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

vary
accept-encoding
cache-control
public, max-age=31536000
content-encoding
br
etag
W/"4924c70a43bc974b6ab890682b12bd7d-1"
age
167216
via
1.1 a95e3ddc09a8118950740e900d11ffc8.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
b4ptQDq5EX-s0JlqSos0rQy76jzg1KIOI9F5QPvqp3_R48MI45VzBw==
date
Mon, 19 Jan 2026 13:44:14 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 19 Jan 2026 13:44:07 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P12
x-amz-server-side-encryption
AES256
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601150101/ 		614 KB
193 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601150101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
ff0052a7ad0afe1b6718d0b89256596e783d0bb3116ae98392b455bf27d99701
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

content-encoding
br
etag
15385727690209925050
age
17521
x-content-type-options
nosniff
expires
Thu, 21 Jan 2027 07:19:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 21 Jan 2026 07:19:08 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
197997
x-xss-protection
0
server
cafe
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202601200101/ 		64 KB
23 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202601200101/gpt
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
915b03c72aa710d3ad578d0899d81200b357f685c0dbd680d775b9f65e235818
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer

Response headers

content-encoding
br
etag
6987571020048426623
age
9098
x-content-type-options
nosniff
expires
Wed, 28 Jan 2026 09:39:31 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 21 Jan 2026 09:39:31 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23936
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202601200101"
src_sdk_core_modules_integrations_sdk-integrations_providers_google_google_js.ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c.js
sdk.privacy-center.org/sdk/ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c/modern/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.privacy-center.org/sdk/ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c/modern/src_sdk_core_modules_integrations_sdk-integrations_providers_google_google_js.ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c.js
Requested by
Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/sdk/ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c/modern/sdk.ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
3.174.46.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-174-46-44.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
37c1eab56ef3e39c2b424ede5fcb062777e5439058278f9bc71be67c341a7122

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

vary
accept-encoding
cache-control
public, max-age=31536000
content-encoding
br
etag
W/"45b6b875d47167f01cbda8a00d925cb7-1"
age
167216
via
1.1 849149785eb810a2bb27d4e2bd0d82b4.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Oab829JGTsj2u-YHQdHVpSbCCLQoXKIKGqq3epE0BrTl30uyemXCZQ==
date
Mon, 19 Jan 2026 13:44:14 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 19 Jan 2026 13:44:07 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P12
x-amz-server-side-encryption
AES256
src_sdk_core_modules_integrations_sdk-integrations_providers_gcm_gcm_js.ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c.js
sdk.privacy-center.org/sdk/ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c/modern/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.privacy-center.org/sdk/ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c/modern/src_sdk_core_modules_integrations_sdk-integrations_providers_gcm_gcm_js.ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c.js
Requested by
Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/sdk/ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c/modern/sdk.ca2379ddb62e2e5caa83a51f7e1c54c4ab2a671c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
3.174.46.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-174-46-44.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0e1216ce6e663b5f558e19ec43a9575b45d9b4073c9482263676859f0bc3885f

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

vary
accept-encoding
cache-control
public, max-age=31536000
content-encoding
br
etag
W/"0c6d8fa817a5dd63b587b1e51a4f8d27-1"
age
167216
via
1.1 849149785eb810a2bb27d4e2bd0d82b4.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
f1vqfue44OcnUTMkmkQ-p8w7pGHPIJdLSgwGYyE6cFa5mhMtN1ZWWg==
date
Mon, 19 Jan 2026 13:44:14 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 19 Jan 2026 13:44:07 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P12
x-amz-server-side-encryption
AES256
js
www.googletagmanager.com/gtag/ 		417 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-DHF0S7H5E7&cx=c&gtm=4e61g1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?_=v2&id=GTM-MQ79NG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b00a240dce96a9bfba04da7cc2ba03075f133bed46fd2fcba544cff966f9897e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
zstd
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Wed, 21 Jan 2026 12:11:10 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
144911
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
js
www.googletagmanager.com/gtag/ 		415 KB
141 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-96K7KT3ZPX&cx=c&gtm=4e61g1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?_=v2&id=GTM-MQ79NG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d8c4a52433105df7c7c19f549be4679a045df1190715d2767fb69340f8faaa95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
zstd
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Wed, 21 Jan 2026 12:11:10 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
144474
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
partnerpixels
cm.g.doubleclick.net/ Frame B22D 		41 B
213 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/partnerpixels?gdpr=0&us_privacy=1---&url=https%3A%2F%2Fultrasurf.ru.malavida.com%2Fwindows%2F
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601150101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.208.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bp-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
a09179dd962df38a01440ce2e4748c37bd832fe1ac2f65ad974490a89d63d129
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://ultrasurf.ru.malavida.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
48
content-type
text/html; charset=UTF-8
date
Wed, 21 Jan 2026 12:11:10 GMT
server
HTTP server (unknown)
x-xss-protection
0
publishertag.ids.js
static.criteo.net/js/ld/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601150101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::28 , France, ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR),
Reverse DNS
Software
nginx /
Resource Hash
55dddc6e66f277fadab3653c8b92e0d97446f713bf116c024c34f57f59ea4bc2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
cross-origin-resource-policy
cross-origin
expires
Thu, 22 Jan 2026 12:11:10 GMT
access-control-allow-origin
*
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/javascript
vary
x-geo-country
server
nginx
ads
securepubads.g.doubleclick.net/gampad/ 		146 KB
25 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=989187141825270&correlator=2699213332943005&eid=31096080%2C95379659%2C95340253%2C95340255&output=ldjh&gdfp_req=1&vrg=202601150101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=4096369%2CMV_RU_GEN_CAB_970_250%2CMV_RU_Soft_Ficha_LAT_300&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=970x250%7C970x90%7C728x90%2C300x250%7C300x600&ifi=1&didk=106714829~697896867&dids=div-gpt-ad-header~div-gpt-ad-download-inf&adfs=2885538818~3562305006&sfv=1-0-45&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1768997470118&lmt=1768804924&adxs=315%2C220&adys=272%2C967&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0&ucis=1%7C2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fultrasurf.ru.malavida.com%2Fwindows%2F&vis=1&psz=970x250%7C300x250&msz=970x250%7C300x0&fws=4%2C0&ohw=970%2C0&a3p=Eh0KDmVzcC5jcml0ZW8uY29tGKP_3IO-M0gAUgIIZA..&psd=WzMxLFtdXQ..&dlt=1768997469821&idt=229&cust_params=TypeU%3DSF%26Software%3Dultrasurf%26OS%3Dw%26bl%3D0%26mv_lang%3Dru%26NoCookEU%3D0%26iabconsentstring%3D%26iabgdprapplies%3D0&adks=581081947%2C491449773&frm=20&eoidce=1&blev=1&bisch=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
f058bd26e983ec155b9a1b45d1679401a7ea0c01735bc4fedc75f9bc220a9794
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

content-encoding
dcb
google-lineitem-id
-1,-1
observe-browsing-topics
?1
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
-1,-1
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://ultrasurf.ru.malavida.com
content-length
25140
x-xss-protection
0
server
cafe
container.html
08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame 181F 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.141.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-ai-in-f1.1e100.net
Software
sffe /
Resource Hash
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ultrasurf.ru.malavida.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3121
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 21 Jan 2026 12:11:10 GMT
expires
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Thu, 08 May 2025 23:15:48 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		27 KB
9 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=989187141825270&correlator=2962379545623184&eid=31096080%2C95379659%2C95340253%2C95340255&output=ldjh&gdfp_req=1&vrg=202601150101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=4096369%2CMV_RU_Review_FIN_300&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&ifi=3&didk=4097603401&dids=div-gpt-ad-sidebar&adfs=2722442030&sfv=1-0-45&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1768997470141&lmt=1768804924&adxs=200&adys=1966&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fultrasurf.ru.malavida.com%2Fwindows%2F&vis=1&psz=1200x0&msz=1200x0&fws=0&ohw=0&a3p=Eh0KDmVzcC5jcml0ZW8uY29tGKP_3IO-M0gAUgIIZA..&psd=WzMxLFtdXQ..&dlt=1768997469821&idt=229&cust_params=TypeU%3DSF%26Software%3Dultrasurf%26OS%3Dw%26bl%3D0%26mv_lang%3Dru%26NoCookEU%3D0%26iabconsentstring%3D%26iabgdprapplies%3D0&adks=2688852704&frm=20&eoidce=1&blev=1&bisch=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
9ab87f3c8dc0f030c795947971f7ee5aabca0389c1beebeef24efd06a1740fe2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

content-encoding
dcb
google-lineitem-id
-1
observe-browsing-topics
?1
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
-1
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://ultrasurf.ru.malavida.com
content-length
9611
x-xss-protection
0
server
cafe
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-DHF0S7H5E7&gtm=45je61g1v877222445z872589808za20gzb72589808zd72589808&_p=1768997469833&_gaz=1&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma=0&tcfd=10000&cid=847096965.1768997470&ul=de-ch&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAAAGA&_s=1&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115938465~115938468~117041587~117091819~117171316&sid=1768997470&sct=1&seg=0&dl=https%3A%2F%2Fultrasurf.ru.malavida.com%2Fwindows%2F&dt=UltraSurf%201.8.1%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%BD%D0%B0%20%D0%9F%D0%9A%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_group=Ficha&ep.content_group2=windows&ep.content_group3=(W)%20Redes%20-%20Proxies&ep.content_group4=8&ep.content_group5=Normal&tfd=699
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DHF0S7H5E7&cx=c&gtm=4e61g1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:170:0
report-to
{"group":"ascnsrsggc:170:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:170:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://ultrasurf.ru.malavida.com
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:170:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
556 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-DHF0S7H5E7&cid=847096965.1768997470&gtm=45je61g1v877222445z872589808za20gzb72589808zd72589808&aip=1&dma=0&gcs=G111&gcd=13n3n3n3n5l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115938465~115938468~117041587~117091819~117171316
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DHF0S7H5E7&cx=c&gtm=4e61g1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0d::9a , Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:138:0
report-to
{"group":"ascnsrsggc:138:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:138:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://ultrasurf.ru.malavida.com
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:138:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.ch/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ch/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-DHF0S7H5E7&cid=847096965.1768997470&gtm=45je61g1v877222445z872589808za20gzb72589808zd72589808&aip=1&dma=0&gcs=G111&gcd=13n3n3n3n5l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115938465~115938468~117041587~117091819~117171316&z=1967743601
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-96K7KT3ZPX&gtm=45je61g1v867895757z872589808za20gzb72589808zd72589808&_p=1768997469833&_gaz=1&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma=0&tcfd=10000&cid=847096965.1768997470&ul=de-ch&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAAAGA&_s=1&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115938465~115938469~117041587~117171316&sid=1768997470&sct=1&seg=0&dl=https%3A%2F%2Fultrasurf.ru.malavida.com%2Fwindows%2F&dt=UltraSurf%201.8.1%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%BD%D0%B0%20%D0%9F%D0%9A%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&en=page_view&_fv=1&_ss=1&ep.content_group=Ficha&ep.content_group2=windows&ep.content_group3=(W)%20Redes%20-%20Proxies&ep.content_group4=8&ep.content_group5=Normal&tfd=737
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-96K7KT3ZPX&cx=c&gtm=4e61g1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:170:0
report-to
{"group":"ascnsrsggc:170:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:170:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://ultrasurf.ru.malavida.com
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:170:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
57 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-96K7KT3ZPX&cid=847096965.1768997470&gtm=45je61g1v867895757z872589808za20gzb72589808zd72589808&aip=1&dma=0&gcs=G111&gcd=13n3n3n3n5l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115938465~115938469~117041587~117171316
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-96K7KT3ZPX&cx=c&gtm=4e61g1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0d::9a , Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:138:0
report-to
{"group":"ascnsrsggc:138:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:138:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://ultrasurf.ru.malavida.com
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:138:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.ch/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ch/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-96K7KT3ZPX&cid=847096965.1768997470&gtm=45je61g1v867895757z872589808za20gzb72589808zd72589808&aip=1&dma=0&gcs=G111&gcd=13n3n3n3n5l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115938465~115938469~117041587~117171316&z=456322269
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
syncframe
gum.criteo.com/ Frame 7667 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=ultrasurf.ru.malavida.com&gdpr=0&gdpr_consent=
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::d , France, ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
816003bdda801ce731619821a41c01cff207fa53ade03fc51251b8388cdd5311
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ultrasurf.ru.malavida.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 21 Jan 2026 12:11:09 GMT
server
Kestrel
server-processing-duration-in-ticks
294943
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
x-robots-tag
noindex
js-mv_util-mv_usr-nsmvsite-mv_box-mv_css_async-mv_usr_txt_ru.js
www.malavida.com/jsu_V43/ 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.malavida.com/jsu_V43/js-mv_util-mv_usr-nsmvsite-mv_box-mv_css_async-mv_usr_txt_ru.js
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
58105cd67fb85ddad6a4a6a6b26fe86371e8d3c85bd4a36dd7e21325ce29c5ab
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding
content-security-policy
frame-ancestors 'self';
cache-control
max-age=15408634
content-encoding
br
access-control-allow-credentials
true
expires
Sat, 18 Jul 2026 20:21:44 GMT
accept-ranges
bytes
content-length
9437
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Wed, 05 Nov 2025 11:16:34 GMT
content-type
application/javascript; charset=UTF-8
server
Apache
x-frame-options
SAMEORIGIN
sodar
ep1.adtrafficquality.google/getconfig/ 		18 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202601150101&st=env&sjk=989187141825270
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-aa-in-f2.1e100.net
Software
cafe /
Resource Hash
7f15ca4de76e3b2dd630ee703a3beaf25c76d54e65007d6573a15ecb3b6be3cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13637
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
favicon.svg
static.malavida.com/ 		2 KB
995 B 		Other
General
Check archive.org
Download Go to
Full URL
https://static.malavida.com/favicon.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
16ccb6885c57ade9c1d9d78c594d2fe38dc6ee9ee734f3e6e7e794780d904064
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4385617
content-encoding
gzip
expires
Fri, 13 Mar 2026 06:24:47 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
796
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Tue, 24 Oct 2023 07:06:56 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
sid
mug.criteo.com/ Frame 7667
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertagids&domain=malavida.com&sn=AndroidSyncframe&so=0&topUrl=ultrasurf.ru.malavida.com&pm=1
  • https://mug.criteo.com/sid?cpp=qioWvXxYQTQ0blNIREg3YW81QWpHb1ovMkREMHIyNWRIWmNEalNYSlA5RVUwUEc2Ui9CVUdVcmViZURPT1l4bEk3NnN3cC9kcjBIRlh2LzNHK29rdGdROWRDSWx1ejJQUU0vd1FoMjVYbk4zWXBHYXYwL2R4bU1DaGptTC...
433 B
999 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=qioWvXxYQTQ0blNIREg3YW81QWpHb1ovMkREMHIyNWRIWmNEalNYSlA5RVUwUEc2Ui9CVUdVcmViZURPT1l4bEk3NnN3cC9kcjBIRlh2LzNHK29rdGdROWRDSWx1ejJQUU0vd1FoMjVYbk4zWXBHYXYwL2R4bU1DaGptTCtZTXdnMUVnMVQxWWkremMyTmhDZXpuWFpPdlgwa2txRTFzaldsOWhqMG9sWmNmYndlemNFOHFjTldvK0NrcVFrajdwdnR5VkQ5cW1IODlOM1pwbHYvTGhVQ0hoblNMeUtKSlA1UmFsVGJuQ04zQkNXSzNkRVp1ek9SenlOYUxycDRXUjNwM1NtYkRFQ3ZlSDVqa3Nwc2FYQUJCcG93OUllTEl2Z05CMGMvSkJjTVRyYkFiOD18&cppv=2
Protocol
H2
Server
178.250.1.12 , France, ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
b57ec7cac5e50ba68be1ddc356ab6791681f07e0672f41e71c02f67a5748ba25
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://gum.criteo.com/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1214041
expires
0
access-control-allow-origin
https://gum.criteo.com
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
Kestrel

Redirect headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-cache, no-store, must-revalidate
location
https://mug.criteo.com/sid?cpp=qioWvXxYQTQ0blNIREg3YW81QWpHb1ovMkREMHIyNWRIWmNEalNYSlA5RVUwUEc2Ui9CVUdVcmViZURPT1l4bEk3NnN3cC9kcjBIRlh2LzNHK29rdGdROWRDSWx1ejJQUU0vd1FoMjVYbk4zWXBHYXYwL2R4bU1DaGptTCtZTXdnMUVnMVQxWWkremMyTmhDZXpuWFpPdlgwa2txRTFzaldsOWhqMG9sWmNmYndlemNFOHFjTldvK0NrcVFrajdwdnR5VkQ5cW1IODlOM1pwbHYvTGhVQ0hoblNMeUtKSlA1UmFsVGJuQ04zQkNXSzNkRVp1ek9SenlOYUxycDRXUjNwM1NtYkRFQ3ZlSDVqa3Nwc2FYQUJCcG93OUllTEl2Z05CMGMvSkJjTVRyYkFiOD18&cppv=2
pragma
no-cache
server-processing-duration-in-ticks
322393
expires
0
content-length
0
date
Wed, 21 Jan 2026 12:11:09 GMT
server
Kestrel
profile-app.css
static.malavida.com/global/css_V144/ 		165 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.malavida.com/global/css_V144/profile-app.css
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2.17.100.203 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-203.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2530bbed403adfcece0e7e27031cc424e74e461aef7b771db98eb161b702d143
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=5163073
content-encoding
gzip
quic-version
0x00000001
expires
Sun, 22 Mar 2026 06:22:23 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=93600
content-length
24909
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Thu, 08 May 2025 06:07:16 GMT
content-type
text/css
server
Apache
vary
Accept-Encoding
sodar2.js
ep2.adtrafficquality.google/sodar/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601150101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

content-encoding
gzip
etag
"1747411493688989"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Wed, 21 Jan 2026 12:11:10 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
7188
x-xss-protection
0
server
sffe
ico-caracteristicas.svg
static.malavida.com/global/imag/ 		750 B
467 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-caracteristicas.svg
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
781e05d01b508e51712f84bb69bd36ef55513d6ec0a856208553706bff81b393
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4130716
content-encoding
gzip
expires
Tue, 10 Mar 2026 07:36:26 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
268
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 10 Oct 2022 06:13:38 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
en.png
static.malavida.com/global/imag/flags/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/flags/en.png
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2.17.100.203 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-203.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c4e9be1d0ee744cd18a0ac440cbc385ecad4ff27a60f2a7ca3160de280264ca2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4135489
quic-version
0x00000001
expires
Tue, 10 Mar 2026 08:55:59 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=93600
content-length
1235
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/png
server
Apache
es.png
static.malavida.com/global/imag/flags/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/flags/es.png
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2.17.100.203 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-203.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3949935c038b8bd0f86cb54461c44c1b13bc840cba1770fd663fd37fd3298b94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4409154
quic-version
0x00000001
expires
Fri, 13 Mar 2026 12:57:04 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=93600
content-length
1239
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/png
server
Apache
de.png
static.malavida.com/global/imag/flags/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/flags/de.png
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2.17.100.203 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-203.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3f2bbad96cc72e8481aaeffab83d88a169f74023e8b86340888e1959261a9bf3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4385419
quic-version
0x00000001
expires
Fri, 13 Mar 2026 06:21:29 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=93600
content-length
1131
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/png
server
Apache
fr.png
static.malavida.com/global/imag/flags/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/flags/fr.png
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2.17.100.203 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-203.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
44ed96f6dbe27d5722a25600fedee3ee0dd2203faf27f6ebb6152fd2212584d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4385419
quic-version
0x00000001
expires
Fri, 13 Mar 2026 06:21:29 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=93600
content-length
1200
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/png
server
Apache
it.png
static.malavida.com/global/imag/flags/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/flags/it.png
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2.17.100.203 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-203.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
30c9cbedbadcbf5e0730c35bb27c6bcddcb47757f94bc6872c8d043da4c6fe10
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4233457
quic-version
0x00000001
expires
Wed, 11 Mar 2026 12:08:47 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=93600
content-length
1174
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/png
server
Apache
pt.png
static.malavida.com/global/imag/flags/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/flags/pt.png
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2.17.100.203 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-203.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
85823cba4758cfa73c31b34b0ce554e098faea58cd04198fe5603aabb35fca60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4385419
quic-version
0x00000001
expires
Fri, 13 Mar 2026 06:21:29 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=93600
content-length
1440
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/png
server
Apache
jp.png
static.malavida.com/global/imag/flags/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/flags/jp.png
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2.17.100.203 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-203.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
010a80a91f952f506cdc499728a16703e40ee767968aebb74b03934716375c73
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=3329850
quic-version
0x00000001
expires
Sun, 01 Mar 2026 01:08:40 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=93600
content-length
1184
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/png
server
Apache
ico-comment.svg
static.malavida.com/global/imag/ 		608 B
612 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-comment.svg
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
e002f5c614e8a08afcffb7b25be6a11316dfe75b7ab60b309664f8f9245d167b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4388960
content-encoding
gzip
expires
Fri, 13 Mar 2026 07:20:30 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
413
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
bg_textarea_comment.png
static.malavida.com/global/css/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/css/img/bg_textarea_comment.png
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2.17.100.203 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-203.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b820c8792c3c4660141a46a9186eba88b0e2acd588314690883c4652e52ad33c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4385420
quic-version
0x00000001
expires
Fri, 13 Mar 2026 06:21:30 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=93600
content-length
1405
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Thu, 18 Aug 2016 07:07:23 GMT
content-type
image/png
server
Apache
ico-compartir.svg
static.malavida.com/global/imag/ 		610 B
550 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-compartir.svg
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
7151e0c3cbcb15872e0dcadf549d2dd11fdeb49d8273061f9e2664ede11536ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4310385
content-encoding
gzip
expires
Thu, 12 Mar 2026 09:30:55 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
351
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 10 Oct 2022 06:13:38 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
ico-whatsapp.svg
static.malavida.com/global/imag/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-whatsapp.svg
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
39393f0cbc55d34a840ef42c3ffc3db25f71bd87b717f79a30a4aefccaec23dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4385515
content-encoding
gzip
expires
Fri, 13 Mar 2026 06:23:05 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
1089
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
ico-facebook.svg
static.malavida.com/global/imag/ 		549 B
581 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-facebook.svg
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
4b736f78ad00a312a79339feb5dd33c12a683fb01f9c4ca2c561bd8e81a6043f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4088148
content-encoding
gzip
expires
Mon, 09 Mar 2026 19:46:58 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
382
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
ico-twitter.svg
static.malavida.com/global/imag/ 		295 B
383 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-twitter.svg
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
838c7db1a0e584544bb0b2bee63b503935fbf565156a2d55f57386f48e40fa64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4386246
content-encoding
br
expires
Fri, 13 Mar 2026 06:35:16 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
199
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Tue, 10 Sep 2024 07:02:19 GMT
content-type
image/svg+xml
server
Apache
ico-updated.svg
static.malavida.com/global/imag/ 		7 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-updated.svg
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
9b1f7abf40a474a2f37af56ef970deda9b302d20df41fd43fce91e912aeaa6cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4388959
content-encoding
gzip
expires
Fri, 13 Mar 2026 07:20:29 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
3010
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
ico-attachment.svg
static.malavida.com/global/imag/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-attachment.svg
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
0b3c00ee50a09f431e0b030299d6790fc1a7da6f0f49bec0cbf1319080e259e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4385617
content-encoding
gzip
expires
Fri, 13 Mar 2026 06:24:47 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
1891
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/svg+xml
server
Apache
vary
Accept-Encoding
ico-info.svg
static.malavida.com/global/imag/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-info.svg
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
612b10fc1032d1e36bb340306d562007b9bf47d6b856e713afa9184d45fa4766
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4391165
content-encoding
br
expires
Fri, 13 Mar 2026 07:57:15 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
1798
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/svg+xml
server
Apache
ico-facebook2.svg
static.malavida.com/global/imag/ 		769 B
614 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-facebook2.svg
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
e605914cb21bbf30ac8f93827c386cfb3c2c63f434c8315dbeac1048116615e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4388629
content-encoding
br
expires
Fri, 13 Mar 2026 07:14:59 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
430
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/svg+xml
server
Apache
ico-feed.svg
static.malavida.com/global/imag/ 		723 B
592 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/imag/ico-feed.svg
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c900:b::5f65:4a0d Schiphol, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Apache /
Resource Hash
a26c333422ea7ccfef07e917fab757bf7fbbff82f2200664aa5537a877888555
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://ultrasurf.ru.malavida.com
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=4130716
content-encoding
br
expires
Tue, 10 Mar 2026 07:36:26 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
408
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Mon, 19 Apr 2021 07:15:39 GMT
content-type
image/svg+xml
server
Apache
firmlogo.png
static.malavida.com/global/css/img/ 		933 B
954 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.malavida.com/global/css/img/firmlogo.png
Requested by
Host: static.malavida.com
URL: https://static.malavida.com/global/css_V144/profile-app.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2.17.100.203 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a2-17-100-203.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f7eb2e945f83424dfa06ebf3e81f5f7280be4747035b9d6cb2904db7924bca62
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://static.malavida.com/global/css_V144/profile-app.css

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
max-age=3969803
quic-version
0x00000001
expires
Sun, 08 Mar 2026 10:54:33 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=93600
content-length
933
date
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Tue, 10 Mar 2020 08:22:29 GMT
content-type
image/png
server
Apache
container.html
08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame CEEE 		7 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.141.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-ai-in-f1.1e100.net
Software
sffe /
Resource Hash
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ultrasurf.ru.malavida.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3121
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 21 Jan 2026 12:11:10 GMT
expires
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Thu, 08 May 2025 23:15:48 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame E0B1 		499 B
207 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhC30jMYxbf9lQIwAQ&v=APEucNUZAvTuoFWh_Phh2lHBJPJXVq18JmLEyQLvbV3H3XwC-5164k5OpcxvheCki1HMwGcFlFx4Gk2tUncWPIBdl82JLGIkiD-1Ai-KPl8umPMl3BKT5yk
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.141.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-ar-in-f2.1e100.net
Software
cafe /
Resource Hash
5ee2a16d4f8f9629ae75e0f94473f8601a4e0bf9527ba4467a094926e0947505
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
183
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 21 Jan 2026 12:11:10 GMT
expires
Wed, 21 Jan 2026 12:11:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame CEEE 		104 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
c9f15254b4c4d69bb19ae40865eac4cb7f3648afa3dc38430a75fc16693f1fae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
13592417060480921892
x-content-type-options
nosniff
expires
Wed, 21 Jan 2026 12:11:10 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
35960
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame CEEE 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CcLH0iyymCFRB_h2QNA29-SaEd6eIfO0y_Z2EBHAQgOmXYSF2N5cYeKYWto4whBKPbB0LfuhZccEDGEwe7RS55_EO9J3NUOasDp0w0v6dZQPm4zNY
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
r62eglto.js
ad4m.at/ Frame CEEE 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/r62eglto.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.129 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92b25fe61ad8f0e1bda3b0714abf408a6d06e0ae91264f681ea12ea912e2dbb9

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"5def55d462b620b902b847828089f90d"
age
4721
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gmr7Xr3qjCRYaUEEeBS6tKxl0BWgEFep428trz7G4WdZC9MVvgc3zyMZcO%2Bp5XzsyWfUKD7mSDOu2jOGxQlHUfV5xCs%3D"}]}
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 09 Jul 2025 17:40:47 GMT
vary
Accept-Encoding
priority
u=1,i=?0
cache-control
public, max-age=3600, must-revalidate, stale-while-revalidate=300
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray
9c16b66f2c6cbbff-ZRH
server
cloudflare
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20260120/r20110914/client/ Frame CEEE 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20260120/r20110914/client/window_focus_fy2021.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fec5a361dec923efe92848ca27b02b158b164380a9eaf6cc1625e08e0d9c101e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
6020003950853699975
age
59336
x-content-type-options
nosniff
expires
Tue, 03 Feb 2026 19:42:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 20 Jan 2026 19:42:14 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
1241
x-xss-protection
0
server
cafe
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20260120/r20110914/client/ Frame CEEE 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20260120/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7c2a319af282b5ae2ed151a1daf4ace7f5d041af58157b8fd7c27974bf40187c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
5680856984361098836
age
59336
x-content-type-options
nosniff
expires
Tue, 03 Feb 2026 19:42:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 20 Jan 2026 19:42:14 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
8670
x-xss-protection
0
server
cafe
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame CEEE 		227 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
73b6bc92bb30d26ac26c7f3eccc350f2694260c064cdaf588cdd945a642b16f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
12901288525138330123
age
3502
x-content-type-options
nosniff
expires
Wed, 21 Jan 2026 12:12:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 21 Jan 2026 11:12:48 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
71561
x-xss-protection
0
server
cafe
runner.html
ep2.adtrafficquality.google/sodar/sodar2/237/ Frame F654 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ultrasurf.ru.malavida.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ranges
bytes
age
2388
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5044
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 21 Jan 2026 11:31:22 GMT
expires
Wed, 21 Jan 2026 12:21:22 GMT
last-modified
Tue, 13 May 2025 23:17:50 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 6CE0 		829 B
568 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.141.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-aj-in-f4.1e100.net
Software
ESF /
Resource Hash
1b124e97a4cbc503a6c842ebf9a518eab5ea19e118f67810fd307d2582c762fa
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-wgmPL1KalTCb56-EGY5UPg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ultrasurf.ru.malavida.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-wgmPL1KalTCb56-EGY5UPg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 21 Jan 2026 12:11:10 GMT
expires
Wed, 21 Jan 2026 12:11:10 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
pixel
cm.g.doubleclick.net/ Frame E0B1 		170 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm&gdpr=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhC30jMYxbf9lQIwAQ&v=APEucNUZAvTuoFWh_Phh2lHBJPJXVq18JmLEyQLvbV3H3XwC-5164k5OpcxvheCki1HMwGcFlFx4Gk2tUncWPIBdl82JLGIkiD-1Ai-KPl8umPMl3BKT5yk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.208.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bp-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://googleads.g.doubleclick.net/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)
rum
dsum-sec.casalemedia.com/ Frame E0B1
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhPptYp9SDSg-st3dnPQCg&google_cver=1&gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhPptYp9SDSg-st3dnPQCg&google_cver=1&gdpr=0&C=1
43 B
302 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhPptYp9SDSg-st3dnPQCg&google_cver=1&gdpr=0&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhC30jMYxbf9lQIwAQ&v=APEucNUZAvTuoFWh_Phh2lHBJPJXVq18JmLEyQLvbV3H3XwC-5164k5OpcxvheCki1HMwGcFlFx4Gk2tUncWPIBdl82JLGIkiD-1Ai-KPl8umPMl3BKT5yk
Protocol
H2
Server
104.18.27.193 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://googleads.g.doubleclick.net/

Response headers

cache-control
no-cache
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
cf-cache-status
DYNAMIC
pragma
no-cache
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zF%2FCdRtPg%2BlY%2FgTBTsUhk1tytf8HNprqhxPCP6f3ucfOgpbeZhAF%2F53y6Vb3zzcSY8QRzeeulxapSYiBOWDSAV4b0LtAaAKY2DnQfWGDMi218OFWIswW"}]}
cf-ray
9c16b6700ba50d25-ZRH
expires
0
alt-svc
h3=":443"; ma=86400
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
image/gif
vary
accept-encoding
server
cloudflare

Redirect headers

cache-control
no-cache
location
/rum?cm_dsp_id=45&external_user_id=CAESENhPptYp9SDSg-st3dnPQCg&google_cver=1&gdpr=0&C=1
cf-cache-status
DYNAMIC
pragma
no-cache
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=GLuUazQHpKMc2f7qX8sumuZY6JEeIngamIAIFxgAu7YRqQBYdGCrunLmezcuIba43JsoijBZqhkBmUZd4YEEOaaKg3PHE%2Bzpd8eEpvu0DyqofZMl6l0%2F"}]}
cf-ray
9c16b66fbabd0d25-ZRH
expires
0
alt-svc
h3=":443"; ma=86400
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Wed, 21 Jan 2026 12:11:10 GMT
vary
accept-encoding
server
cloudflare
rum
dsum-sec.casalemedia.com/ Frame E0B1
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=aXDCXrmqPSYAKPvIBVX3AQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhPptYp9SDSg-st3dnPQCg&google_cver=1&gdpr=0
43 B
754 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhPptYp9SDSg-st3dnPQCg&google_cver=1&gdpr=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhC30jMYxbf9lQIwAQ&v=APEucNUZAvTuoFWh_Phh2lHBJPJXVq18JmLEyQLvbV3H3XwC-5164k5OpcxvheCki1HMwGcFlFx4Gk2tUncWPIBdl82JLGIkiD-1Ai-KPl8umPMl3BKT5yk
Protocol
H3
Server
104.18.27.193 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://googleads.g.doubleclick.net/

Response headers

cf-cache-status
DYNAMIC
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=A%2FdSO6BcWbxcllgiVqh0tztGNn%2FIBNB8N8W8ppmJhGZ8DTK8SlqyCfJQ7QOZwVAv9eNFrCaZ1F0GehtFmTA%2FniIGj%2BNX2BxXuxw1HMIB6vfJrH2ZrmXI"}]}
expires
0
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
image/gif
vary
accept-encoding
priority
u=2,i
cache-control
no-cache
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
pragma
no-cache
cf-ray
9c16b670baab3dba-ZRH
content-length
43
server
cloudflare

Redirect headers

cache-control
no-cache, must-revalidate
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhPptYp9SDSg-st3dnPQCg&google_cver=1&gdpr=0
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
324
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
sodar
pagead2.googlesyndication.com/pagead/ Frame 6CE0 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=237&li=gpt_m202601150101&jk=989187141825270&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.google.com/

Response headers

timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/
server
cafe
container.html
08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame CFD5 		7 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.141.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-ai-in-f1.1e100.net
Software
sffe /
Resource Hash
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ultrasurf.ru.malavida.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3121
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 21 Jan 2026 12:11:10 GMT
expires
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Thu, 08 May 2025 23:15:48 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame 5EB5 		7 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.141.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-ai-in-f1.1e100.net
Software
sffe /
Resource Hash
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ultrasurf.ru.malavida.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
3121
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 21 Jan 2026 12:11:10 GMT
expires
Wed, 21 Jan 2026 12:11:10 GMT
last-modified
Thu, 08 May 2025 23:15:48 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
evQoM_5ykg3cnFid_pK0j_59ykN_ItSbhBpMk1SRC4U.js
pagead2.googlesyndication.com/bg/ Frame F654 		53 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/evQoM_5ykg3cnFid_pK0j_59ykN_ItSbhBpMk1SRC4U.js
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
sffe /
Resource Hash
7af42833fe72920ddc9c589dfe92b48ffe7dca437f22d49b841a4c9354910b85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ep2.adtrafficquality.google/

Response headers

content-encoding
br
age
98020
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
x-content-type-options
nosniff
expires
Wed, 20 Jan 2027 08:57:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 20 Jan 2026 08:57:30 GMT
last-modified
Mon, 05 Jan 2026 11:18:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
accept-ranges
bytes
content-length
20925
x-xss-protection
0
server
sffe
gen_204
pagead2.googlesyndication.com/pagead/ Frame CEEE 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3430157400450&version=m202601130101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame CEEE 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3430157400450&version=m202601130101&ct=77&x=1&cor=4726720178563546112
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
ad
googleads.g.doubleclick.net/dbm/ Frame CEEE 		39 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BwrReIy5j5G_QKktB2w22dK1tAWxv0GFnJCyw0ylHYT3ClVqs6BJFbDDlwQOFWJbF--N0dW1oNP7uOIB5oX12S6obb21Ca9qHcH12amXpY4mGJmknCjrx-2bWV8JQ6_cFK0C4iE_hmUz_aQGuFC84Y8hjOS5rxbxa-0HLC9LERV1Jb7eC50U0u5P1-x_Bq5LOeV6hF2BBhGDsiAR3aEu56oHTNwO9pLPVqf83Ollj29ciN3odZ07Ig3DNQiFsb0WqofSV0W14N7CJgNZK1SyEay7bEswJmiMvhqUtezxiG5Xe2Vfc&cry=1&dbm_d=AKAmf-AhTbA44key5vc4EV_XztIoTd5sXEACKJ-KAyuV6LkVXEqg_UgbbNHs_67Dnqsf699OH9YFerkMd5ZBTjDyP7OWNf-h03NYCEpHFl4dWTuQ8VK2jPm1nBctlYu-bXff1E7WzKZwNgnzbokhGrXSnujeXCh2Ji2WcypaO9QrDXOVXshwRrsewLfixTfHRtgDNInUmdgD-yn2EX23rnM8rRwTeFXLCIYjx83FCkXQZ_t9qH33K_gXedW5IXDc-02rixWwOEadTEFlGLhXEc9iD4O0BKUoxbtiODejQdnu-X04lMR56cJ8luN76aKyZVrEOwMtSbz-XiiGd_kVFyYcqWLsUqYTCpratzm3L1TbDyrr8tVy4sG9yvb1UnYZVBN0Sf8jCVgnHYibp09ROZF01__XMFytIf6KWQv6OceoihBak4hUxZF7kXub3qZpKeuGMX3_vzsi8I2x6pUqlAjVCnnbtOgopXAqmOfC6rzSyTLTjvSCgVwPCVIGk4-qrh6t3vsZeukfGyIE_LsC1ugWlCYFLhHl_dHUFlojlaHM9v0WRNp4ifEqvAZ6O4RgJgJIP8hJ4xMuNp-R7uEMaCKtBu6ib9jgOntwVPMZ2L9J_qNVqjfyUWtOcqrvf-RQhoeLjKI5tAtbtviaGJdrn3BO58XwBx30nvnBRQnKL3d-UMkfOCpTVkb7GcoJmv4U10lKPGQ1kGTWbjfuO44z2FM1euPoE9LLZOb1h7wJzbeAbKaGVeOXoG8AiKhX3cf2pduUQvgnna7m7IuGMqyQi2bJo7VVkSQiGELlS7GulutOCeOUgC4KZl0Ue20iTJ3MGT5f0ac3iO3WHkjyFvFQKmkhFG5OicgPdMTRPmwQGpvaChgWNLvcNj0WN8YBhpYb_AhztgpQGyR4Z3Ddo6OhKMRZedGTv5neqJ9Hdi1hPE9KB8jT-XqaqxdbKLVFWdjpvH26605VAwwdmFEgnJhjojgYPUF9x9iyxRCQC_Cxyu14lqB1Tvj8sik-za9nFJC-WzcKztmbisg5VO5anw2R5_puwlSLC5nYaGkNwr7YaSlmvnMl0p7CqMoms7kFtZpiFhuboLo5nHg82EYsi9c_fdPEboSLgwF6uOgssoaIPZUcc_3cj6tsV8hufD6jYGGQmIDDNfVNXnEbZTGFfi8eJIHyFNlUdOP_vM40AT1Hon35Rmoe3VTK7je4zYwiSTeqF18QNnjhTvOWuZGp3pVJNLVJMB5_vTD6hiXraH_CU_JrJExtjMxkCLSmmvqAy_wYRRfRk11afBQNf9FDzPJGl86BTyWKATX7wb-mEXGhw3AtCc1BS4f7ccn6A7b_Fp_VzU8R1kc_aPpGjl89iAl5K135PVUVQW07Sjj_ZFld2QAuNBLZl-le5atum_Mbt4OhDlRYzJPTdkvgB2sjQsJSTfiN03UsWCoz3DWkg-5qzkXHJHxJz_nknFIBPdN0EGq_Ewc86yziJydxlR-Dk2azlsZmOYYjucWdOT7KPYRHWi_2hHxUd71iKnKSmGPcHoYw9QEaK8k3n0hWghABY5zvQYptYx7buf1aqE4n9UwA5-4-tVfMWU5udXXQ6uxZeR8Av-ZWjOwCdLZfnGI9kBlIZCR_26zLPV03iHcFftMDKyC8ddzjuASd5BmEasJarQxp_WocST9nfdbVn1AXyJl8NCrJsg5VUoW9veRNMeG0KPhUbJxkuqzG-cYmVxbaGIHKZo-KXNaMW4gzYEr4h3sUKRjrOKCSs-YJEVSkwiSs7nLXol69gvOg47lgDDeL0LTTYFENuDwsMJyq9z7rOwgrb-jIz0OzpAAvQuQJw0-gfr9ghoCMc2WPuBt53OEfoekp0PKsoEFMDyuHF5JGmhugRqp62UJpaIeMO5MIpUFIPwtOJXTzVpB25DXO8EnWdCUscrY-TP80SsOwGWgucjBwh5SiXS3BssLyvIVKPz9m6w1zl9AcyVb21rt2jdW-ChvDdAd67W855FGt7FdNg7aB-RgOKtpmXzXtrLLoHS5FNTAn5g8Rt391duWr3v0LRKq7WIf2G8_gVTdjOGy_zlBMvgXWj3bJFQylHEDq7k-Jqi1SPFX66Hy-ofHOe6eD33uzgGJKAApo-PdLXYkffslhgw8vDjEREWZdOa5k6AXivu7a-5c3WVASjj5-umcS7gHNCWBzKQvVsD_vOuE0PJFTOWYQKEOYT5vCcRMeyJUUWiEanovgMP2Bi1JO1vEqkGg7_SToIptE6QepyJ55uFvZA-XxyZttHmHjgfPJUrK96PVYakxBBr5ck5MtLxoxdKIqtkC3HGwWoeHWNrKlaBdKay2tdQDZ_svEW5zXs3HUCFIhRy1vkSNZQ1bJ6IxsOVGT-V9qv_yJ670J1tsUGue3ahosm_0hWHvEPihgsK49FBGw4qG2Vx7MQ0uyhUhVoiMAKNvkAmQhgfknbX97zB_IX2tDj9vjYaG7qiijwr6lKpjeo72ucNLSOlTPCfJt9Ih_ebW-xq9kNxg8YmRtFFXiA1HWsNh649vi_ioqEGJd5CvWaLaY_U9kItQ01CrgwEAYqOvxdWXUnXej9rFLxz1AEFxkIXS4TavfwYG7YGEpggv74lpUJ2Gu-0r5gABsdwokUEQbOhRva0HDLVcS2hoSctt6uxT7m5e9grhzPslN2wTCPGNgSzZ4gImTbgvESByIMDe__OUBQCvue57gVtmwWa5Pu-0Jo94yZB-HEeH0mFjIGGS2m82oqiDGj3j9n1fC-wlxRtRTQk0EPdLn4619zVHApAvAYPz2b70h0ev2a8lXj1bn1q57xgHw9sL3dFOYFIr7GFLVwQSnQpLuqscZeXANPYjG6WuMrTxuFjh07iChrfEuDCFDCR-NeKaNvxL8UiHWcNsGrmnoyuHGrfFof-VQjoxBiwHNdcXuVt162P1hxHNrEujd7V8jPaEOcbqkzLsR4u3KOsMQAkYfo2MQLgxuPJGgqYoxiPK0yYv0867GxWVjULw7Og1HtvoVRImhfQVTDzd8I1gJUgLEztrcPewMyPwGfQbne9IwKoei0nr7b3aRvFfCa7xU5JBqaOuwPPZxJ6VEX6XeudpHsTszO7xAjEEjqoo75UFDMQJw9rWRu4dj4AwnnXVkHcSu2EN3wcQYJFpWisTzgZV5nybUt9JNlIlCKUSr4uyD13p6d5VouXZkSet60929Qd4CXbg_k9JZdD6AiTLgZiBHQf9NWzFIFtMNJd0VvzI4ymLUgOrED5oKZqHVhcTUtQo4_yT6R6DNV65ndQhxEi5Sfd2qwvq_zdh2qhzLII4Ae8BQze1ze43oQh5TOESkjpvYZFnvNQMdNZAczLlgpKf5x1xggfKktKj4APEECpOKErZG6tffgMcPj4nli8T_Rv4wyjlcqUlaYe4LBeV0B27lrYzz6GT00St1ZJdeqJUKgC3IvzeDeK4xmjlbFLlBj1jxDdfNrmL-BUD6F1HfTL3WYObpgYbUVYpg3czbt0ek_wvilxZLlc0LdngZ74ZZGQlgxoP5BKBKMpdBHw1wag-xhLyqgr6DDV_eeBFqdy1UZwmZ2Y5we2fkAq_QIfkhzRMdWZ4dMAT7ki94JpZ8zgGoRcz6N82XqKymmfpr-iLn69oU8Jpq-7Jfkq7SnWdyxku6vL7cD1pfUVoluSFor5zrQWlSoV7G5mh6zFYL4EcyxT57gSONn70C3TFyLHnhhU4yl0GSGc_HkBsh_X_CHv5MejTgP5J66zUCRgnfIWETK3n6j6TNUs3Lj3K_G1Ox0_8QWWS04GL8Q1OEOBJQkp8HY2_M5KRGXf27dOy5kBOv4HV6fKWCsw6z-a-IPSWE09RyCNJ4nIhO1GMl1MVJN1-L29YSQgfXqCkYDTGF6J686I5QDYycn2khdJE4sGw8owzDAlbXpiMS0wPhmUrCip2ih-NEE5Sp09cDNt01Vm6mvW0Lm_E7d1CxL1XxiHr5JPU4HMrxlMb8TqTusK4iP-18rbiVkre4ZBV6PHCHkuH29DCqrPTtucmVu_09K-6gFqfArsVWNQdjcBel6FDTFl0THv1RJCuOuvjRRkGy-yNCN3PVGO_8T7DW1ECtIfVf7498gOwnZsov30M6m7ORBdrufkI59n_opAgKGbtQgtmmdsMrUZvwwdCncZSYXLtHjTc4ZkCxhARK9nrw6LowZocqu9sZtBSicJxJMbpBAdt078pquZECPg7j1hR4liSgMlDma8gKCSceLOdEz8Z_NtMPDaBb4__kHZKCz0EnrIT8k6DfiWcstTy-m8jtI0J91ebaTywV3B-S1sfaMeNPI1m2EUk2-uXM4jUXeTDx5SNO-rsUgsU9c7omPld5nKcCDpQAqhaaFS9zvfRbjRm-_bSWeDxDsxz3EO--NDBvPezD9P_sNYYXyoMr7BuElgg6wuQfrLtEF018fDLrjk5eyHZDr6KVe5SOUdqq5EbIzQeNfMd0EmPYkQj-W9AmqbYKV7MIzHtXXdGoQVxca1w2ORZl0A4jD_FusAfThjsVGUl5rVHKfmhGro3l14-F46KYfyMKfw-qHdloV44qjpYaXrDQPydY4Ye93EK-7C9MA0THCCV3X189XUAkgxf0e5oGPg-PcPc39G350A4i3afmsXZJ6KPv_sfjA_JrQp6XGVRJ0-RNgUwMVrnuOlJ-wY2B_CnLzF5BZm2mYPvUsA70srC46AYtD0E3LMFOnUViXNrAJ-M_8PQH5_KUbG_fP5EBpbL0sKpZ7WfPS3zYcDXdvxYd2_W98mYxsQjMoy1VvsrdErFXTzwOgQJIlsw4AOCUxaKkvMZ-AFdg1kHGCUlSAqacON7OsPULM6CEGvX2MyMJFonQMn5Mvi9UPpxoXWlr_elq_4DlE57nexdW7nz9v9kMi19WxdLvSQhPTEWH373nYHErY8jMFSdT1z_KFfvhXpdOAinIGYQ3UuslrbXUJnTWADyH_917QSl2gQ2m0OUGRRs_DX3DlcvhJ7eolRPiBWwDrNY1CLPOMGWu7nOjtNoc35Q82aqSFjQNHeHONb8Cf1tv3Flb2WszYAMYRS0eX6wg2zIo7zbLksRxsEAJxc65XLDq0HFN7OKirMrQcfL4F8nrYFQc2YO3raZ14HytZtJgtoH7HfwocIUJvc_b&cid=CAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE&dv3_ver=m202601130101&nel=1&rfl=https%3A%2F%2Fultrasurf.ru.malavida.com%2F&ds=l&xdt=1&ct=77&iif=1&cor=4726720178563546112&adk=250412561&idt=95&cac=0&dtd=32
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.141.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-ar-in-f2.1e100.net
Software
cafe /
Resource Hash
027516bc4cce1fde8f3d9fdd22af985efb202ac84d7ce5631878c3c13cfbb0aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
22266
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
adview
securepubads.g.doubleclick.net/pagead/ Frame CFD5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C3os8XsJwaaKxCofcjuwP8MmQ6Qb577npc8D4-ezNEMCNtwEQASCLwpgCYPWVzoHgBMgBCeACAKgDAcgDAqoEtwJP0GyaqlS5NB4RbMi2qCOjqb1r5xqDFMge-Dp3_y2Kn8KF9XyWik1Je4BA9L-93EeILSSdSGUCNrstcItBOTF9Ydd37c2LJ8sojPn6SZ7sreIp-D82k5ecvdpSsVnSlMhTvVmTbpFEpLSJ192XSXx7o_AyBHIF4WAat53LPuyrTQmzj8sLR-Q1B5orbU_lJSocX749MvLa4kKlwv1A0G04VMO2gtdb0a_E1J32awUn1t0caOBtHqVdFc6Eh6dV_Ybw7p7eC8n96shv-Do6sfnZ8FpCM7zW9Vbl6tr9weev8s54uxcKSP-uLQpD-4tr5UTHys61iXJ3eJpM03Akfs3QZkiucIKg1ToTGIRqFZGdzdpi5dChpGUUEh88ShGaiJi-LEHOgyAtD2guccHMyUcxGmTuWPfvfuAEAYAG2OurzpfG5OOZAaAGIagHk9ixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCwIgGEQATIIioKAgICAgAg6DYBAgMCAgICAqIACqANIvf3BOljHmMSOzZySA4AKAfoLAggBgAwBqg0CQ0jiDRMIy8TEjs2ckgMVB66DBx3wJCRt6g0TCL2qxY7NnJIDFQeugwcd8CQkbYgO____________AdAVAYAXAbIXLAoaEhRwdWItMjE4MTE5NTcxMDczNzkyNxih_Q4YDCoKODg0MzE2NjIxN1ABqhgXCfPSTWIG-vlAEgo4ODQzMTY2MjE3GAE&sigh=A6lsJBIC39Q&uach_m=%5BUACH%5D&cid=CAQSswEA56J1eaQg3CqD7zM4WcDS7hXYQuv922ss5V2l1XU1MrsINScQDdMk1eJykaTd3zUEnXnbv_vx5NHOSMY6DOaxItJcPQmAyGOEyP-8q-E7YULR-Ttm6tXxEEXYVEqwx2513fDYT0TO26MEtGPr0fqZ0DurIpD3A4o671ejw4DbBxGMPgBodPNUojpSAtfbDdy58Hm4c-kfh28fHMRDmUkF3VIFiUnN0F1DBbiSIC-IICqeGhgB
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers
win
trace-eu.mediago.io/ju/ Frame CFD5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trace-eu.mediago.io/ju/win?tn=41b6e88a2b85b0e731ef8e73e5558712&trackingid=b37b648af8165f20b7bd525692374c43&acid=32647&data=da2cNBw7-rOBE-_6UzlEw6imx5f21_xAFl94m1a-cNj97eZkuCHPgk_FPtq3aMvOqDaBmXVbx0DHqeOnajh5yOFOPKwSqtRMu_LU9x1Mwqs1U-w1LcyPuEkk5HWGrakygtu73cipo1HifTjEmp9LbSGbTYA0ue2p5uoHTrwEf_53SNVhH1ih53Zs2WwCnC0ZPWLUQK3w0uHFsV93Gw4CRKACDzhuJF_4vXtemapKQ6OSjAv3JQA2QBoMKGs51qRRQKOMJsIlrIU2xvCxInEDWPMYOroUFkQImtQ2zxH46LXaK12LslaRnNOdEBS4QfxWkkGd4DvffIGyocMuyTxB7N06l6XMZ2X92q0PyZHdIBVFs4UHBl4gwuY7YGcMP3Y3xGdnSZH3Rn6tjp7NblJ4ACGeyqs2xrMaGuI7SdegJu5PY_8KA-rnUqPV7RHBaY_NsgDLjufHvck12sCmPGyebR6z0cggDMNTtZMovfEvWv3Q8x_GETXBwg5WqWOjGTsRESRPQAvm2HYVwbSM91TKmkjQTQEFH-VMV9aXuhG7GeTCdwL8fBDh6nge3wB-rrAK9iEBzmDVzffzlqYdNg5M07rjSUVpRLwFZAz0rUbSUI4F0JDDzAs3W-MabGKSP0HXCIwAtrDSR0Gbp5PQP1WOUMKtaFu8PfZ00M3PNW9OqZ_1i1cw3WJpASry_c38VqOAgNG51xCcJuJ881x2kGOnhIvdwBIt1WiVFlddIHXtKc_SODZSzy_WneDJURJYiNyaDdDJ1BoE-UlbxoYvIkblKaHvH9GW1e7iHeZhCvoxa5s&uid=mid_c0395bf745939f23b86704e2b354c6af&mguid=&ap=aXDCXgACmKIHg64HACQk8DhegZ1PHymi-QJv-Q&tid=4
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/html; charset=utf-8
style_banner_704028.css
images.mediago.io/js/mediago/style/ Frame CFD5 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://images.mediago.io/js/mediago/style/style_banner_704028.css
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.60.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
239.60.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
ce5666de657b488a077bcb5da6707273520dd952c8c655ddb13ced7148683c58

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Access-Control-Allow-Origin, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=wbbkDg==, md5=H0uWDDmJmTQOzRiHfU9lsg==
etag
"1f4b960c398999340ecd18877d4f65b2"
age
3144
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
1769
date
Wed, 21 Jan 2026 11:18:46 GMT
last-modified
Fri, 26 Dec 2025 02:12:54 GMT
content-type
text/css
x-guploader-uploadid
AJRbA5Xwivga9kBrRjOVTPx5TdACx-QDYFlUL7TBUMoeaXTbAaf7WtF2901vWwUHu1NAegE6
cache-control
public,max-age=3600
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1766715174277348
content-length
1769
content-language
en
server
UploadServer
5b3ef4f8d32d808f253219ee6e15dd7c__scv1__622x368.webp
images.mediago.io/ML/ Frame CFD5 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.mediago.io/ML/5b3ef4f8d32d808f253219ee6e15dd7c__scv1__622x368.webp
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.60.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
239.60.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544a7c9a6a95f0e47a5828704b5fa937e705995b676b16ed6f65f75f2e75d88c

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type,Access-Control-Allow-Origin
x-goog-hash
crc32c=uBthxw==, md5=+7VeIS611s6/5xZCZF2rGA==
etag
"fbb55e212eb5d6cebfe71642645dab18"
age
125
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
11422
date
Wed, 21 Jan 2026 12:09:05 GMT
last-modified
Fri, 07 Nov 2025 14:16:50 GMT
content-type
image/webp
x-guploader-uploadid
AJRbA5Xo2AsMbJcbxnVavXOqjIYg2Sz9W6bRJQAvRG6qTJDnRe1eQ9eaaCoe_6wXi8U3CvBPFzdwDeMJ_kDoQw
cache-control
public,max-age=3600
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1762525010847857
content-length
11422
server
UploadServer
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20260120/r20110914/client/ Frame CFD5 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20260120/r20110914/client/window_focus_fy2021.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fec5a361dec923efe92848ca27b02b158b164380a9eaf6cc1625e08e0d9c101e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
6020003950853699975
age
59336
x-content-type-options
nosniff
expires
Tue, 03 Feb 2026 19:42:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 20 Jan 2026 19:42:14 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
1241
x-xss-protection
0
server
cafe
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20260120/r20110914/client/ Frame CFD5 		21 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20260120/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7c2a319af282b5ae2ed151a1daf4ace7f5d041af58157b8fd7c27974bf40187c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
5680856984361098836
age
59336
x-content-type-options
nosniff
expires
Tue, 03 Feb 2026 19:42:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 20 Jan 2026 19:42:14 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
8670
x-xss-protection
0
server
cafe
ext.js
tpc.googlesyndication.com/safeframe/1-0-45/js/ Frame CFD5 		23 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-45/js/ext.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4c95e84767aed248594e7d485707c7ed904fd2fe4ec3ea98687fc2de59ddf231
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
x-content-type-options
nosniff
expires
Wed, 21 Jan 2026 12:11:10 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/javascript
vary
Accept-Encoding
last-modified
Thu, 08 May 2025 23:15:48 GMT
cache-control
private, max-age=300
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
content-length
6269
x-xss-protection
0
server
sffe
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame CFD5 		227 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
73b6bc92bb30d26ac26c7f3eccc350f2694260c064cdaf588cdd945a642b16f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
12901288525138330123
age
3502
x-content-type-options
nosniff
expires
Wed, 21 Jan 2026 12:12:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 21 Jan 2026 11:12:48 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
71561
x-xss-protection
0
server
cafe
adview
securepubads.g.doubleclick.net/pagead/ Frame 5EB5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CJd_oXsJwaaSxCofcjuwP8MmQ6Qb577npc8D4-ezNEMCNtwEQASCLwpgCYPWVzoHgBMgBCeACAKgDAcgDAqoEvAJP0JbkKc4_SsS46EvMgNB6hj5lxREE48dbM0n5sQZ8MRd784jRMDvHfmM7x1Bz7LNjdygItUGXU4KnQPIc3pKNDapNOQViSp4jNBKTrCulEcO2r-2Go7rtdO0vbv-8dqu3CC2W2Kn0_EFE42VT6y0RC7VlrODc7_mofEOC2lXMTt8TpHeTYZBM_A8_5JjE08fQZQn827f9Id0lGHqNk1S7-7E51T2pfMpEQ5ok1k8DVAwmtSJ1uMxdpfdVHL03dJG8RWMVr8Z6ndKP8Ooz3CgkuP8Gv_HcXZVfU6_pZxdcLkR84DIyPhH_mVzYXMODux0oWWgF4y-uX4cXn-MpCpKUFkmTM3tDZ8LfmHaDYcTCN9SBs7uIGiLoiM82vpun1TU5pqNMweqx2Ai2137u9FGeYbeuWldqaEiNKs6h4AQBgAbY66vOl8bk45kBoAYhqAeT2LECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAqgHrb6xAtgHANIILAiAYRABMgiKgoCAgICACDoNgECAwICAgICogAKoA0i9_cE6WMeYxI7NnJIDgAoB-gsCCAGADAGqDQJDSOINEwjMxMSOzZySAxUHroMHHfAkJG3qDRMIvqrFjs2ckgMVB66DBx3wJCRtiA7___________8B0BUBgBcBshcsChoSFHB1Yi0yMTgxMTk1NzEwNzM3OTI3GKH9DhgMKgo4MjQ4MzI3MjgxUAGqGBcJhutRuAZY20ASCjgyNDgzMjcyODEYAQ&sigh=u6h2970pfeo&uach_m=%5BUACH%5D&cid=CAQSswEA56J1eaQg3CqD7zM4WcDS7hXYQuv922ss5V2l1XU1MrsINScQDdMk1eJykaTd3zUEnXnbv_vx5NHOSMY6DOaxItJcPQmAyGOEyP-8q-E7YULR-Ttm6tXxEEXYVEqwx2513fDYT0TO26MEtGPr0fqZ0DurIpD3A4o671ejw4DbBxGMPgBodPNUojpSAtfbDdy58Hm4c-kfh28fHMRDmUkF3VIFiUnN0F1DBbiSIC-IICqeGhgB
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers
win
trace-eu.mediago.io/ju/ Frame 5EB5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trace-eu.mediago.io/ju/win?tn=41b6e88a2b85b0e731ef8e73e5558712&trackingid=bcf588586dd7c0887c0336313a2d7761&acid=32647&data=_GOyXYA3n7RWFri7CPAB8G7c25BS1CP7kLy1e9ugRfTTBckqESaE60ZDS1LId4jeSZSMWwrPah2tvWZBX8ZHRkoIn4_el3OCt-No9IvKbogkOD8bG7YmANy8AI9wxvLN8jvAR7sfx2Ag2XfdkgDurOspgz55XRkK07Tlb5ni3p-EjAxmp3yjOLvtBJcj9WFmxePGYbRCYgr3-Mt-XhUBB7hc0uneItV1A0s_s_Nx2nL2a5Z9Vh_N2NifLz_VVBliUL70n5rqPJYBr6MB4YBOQHJPZATplpW-LJBUvdDxw38VdwVrzhWB4widil2fYXe5q0O31iWxiyKnfY9Zbd98hqNXP_DdgAx1No1uWH6r40P4_KS8Qm5VV_JVV51GBO5scu9F1h_buBUZH47QyitTa_mVJuGIQAux_x3ziodcNANA2HV_oI5K7NdTbqatioFLC2hosJQ63OseazA1U-QXKEeWHL8bTS7j_tUzQw-EScFs_LkxMYUVS_K_vjYZ4VcJ6VIXsJw8uBAoAYWBrDLGn1tfqM5FHW_bqgDZUA4jX5hnCiaJUCXtp2TZiYwv8_naCbWwbNaqKLYmV8IsD7J3ech7cRJD7VdEKUBXrPJ30Ot4wwS3Lvjv5c7bG5LWunT7kGOYVIQbHlYv8uoBKSRgjf9xayZ5gmQ6NODnrjLbJxJeY_Qkv_VOLL8NIwYh0tB330xaOYZIsJfNr9Dk86mio3o0UpsQzTHDFN96wO-xbTxo4U1WJPmJKooKChqbMcyGjrFedpUzZAxeuZfZ6ADLfUseUTmi7Xs21bwqPh53yJw&uid=mid_c0395bf745939f23b86704e2b354c6af&mguid=&ap=aXDCXgACmKQHg64HACQk8Pz1Eh8p3-6MbrWQ_g&tid=72
Requested by
Host: ultrasurf.ru.malavida.com
URL: https://ultrasurf.ru.malavida.com/windows/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/html; charset=utf-8
style_banner_a02e55.css
images.mediago.io/js/mediago/style/ Frame 5EB5 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://images.mediago.io/js/mediago/style/style_banner_a02e55.css
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.60.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
239.60.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
34a98604b4b7a00a71a261980cf629591174f8e717fd078577b1fb04ed357d8b

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Access-Control-Allow-Origin, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=SCd8oQ==, md5=BYFXdeMDSX7I4vSpqEZ/Bg==
etag
"05815775e303497ec8e2f4a9a8467f06"
age
847
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
1174
date
Wed, 21 Jan 2026 11:57:03 GMT
last-modified
Fri, 26 Dec 2025 02:13:00 GMT
content-type
text/css
x-guploader-uploadid
AJRbA5XAg9BFtiKN2d7i1nIOSVbPlhfZsbsdFE52retI4YJHeFi71bTMqXG5HQF4IuMoL7iSaFMh-HU
cache-control
public,max-age=3600
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1766715180489855
content-length
1174
content-language
en
server
UploadServer
5b3ef4f8d32d808f253219ee6e15dd7c__scv1__622x368.webp
images.mediago.io/ML/ Frame 5EB5 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.mediago.io/ML/5b3ef4f8d32d808f253219ee6e15dd7c__scv1__622x368.webp
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.60.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
239.60.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544a7c9a6a95f0e47a5828704b5fa937e705995b676b16ed6f65f75f2e75d88c

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type,Access-Control-Allow-Origin
x-goog-hash
crc32c=uBthxw==, md5=+7VeIS611s6/5xZCZF2rGA==
etag
"fbb55e212eb5d6cebfe71642645dab18"
age
125
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
11422
date
Wed, 21 Jan 2026 12:09:05 GMT
last-modified
Fri, 07 Nov 2025 14:16:50 GMT
content-type
image/webp
x-guploader-uploadid
AJRbA5Xo2AsMbJcbxnVavXOqjIYg2Sz9W6bRJQAvRG6qTJDnRe1eQ9eaaCoe_6wXi8U3CvBPFzdwDeMJ_kDoQw
cache-control
public,max-age=3600
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1762525010847857
content-length
11422
server
UploadServer
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20260120/r20110914/client/ Frame 5EB5 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20260120/r20110914/client/window_focus_fy2021.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fec5a361dec923efe92848ca27b02b158b164380a9eaf6cc1625e08e0d9c101e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
6020003950853699975
age
59336
x-content-type-options
nosniff
expires
Tue, 03 Feb 2026 19:42:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 20 Jan 2026 19:42:14 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
1241
x-xss-protection
0
server
cafe
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20260120/r20110914/client/ Frame 5EB5 		21 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20260120/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7c2a319af282b5ae2ed151a1daf4ace7f5d041af58157b8fd7c27974bf40187c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
5680856984361098836
age
59336
x-content-type-options
nosniff
expires
Tue, 03 Feb 2026 19:42:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 20 Jan 2026 19:42:14 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
8670
x-xss-protection
0
server
cafe
ext.js
tpc.googlesyndication.com/safeframe/1-0-45/js/ Frame 5EB5 		23 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-45/js/ext.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4c95e84767aed248594e7d485707c7ed904fd2fe4ec3ea98687fc2de59ddf231
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
x-content-type-options
nosniff
expires
Wed, 21 Jan 2026 12:11:10 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/javascript
vary
Accept-Encoding
last-modified
Thu, 08 May 2025 23:15:48 GMT
cache-control
private, max-age=300
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
content-length
6269
x-xss-protection
0
server
sffe
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 5EB5 		227 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
73b6bc92bb30d26ac26c7f3eccc350f2694260c064cdaf588cdd945a642b16f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
12901288525138330123
age
3502
x-content-type-options
nosniff
expires
Wed, 21 Jan 2026 12:12:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Wed, 21 Jan 2026 11:12:48 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
71561
x-xss-protection
0
server
cafe
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20260120/r20110914/ Frame CEEE 		28 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20260120/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BwrReIy5j5G_QKktB2w22dK1tAWxv0GFnJCyw0ylHYT3ClVqs6BJFbDDlwQOFWJbF--N0dW1oNP7uOIB5oX12S6obb21Ca9qHcH12amXpY4mGJmknCjrx-2bWV8JQ6_cFK0C4iE_hmUz_aQGuFC84Y8hjOS5rxbxa-0HLC9LERV1Jb7eC50U0u5P1-x_Bq5LOeV6hF2BBhGDsiAR3aEu56oHTNwO9pLPVqf83Ollj29ciN3odZ07Ig3DNQiFsb0WqofSV0W14N7CJgNZK1SyEay7bEswJmiMvhqUtezxiG5Xe2Vfc&cry=1&dbm_d=AKAmf-AhTbA44key5vc4EV_XztIoTd5sXEACKJ-KAyuV6LkVXEqg_UgbbNHs_67Dnqsf699OH9YFerkMd5ZBTjDyP7OWNf-h03NYCEpHFl4dWTuQ8VK2jPm1nBctlYu-bXff1E7WzKZwNgnzbokhGrXSnujeXCh2Ji2WcypaO9QrDXOVXshwRrsewLfixTfHRtgDNInUmdgD-yn2EX23rnM8rRwTeFXLCIYjx83FCkXQZ_t9qH33K_gXedW5IXDc-02rixWwOEadTEFlGLhXEc9iD4O0BKUoxbtiODejQdnu-X04lMR56cJ8luN76aKyZVrEOwMtSbz-XiiGd_kVFyYcqWLsUqYTCpratzm3L1TbDyrr8tVy4sG9yvb1UnYZVBN0Sf8jCVgnHYibp09ROZF01__XMFytIf6KWQv6OceoihBak4hUxZF7kXub3qZpKeuGMX3_vzsi8I2x6pUqlAjVCnnbtOgopXAqmOfC6rzSyTLTjvSCgVwPCVIGk4-qrh6t3vsZeukfGyIE_LsC1ugWlCYFLhHl_dHUFlojlaHM9v0WRNp4ifEqvAZ6O4RgJgJIP8hJ4xMuNp-R7uEMaCKtBu6ib9jgOntwVPMZ2L9J_qNVqjfyUWtOcqrvf-RQhoeLjKI5tAtbtviaGJdrn3BO58XwBx30nvnBRQnKL3d-UMkfOCpTVkb7GcoJmv4U10lKPGQ1kGTWbjfuO44z2FM1euPoE9LLZOb1h7wJzbeAbKaGVeOXoG8AiKhX3cf2pduUQvgnna7m7IuGMqyQi2bJo7VVkSQiGELlS7GulutOCeOUgC4KZl0Ue20iTJ3MGT5f0ac3iO3WHkjyFvFQKmkhFG5OicgPdMTRPmwQGpvaChgWNLvcNj0WN8YBhpYb_AhztgpQGyR4Z3Ddo6OhKMRZedGTv5neqJ9Hdi1hPE9KB8jT-XqaqxdbKLVFWdjpvH26605VAwwdmFEgnJhjojgYPUF9x9iyxRCQC_Cxyu14lqB1Tvj8sik-za9nFJC-WzcKztmbisg5VO5anw2R5_puwlSLC5nYaGkNwr7YaSlmvnMl0p7CqMoms7kFtZpiFhuboLo5nHg82EYsi9c_fdPEboSLgwF6uOgssoaIPZUcc_3cj6tsV8hufD6jYGGQmIDDNfVNXnEbZTGFfi8eJIHyFNlUdOP_vM40AT1Hon35Rmoe3VTK7je4zYwiSTeqF18QNnjhTvOWuZGp3pVJNLVJMB5_vTD6hiXraH_CU_JrJExtjMxkCLSmmvqAy_wYRRfRk11afBQNf9FDzPJGl86BTyWKATX7wb-mEXGhw3AtCc1BS4f7ccn6A7b_Fp_VzU8R1kc_aPpGjl89iAl5K135PVUVQW07Sjj_ZFld2QAuNBLZl-le5atum_Mbt4OhDlRYzJPTdkvgB2sjQsJSTfiN03UsWCoz3DWkg-5qzkXHJHxJz_nknFIBPdN0EGq_Ewc86yziJydxlR-Dk2azlsZmOYYjucWdOT7KPYRHWi_2hHxUd71iKnKSmGPcHoYw9QEaK8k3n0hWghABY5zvQYptYx7buf1aqE4n9UwA5-4-tVfMWU5udXXQ6uxZeR8Av-ZWjOwCdLZfnGI9kBlIZCR_26zLPV03iHcFftMDKyC8ddzjuASd5BmEasJarQxp_WocST9nfdbVn1AXyJl8NCrJsg5VUoW9veRNMeG0KPhUbJxkuqzG-cYmVxbaGIHKZo-KXNaMW4gzYEr4h3sUKRjrOKCSs-YJEVSkwiSs7nLXol69gvOg47lgDDeL0LTTYFENuDwsMJyq9z7rOwgrb-jIz0OzpAAvQuQJw0-gfr9ghoCMc2WPuBt53OEfoekp0PKsoEFMDyuHF5JGmhugRqp62UJpaIeMO5MIpUFIPwtOJXTzVpB25DXO8EnWdCUscrY-TP80SsOwGWgucjBwh5SiXS3BssLyvIVKPz9m6w1zl9AcyVb21rt2jdW-ChvDdAd67W855FGt7FdNg7aB-RgOKtpmXzXtrLLoHS5FNTAn5g8Rt391duWr3v0LRKq7WIf2G8_gVTdjOGy_zlBMvgXWj3bJFQylHEDq7k-Jqi1SPFX66Hy-ofHOe6eD33uzgGJKAApo-PdLXYkffslhgw8vDjEREWZdOa5k6AXivu7a-5c3WVASjj5-umcS7gHNCWBzKQvVsD_vOuE0PJFTOWYQKEOYT5vCcRMeyJUUWiEanovgMP2Bi1JO1vEqkGg7_SToIptE6QepyJ55uFvZA-XxyZttHmHjgfPJUrK96PVYakxBBr5ck5MtLxoxdKIqtkC3HGwWoeHWNrKlaBdKay2tdQDZ_svEW5zXs3HUCFIhRy1vkSNZQ1bJ6IxsOVGT-V9qv_yJ670J1tsUGue3ahosm_0hWHvEPihgsK49FBGw4qG2Vx7MQ0uyhUhVoiMAKNvkAmQhgfknbX97zB_IX2tDj9vjYaG7qiijwr6lKpjeo72ucNLSOlTPCfJt9Ih_ebW-xq9kNxg8YmRtFFXiA1HWsNh649vi_ioqEGJd5CvWaLaY_U9kItQ01CrgwEAYqOvxdWXUnXej9rFLxz1AEFxkIXS4TavfwYG7YGEpggv74lpUJ2Gu-0r5gABsdwokUEQbOhRva0HDLVcS2hoSctt6uxT7m5e9grhzPslN2wTCPGNgSzZ4gImTbgvESByIMDe__OUBQCvue57gVtmwWa5Pu-0Jo94yZB-HEeH0mFjIGGS2m82oqiDGj3j9n1fC-wlxRtRTQk0EPdLn4619zVHApAvAYPz2b70h0ev2a8lXj1bn1q57xgHw9sL3dFOYFIr7GFLVwQSnQpLuqscZeXANPYjG6WuMrTxuFjh07iChrfEuDCFDCR-NeKaNvxL8UiHWcNsGrmnoyuHGrfFof-VQjoxBiwHNdcXuVt162P1hxHNrEujd7V8jPaEOcbqkzLsR4u3KOsMQAkYfo2MQLgxuPJGgqYoxiPK0yYv0867GxWVjULw7Og1HtvoVRImhfQVTDzd8I1gJUgLEztrcPewMyPwGfQbne9IwKoei0nr7b3aRvFfCa7xU5JBqaOuwPPZxJ6VEX6XeudpHsTszO7xAjEEjqoo75UFDMQJw9rWRu4dj4AwnnXVkHcSu2EN3wcQYJFpWisTzgZV5nybUt9JNlIlCKUSr4uyD13p6d5VouXZkSet60929Qd4CXbg_k9JZdD6AiTLgZiBHQf9NWzFIFtMNJd0VvzI4ymLUgOrED5oKZqHVhcTUtQo4_yT6R6DNV65ndQhxEi5Sfd2qwvq_zdh2qhzLII4Ae8BQze1ze43oQh5TOESkjpvYZFnvNQMdNZAczLlgpKf5x1xggfKktKj4APEECpOKErZG6tffgMcPj4nli8T_Rv4wyjlcqUlaYe4LBeV0B27lrYzz6GT00St1ZJdeqJUKgC3IvzeDeK4xmjlbFLlBj1jxDdfNrmL-BUD6F1HfTL3WYObpgYbUVYpg3czbt0ek_wvilxZLlc0LdngZ74ZZGQlgxoP5BKBKMpdBHw1wag-xhLyqgr6DDV_eeBFqdy1UZwmZ2Y5we2fkAq_QIfkhzRMdWZ4dMAT7ki94JpZ8zgGoRcz6N82XqKymmfpr-iLn69oU8Jpq-7Jfkq7SnWdyxku6vL7cD1pfUVoluSFor5zrQWlSoV7G5mh6zFYL4EcyxT57gSONn70C3TFyLHnhhU4yl0GSGc_HkBsh_X_CHv5MejTgP5J66zUCRgnfIWETK3n6j6TNUs3Lj3K_G1Ox0_8QWWS04GL8Q1OEOBJQkp8HY2_M5KRGXf27dOy5kBOv4HV6fKWCsw6z-a-IPSWE09RyCNJ4nIhO1GMl1MVJN1-L29YSQgfXqCkYDTGF6J686I5QDYycn2khdJE4sGw8owzDAlbXpiMS0wPhmUrCip2ih-NEE5Sp09cDNt01Vm6mvW0Lm_E7d1CxL1XxiHr5JPU4HMrxlMb8TqTusK4iP-18rbiVkre4ZBV6PHCHkuH29DCqrPTtucmVu_09K-6gFqfArsVWNQdjcBel6FDTFl0THv1RJCuOuvjRRkGy-yNCN3PVGO_8T7DW1ECtIfVf7498gOwnZsov30M6m7ORBdrufkI59n_opAgKGbtQgtmmdsMrUZvwwdCncZSYXLtHjTc4ZkCxhARK9nrw6LowZocqu9sZtBSicJxJMbpBAdt078pquZECPg7j1hR4liSgMlDma8gKCSceLOdEz8Z_NtMPDaBb4__kHZKCz0EnrIT8k6DfiWcstTy-m8jtI0J91ebaTywV3B-S1sfaMeNPI1m2EUk2-uXM4jUXeTDx5SNO-rsUgsU9c7omPld5nKcCDpQAqhaaFS9zvfRbjRm-_bSWeDxDsxz3EO--NDBvPezD9P_sNYYXyoMr7BuElgg6wuQfrLtEF018fDLrjk5eyHZDr6KVe5SOUdqq5EbIzQeNfMd0EmPYkQj-W9AmqbYKV7MIzHtXXdGoQVxca1w2ORZl0A4jD_FusAfThjsVGUl5rVHKfmhGro3l14-F46KYfyMKfw-qHdloV44qjpYaXrDQPydY4Ye93EK-7C9MA0THCCV3X189XUAkgxf0e5oGPg-PcPc39G350A4i3afmsXZJ6KPv_sfjA_JrQp6XGVRJ0-RNgUwMVrnuOlJ-wY2B_CnLzF5BZm2mYPvUsA70srC46AYtD0E3LMFOnUViXNrAJ-M_8PQH5_KUbG_fP5EBpbL0sKpZ7WfPS3zYcDXdvxYd2_W98mYxsQjMoy1VvsrdErFXTzwOgQJIlsw4AOCUxaKkvMZ-AFdg1kHGCUlSAqacON7OsPULM6CEGvX2MyMJFonQMn5Mvi9UPpxoXWlr_elq_4DlE57nexdW7nz9v9kMi19WxdLvSQhPTEWH373nYHErY8jMFSdT1z_KFfvhXpdOAinIGYQ3UuslrbXUJnTWADyH_917QSl2gQ2m0OUGRRs_DX3DlcvhJ7eolRPiBWwDrNY1CLPOMGWu7nOjtNoc35Q82aqSFjQNHeHONb8Cf1tv3Flb2WszYAMYRS0eX6wg2zIo7zbLksRxsEAJxc65XLDq0HFN7OKirMrQcfL4F8nrYFQc2YO3raZ14HytZtJgtoH7HfwocIUJvc_b&cid=CAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE&dv3_ver=m202601130101&nel=1&rfl=https%3A%2F%2Fultrasurf.ru.malavida.com%2F&ds=l&xdt=1&ct=77&iif=1&cor=4726720178563546112&adk=250412561&idt=95&cac=0&dtd=32
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
088791e91745f7dcc007a27e99406c69e335499320815bede2212c4dccbfe9a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
etag
1862339420658634898
age
59492
x-content-type-options
nosniff
expires
Tue, 03 Feb 2026 19:39:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 20 Jan 2026 19:39:38 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
10639
x-xss-protection
0
server
cafe
VFc2VJAc.js
ep2.adtrafficquality.google/sodar/ Frame CEEE 		43 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/VFc2VJAc.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BwrReIy5j5G_QKktB2w22dK1tAWxv0GFnJCyw0ylHYT3ClVqs6BJFbDDlwQOFWJbF--N0dW1oNP7uOIB5oX12S6obb21Ca9qHcH12amXpY4mGJmknCjrx-2bWV8JQ6_cFK0C4iE_hmUz_aQGuFC84Y8hjOS5rxbxa-0HLC9LERV1Jb7eC50U0u5P1-x_Bq5LOeV6hF2BBhGDsiAR3aEu56oHTNwO9pLPVqf83Ollj29ciN3odZ07Ig3DNQiFsb0WqofSV0W14N7CJgNZK1SyEay7bEswJmiMvhqUtezxiG5Xe2Vfc&cry=1&dbm_d=AKAmf-AhTbA44key5vc4EV_XztIoTd5sXEACKJ-KAyuV6LkVXEqg_UgbbNHs_67Dnqsf699OH9YFerkMd5ZBTjDyP7OWNf-h03NYCEpHFl4dWTuQ8VK2jPm1nBctlYu-bXff1E7WzKZwNgnzbokhGrXSnujeXCh2Ji2WcypaO9QrDXOVXshwRrsewLfixTfHRtgDNInUmdgD-yn2EX23rnM8rRwTeFXLCIYjx83FCkXQZ_t9qH33K_gXedW5IXDc-02rixWwOEadTEFlGLhXEc9iD4O0BKUoxbtiODejQdnu-X04lMR56cJ8luN76aKyZVrEOwMtSbz-XiiGd_kVFyYcqWLsUqYTCpratzm3L1TbDyrr8tVy4sG9yvb1UnYZVBN0Sf8jCVgnHYibp09ROZF01__XMFytIf6KWQv6OceoihBak4hUxZF7kXub3qZpKeuGMX3_vzsi8I2x6pUqlAjVCnnbtOgopXAqmOfC6rzSyTLTjvSCgVwPCVIGk4-qrh6t3vsZeukfGyIE_LsC1ugWlCYFLhHl_dHUFlojlaHM9v0WRNp4ifEqvAZ6O4RgJgJIP8hJ4xMuNp-R7uEMaCKtBu6ib9jgOntwVPMZ2L9J_qNVqjfyUWtOcqrvf-RQhoeLjKI5tAtbtviaGJdrn3BO58XwBx30nvnBRQnKL3d-UMkfOCpTVkb7GcoJmv4U10lKPGQ1kGTWbjfuO44z2FM1euPoE9LLZOb1h7wJzbeAbKaGVeOXoG8AiKhX3cf2pduUQvgnna7m7IuGMqyQi2bJo7VVkSQiGELlS7GulutOCeOUgC4KZl0Ue20iTJ3MGT5f0ac3iO3WHkjyFvFQKmkhFG5OicgPdMTRPmwQGpvaChgWNLvcNj0WN8YBhpYb_AhztgpQGyR4Z3Ddo6OhKMRZedGTv5neqJ9Hdi1hPE9KB8jT-XqaqxdbKLVFWdjpvH26605VAwwdmFEgnJhjojgYPUF9x9iyxRCQC_Cxyu14lqB1Tvj8sik-za9nFJC-WzcKztmbisg5VO5anw2R5_puwlSLC5nYaGkNwr7YaSlmvnMl0p7CqMoms7kFtZpiFhuboLo5nHg82EYsi9c_fdPEboSLgwF6uOgssoaIPZUcc_3cj6tsV8hufD6jYGGQmIDDNfVNXnEbZTGFfi8eJIHyFNlUdOP_vM40AT1Hon35Rmoe3VTK7je4zYwiSTeqF18QNnjhTvOWuZGp3pVJNLVJMB5_vTD6hiXraH_CU_JrJExtjMxkCLSmmvqAy_wYRRfRk11afBQNf9FDzPJGl86BTyWKATX7wb-mEXGhw3AtCc1BS4f7ccn6A7b_Fp_VzU8R1kc_aPpGjl89iAl5K135PVUVQW07Sjj_ZFld2QAuNBLZl-le5atum_Mbt4OhDlRYzJPTdkvgB2sjQsJSTfiN03UsWCoz3DWkg-5qzkXHJHxJz_nknFIBPdN0EGq_Ewc86yziJydxlR-Dk2azlsZmOYYjucWdOT7KPYRHWi_2hHxUd71iKnKSmGPcHoYw9QEaK8k3n0hWghABY5zvQYptYx7buf1aqE4n9UwA5-4-tVfMWU5udXXQ6uxZeR8Av-ZWjOwCdLZfnGI9kBlIZCR_26zLPV03iHcFftMDKyC8ddzjuASd5BmEasJarQxp_WocST9nfdbVn1AXyJl8NCrJsg5VUoW9veRNMeG0KPhUbJxkuqzG-cYmVxbaGIHKZo-KXNaMW4gzYEr4h3sUKRjrOKCSs-YJEVSkwiSs7nLXol69gvOg47lgDDeL0LTTYFENuDwsMJyq9z7rOwgrb-jIz0OzpAAvQuQJw0-gfr9ghoCMc2WPuBt53OEfoekp0PKsoEFMDyuHF5JGmhugRqp62UJpaIeMO5MIpUFIPwtOJXTzVpB25DXO8EnWdCUscrY-TP80SsOwGWgucjBwh5SiXS3BssLyvIVKPz9m6w1zl9AcyVb21rt2jdW-ChvDdAd67W855FGt7FdNg7aB-RgOKtpmXzXtrLLoHS5FNTAn5g8Rt391duWr3v0LRKq7WIf2G8_gVTdjOGy_zlBMvgXWj3bJFQylHEDq7k-Jqi1SPFX66Hy-ofHOe6eD33uzgGJKAApo-PdLXYkffslhgw8vDjEREWZdOa5k6AXivu7a-5c3WVASjj5-umcS7gHNCWBzKQvVsD_vOuE0PJFTOWYQKEOYT5vCcRMeyJUUWiEanovgMP2Bi1JO1vEqkGg7_SToIptE6QepyJ55uFvZA-XxyZttHmHjgfPJUrK96PVYakxBBr5ck5MtLxoxdKIqtkC3HGwWoeHWNrKlaBdKay2tdQDZ_svEW5zXs3HUCFIhRy1vkSNZQ1bJ6IxsOVGT-V9qv_yJ670J1tsUGue3ahosm_0hWHvEPihgsK49FBGw4qG2Vx7MQ0uyhUhVoiMAKNvkAmQhgfknbX97zB_IX2tDj9vjYaG7qiijwr6lKpjeo72ucNLSOlTPCfJt9Ih_ebW-xq9kNxg8YmRtFFXiA1HWsNh649vi_ioqEGJd5CvWaLaY_U9kItQ01CrgwEAYqOvxdWXUnXej9rFLxz1AEFxkIXS4TavfwYG7YGEpggv74lpUJ2Gu-0r5gABsdwokUEQbOhRva0HDLVcS2hoSctt6uxT7m5e9grhzPslN2wTCPGNgSzZ4gImTbgvESByIMDe__OUBQCvue57gVtmwWa5Pu-0Jo94yZB-HEeH0mFjIGGS2m82oqiDGj3j9n1fC-wlxRtRTQk0EPdLn4619zVHApAvAYPz2b70h0ev2a8lXj1bn1q57xgHw9sL3dFOYFIr7GFLVwQSnQpLuqscZeXANPYjG6WuMrTxuFjh07iChrfEuDCFDCR-NeKaNvxL8UiHWcNsGrmnoyuHGrfFof-VQjoxBiwHNdcXuVt162P1hxHNrEujd7V8jPaEOcbqkzLsR4u3KOsMQAkYfo2MQLgxuPJGgqYoxiPK0yYv0867GxWVjULw7Og1HtvoVRImhfQVTDzd8I1gJUgLEztrcPewMyPwGfQbne9IwKoei0nr7b3aRvFfCa7xU5JBqaOuwPPZxJ6VEX6XeudpHsTszO7xAjEEjqoo75UFDMQJw9rWRu4dj4AwnnXVkHcSu2EN3wcQYJFpWisTzgZV5nybUt9JNlIlCKUSr4uyD13p6d5VouXZkSet60929Qd4CXbg_k9JZdD6AiTLgZiBHQf9NWzFIFtMNJd0VvzI4ymLUgOrED5oKZqHVhcTUtQo4_yT6R6DNV65ndQhxEi5Sfd2qwvq_zdh2qhzLII4Ae8BQze1ze43oQh5TOESkjpvYZFnvNQMdNZAczLlgpKf5x1xggfKktKj4APEECpOKErZG6tffgMcPj4nli8T_Rv4wyjlcqUlaYe4LBeV0B27lrYzz6GT00St1ZJdeqJUKgC3IvzeDeK4xmjlbFLlBj1jxDdfNrmL-BUD6F1HfTL3WYObpgYbUVYpg3czbt0ek_wvilxZLlc0LdngZ74ZZGQlgxoP5BKBKMpdBHw1wag-xhLyqgr6DDV_eeBFqdy1UZwmZ2Y5we2fkAq_QIfkhzRMdWZ4dMAT7ki94JpZ8zgGoRcz6N82XqKymmfpr-iLn69oU8Jpq-7Jfkq7SnWdyxku6vL7cD1pfUVoluSFor5zrQWlSoV7G5mh6zFYL4EcyxT57gSONn70C3TFyLHnhhU4yl0GSGc_HkBsh_X_CHv5MejTgP5J66zUCRgnfIWETK3n6j6TNUs3Lj3K_G1Ox0_8QWWS04GL8Q1OEOBJQkp8HY2_M5KRGXf27dOy5kBOv4HV6fKWCsw6z-a-IPSWE09RyCNJ4nIhO1GMl1MVJN1-L29YSQgfXqCkYDTGF6J686I5QDYycn2khdJE4sGw8owzDAlbXpiMS0wPhmUrCip2ih-NEE5Sp09cDNt01Vm6mvW0Lm_E7d1CxL1XxiHr5JPU4HMrxlMb8TqTusK4iP-18rbiVkre4ZBV6PHCHkuH29DCqrPTtucmVu_09K-6gFqfArsVWNQdjcBel6FDTFl0THv1RJCuOuvjRRkGy-yNCN3PVGO_8T7DW1ECtIfVf7498gOwnZsov30M6m7ORBdrufkI59n_opAgKGbtQgtmmdsMrUZvwwdCncZSYXLtHjTc4ZkCxhARK9nrw6LowZocqu9sZtBSicJxJMbpBAdt078pquZECPg7j1hR4liSgMlDma8gKCSceLOdEz8Z_NtMPDaBb4__kHZKCz0EnrIT8k6DfiWcstTy-m8jtI0J91ebaTywV3B-S1sfaMeNPI1m2EUk2-uXM4jUXeTDx5SNO-rsUgsU9c7omPld5nKcCDpQAqhaaFS9zvfRbjRm-_bSWeDxDsxz3EO--NDBvPezD9P_sNYYXyoMr7BuElgg6wuQfrLtEF018fDLrjk5eyHZDr6KVe5SOUdqq5EbIzQeNfMd0EmPYkQj-W9AmqbYKV7MIzHtXXdGoQVxca1w2ORZl0A4jD_FusAfThjsVGUl5rVHKfmhGro3l14-F46KYfyMKfw-qHdloV44qjpYaXrDQPydY4Ye93EK-7C9MA0THCCV3X189XUAkgxf0e5oGPg-PcPc39G350A4i3afmsXZJ6KPv_sfjA_JrQp6XGVRJ0-RNgUwMVrnuOlJ-wY2B_CnLzF5BZm2mYPvUsA70srC46AYtD0E3LMFOnUViXNrAJ-M_8PQH5_KUbG_fP5EBpbL0sKpZ7WfPS3zYcDXdvxYd2_W98mYxsQjMoy1VvsrdErFXTzwOgQJIlsw4AOCUxaKkvMZ-AFdg1kHGCUlSAqacON7OsPULM6CEGvX2MyMJFonQMn5Mvi9UPpxoXWlr_elq_4DlE57nexdW7nz9v9kMi19WxdLvSQhPTEWH373nYHErY8jMFSdT1z_KFfvhXpdOAinIGYQ3UuslrbXUJnTWADyH_917QSl2gQ2m0OUGRRs_DX3DlcvhJ7eolRPiBWwDrNY1CLPOMGWu7nOjtNoc35Q82aqSFjQNHeHONb8Cf1tv3Flb2WszYAMYRS0eX6wg2zIo7zbLksRxsEAJxc65XLDq0HFN7OKirMrQcfL4F8nrYFQc2YO3raZ14HytZtJgtoH7HfwocIUJvc_b&cid=CAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE&dv3_ver=m202601130101&nel=1&rfl=https%3A%2F%2Fultrasurf.ru.malavida.com%2F&ds=l&xdt=1&ct=77&iif=1&cor=4726720178563546112&adk=250412561&idt=95&cac=0&dtd=32
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54573654901c495ecf67cc8ffd30108dd6f3a3c7332fd4dba41ab13877b75b8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
age
644
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Wed, 21 Jan 2026 12:50:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:00:26 GMT
last-modified
Thu, 13 Mar 2025 04:28:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=3000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
14328
x-xss-protection
0
server
sffe
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTc2ODk5NzQ3MDc0NjE1OAogIHNlcnZlcl9pcDogODI1MTcxNzcKICBwcm9jZXNzX2lkOiAxMjA4MDQ2MDM5Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDUyNTIwMDMK...
ad.doubleclick.net/ddm/activity/ Frame CEEE 		0
23 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTc2ODk5NzQ3MDc0NjE1OAogIHNlcnZlcl9pcDogODI1MTcxNzcKICBwcm9jZXNzX2lkOiAxMjA4MDQ2MDM5Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDUyNTIwMDMKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL3N3YXJvdnNraS5jb20iCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMzAKZXZlbnRfaW1wcmVzc2lvbl9pZDogMTA3MzQ1NDIyNzgyNjI0MTMzNQpkZWJ1Z19rZXk6IDIxNjQ0MjI5MTkzOTQwNTU1MjAKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDI2LTAxLTIxIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNTI1MjAwMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fTU9CSUxFX0JST1dTRVJfQ0xBU1MKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJDSCIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzOTkyOTc4MTEKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09PS0lFX0NPTlNFTlQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg0NjEzNQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxOTU1MjY5MTI3MQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDU4Mjk2NjIxMwogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9zd2Fyb3Zza2kuY29tIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vYWVnLmRlIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vd2ViZ2FpbnMubGluayIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDc4MDQ3NjA4ODMyCmRtYV9wcm9kdWN0X2lkOiAxMjI3MTU4MzcKeGZhX2F0dHJpYnV0aW9uX2FwaV90eXBlOiBYRkFfQVRUUklCVVRJT05fQVBJX1RZUEVfV0VCCmVjaG9fc2VydmVyX2FjdGlvbjogRUNIT19TRVJWRVJfQUNUSU9OX1VTRV9CRVNUX0FWQUlMQUJMRV9BUkEKZXZlbnRfcmVwb3J0aW5nX3dpbmRvd3MgewogIGVuZF90aW1lc19zZWNvbmRzOiA4NjQwMAogIGVuZF90aW1lc19zZWNvbmRzOiAzNDU2MDAKfQptYXhfZXZlbnRfbGV2ZWxfcmVwb3J0czogMgo
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.6 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra02s19-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
attribution-reporting-register-source
{"aggregation_keys":{"12":"0x21da4cef7c65a41e0000000000000000","13":"0x1ab99050d1a530e90000000000000000","14":"0xe61ebcd62642a270000000000000000","15":"0xdae76a0b39ae794b0000000000000000"},"debug_key":"2164422919394055520","debug_reporting":true,"destination":["https://swarovski.com","https://aeg.de","https://webgains.link"],"event_report_windows":{"end_times":[86400,345600]},"expiry":"2592000","filter_data":{"14":[],"21":[],"23":[],"24":[],"25":[],"26":[],"27":[],"28":[],"29":[],"8":["5252003"]},"max_event_level_reports":2,"priority":"0","source_event_id":"1073454227826241335"}
content-type
image/png
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame CEEE 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-start2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame CEEE 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame CEEE 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
705a15586e0a0604a603c44585dfe8464e6709e4b1bdf1d1f665ecb10830de43

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame CEEE 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
r62eglto.js
ad4m.at/ Frame CEEE 		24 KB
486 B 		Other
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/r62eglto.js
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.129 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92b25fe61ad8f0e1bda3b0714abf408a6d06e0ae91264f681ea12ea912e2dbb9

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"5def55d462b620b902b847828089f90d"
age
4721
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ZHDujP1jukVlAAOmrb%2FcCqfqauSxvEqft%2FWwLvlh9igRCQWTs8M%2FjzbklsRvB%2Fm4gA2hDT15Gp9Hi7jPQJVWWIcuKlU%3D"}]}
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 09 Jul 2025 17:40:47 GMT
vary
Accept-Encoding
priority
u=4,i
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control
public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray
9c16b670bc76bbff-ZRH
server
cloudflare
Klz6NWr5.html
ep2.adtrafficquality.google/sodar/ Frame 372C 		35 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/Klz6NWr5.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/VFc2VJAc.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.65 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-aa-in-f1.1e100.net
Software
sffe /
Resource Hash
2a5cfa356af90e4dc14d89477463deb2c098c826ebc6d74c1577eb3d5973cac9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ranges
bytes
age
2870
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
br
content-length
12007
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 21 Jan 2026 11:23:20 GMT
expires
Wed, 21 Jan 2026 12:13:20 GMT
last-modified
Thu, 13 Mar 2025 04:28:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cookieSync.html
cdn.mediago.io/js/ Frame 1DBC 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.mediago.io/js/cookieSync.html?tn=41b6e88a2b85b0e731ef8e73e5558712
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.133.51 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
51.133.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2a92ee45268ed11ec62c796691b219f26003e5df558fb7fdefcdbc447a68f806

Request headers

Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
access-control-expose-headers
Content-Type,Access-Control-Allow-Origin
age
835
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=3600
content-encoding
br
content-language
en
content-length
3796
content-type
text/html
date
Wed, 21 Jan 2026 11:57:15 GMT
last-modified
Mon, 11 Aug 2025 09:38:33 GMT
server
UploadServer
vary
Accept-Encoding
via
1.1 google
x-goog-generation
1754905113184984
x-goog-hash
crc32c=7txsaA== md5=HBB7fQtaUboFxKi+uA0piA==
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
9308
x-guploader-uploadid
AJRbA5WbKi1koGM7k21AWGKoO3h63NmC_4zc27GKqtpeFdjvQlhKHR6xf3pJ4S8uw7PUbnTJgP6EAYo
ic
trace-eu.mediago.io/ju/ Frame 5EB5 		0
121 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trace-eu.mediago.io/ju/ic?tn=41b6e88a2b85b0e731ef8e73e5558712&trackingid=bcf588586dd7c0887c0336313a2d7761&acid=32647&data=7SDTKIYRnwHDAWOuRJ4z72mLT_b3QAU9HZUXVMS5mO8mMGn-NQWzFZ6Euk4geZc-lyLrhoRSHjWj4R-0pu0g105C--RcJJFeGZgRWVl5tUZksuOzEwvRwycqcFYkClfXQdIPFiBUKfZC4XJ3HUlfBw1RwdLbUSUAP7cSfStt_9dbNHCPMT94CTV_rPvxFPnPCVwmZVnn2akWhmowb0XJLodYtt-MzwygEOx1EWD_5y_ELnL8h2-uYZh_Bz6sV_8aqQi_vwktfODVvFUAlN7qWJpCYCX5K7yjoU6RN8tCCRFcuplTLE0ObfCl2QpO-58SbTb_tWqFDwqBwd7eV5NnGfBM6-x4arAJaHQYy4z4McyPQE-okAQcXOycGrfHci20PdwpGWtBP0Q2VywmCiBna96eoBhztgsjTfNvSabnujDFsii2O8RDJ8LSrMv4U9249wBMQWK56eXJ8pc0s9MyUaAyaBfO3M1sr-lzP2gdfD3tm7WiTkFn0Piqytf7BUEOqARcZ_wtY3zyep9QcsO9luOrVP0iuLgNn5sw6HU19J3CKIgf4mxzmD8El8UM0vWYZJzX0C0mtqo1Q6SsQgxVbdsLMPHFKHNqNO4om-8Q5DvH6QIL-eZTHR6k6AVIi3eN8Rhomcpk2VKsCWJpIySeQJ-gvoU08_zHCq6VXBZJVzES3elH3TMQRcSzpBzDGpWsaoPkYDJAITaxaQIdb0EBrbqAiPzqMqrgD2sVmryVvvabF1WnrjTK5X-DMFX0Fo9i3bwyKapyu5bC1Yqiiyj4tjelrD2iFRry3xD7gvcPWMqbymp1wVTGLrAatAu06DQyEUpqXl19zdlSRMzl7gZEruJ15FLEL9BSAsvxO7CvraZyCQ1y0Jdm3BzrktGzCNvYhY8aW7Biix9waHCqbaIpPEJhg0ZW-uAg828FG1Ccg-xElZW8vVp537yrcr-EECulhYb8WBE7gyYvb6E523HmNVPsPa7KqXK8cTsiSe6F8RCFiaPsDdfgBnoJIURJOzLK8aOTy96jwOa7D8GWCsksJLBwOZoDE64CFhIN3NSaLtb1krqulaixKjmn3KMZKmsEqJ6qYuLF82p2PvjOkhbmESgv0Hd3JMazZhNcAARZO5EMi_2LmU08wJelmc2F8KD4pUSRUvCZHIYx8xyXDXGKX-CLYiZZ4bdrqDc85s0VCA8GhPRwkfBgJfhuPUB1FqpfDzqNKx4Zv__-n9VwqkFcXtp0tMAm8OL0arAM7Cq1QrfXOiK-My--BIDklHrZ6Vii4L7LHPCSP0qq5FAykYMASS0XhyjvVGaMgkGjIqPA5p07zkjlUPPVO-Jgv6wwfd8f_jhv9E0nfzPONl95Ke7g5-Myr42TeN4fNkgr2pNsSs8Ix0XF9n0_I96GRWhvVzRZWIltrpOudKQrUeE9-58uFve1JM5fobQjsYf1YdF9mitHzd_FYyb2yy5uERbE_BmyTbDwWgfXKVFirFqGoLh9E6E40CmuMi7mf-AVKJddtATDfODRvumVPu30rXztAq4zX2KpgGY_TIbGlOuSQCouS8QQr_KnoEJTVxIJr4F7_66Zf2QJQBauMCu200XzsIHHqZNkvbqDwbHnVG2yf9fN8Vb0UI73MUNmCY8GwRbDKBk&uid=mid_c0395bf745939f23b86704e2b354c6af&mguid=&ap=0.035092&tid=72&c_sync=1
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/html; charset=utf-8
cookieSync.html
cdn.mediago.io/js/ Frame D611 		9 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.mediago.io/js/cookieSync.html?tn=41b6e88a2b85b0e731ef8e73e5558712
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.133.51 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
51.133.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2a92ee45268ed11ec62c796691b219f26003e5df558fb7fdefcdbc447a68f806

Request headers

Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
access-control-expose-headers
Content-Type,Access-Control-Allow-Origin
age
835
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=3600
content-encoding
br
content-language
en
content-length
3796
content-type
text/html
date
Wed, 21 Jan 2026 11:57:15 GMT
last-modified
Mon, 11 Aug 2025 09:38:33 GMT
server
UploadServer
vary
Accept-Encoding
via
1.1 google
x-goog-generation
1754905113184984
x-goog-hash
crc32c=7txsaA== md5=HBB7fQtaUboFxKi+uA0piA==
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
9308
x-guploader-uploadid
AJRbA5WbKi1koGM7k21AWGKoO3h63NmC_4zc27GKqtpeFdjvQlhKHR6xf3pJ4S8uw7PUbnTJgP6EAYo
ic
trace-eu.mediago.io/ju/ Frame CFD5 		0
121 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trace-eu.mediago.io/ju/ic?tn=41b6e88a2b85b0e731ef8e73e5558712&trackingid=b37b648af8165f20b7bd525692374c43&acid=32647&data=KO2_qsLkk6G1gwG0D3vPzY0N5mKDOcr6Ps5Wv10o4_RwhqaKriHWtHMoPqMTaz9pyUxkgu9vYu0JFwH0jAqsPMPAxa_UrwGAlprGOpZrkom88jjMz_vzMltD2pdOCdEAHKsXbeA7OGPQJN3TofpvPEt50M65vVX5pZj5tC9CONfqBwMSyxJYhuJaUDNLpM5028pXu0LmiurXmkk8FvZ1rGYJkxZpy2uK2QyUZhDH0ZiV2EQzHlu5jgv7ZsfcdXg3OhSR1-KtAIWGqpRZ_z_docAkIUwo9AKRhPyIT4S2_joafaG4F3okxztINdh_PDctZvtLJqaoiD4ihUOwFaijCU1VM4__OV_zbCtA-mYPR3dvyM5kBwO8-88hFOStSSP5CRnZsoQeOk5GFK8KQWORSXd8uRmmWjlz0XGOphrVFwJ6zGAVuFtd8sA2Bdg5z0XebWrVFF1q4MV-2yhKr8qXhC0B2VyPgm4_izI5KvG3ivxE8g5Hd34xVuFgdMWkPXY6wgw01dPWWr3DvmCMzFTcone1VmgLC9hwnR80xkAzgdoW-lRc88W4-9m29bNHPBkAsnGrjzrttPZBT05HRcFTWCBuIZR31aBLyc9XuOfkOutBqWYBEmjjliu2Y1U-oTkwOvbeqLEJ3jZ1u9KYqDEXev1PZH7pM7on1Fv_2c3uvj9nDmToisaw5PWJyWboxSD7sfhv0pH9Q9Bq1_glA4dkVF9VelUkbQkWb3Pkgoc3jIfZwS67RI5XabV5jRS6ZoCGG945K95fiP_uEQn_DXCmWMQaDVGnOCd-eHiqLAI1iReIghVhRTsNYWnwuS4QOfHaw8iFMbEK6_uuWf4jzJ3MvkpCprvbr_dTjshygtqtfw54u9LA2MIPepv_z40fq-9NKZMtvmTbeCtlXnFS_5hcvi41O58s85kzhaRwwrSe4OlmTbIIHG1mvcFtEeCzpKzzMPxr0zJYB4GptkQTjquMrtQEWwAsZSeojV42gIouH5ksrEEJPWMAOMp7lBoImvQRZbNJd2MdDeSzJzjNUEQtJTYdTU9c4ZkwAxwAUA45bl7XBVAdoKdAyZvRNmhAMZTVZZpDiJxeEJdj8tMX7wtsx1Csu0Vmfwc8mDZ3BNDOBzTtz9TUduqSurQDxS9JASyHokMIalhDTqTN_8YzpS9btHpo6vntj2GnkZLcPMExhInF0jtcwOliBo4NqjUJz0vKQSIFQ5T2VOBj1kl1BtAueoQvQ5m0WaHyv-23VRV3fWizn7udWspPUdk7sPltN5cpUqZvFWNFnkBvI4ffj934ht9QRV7Th6B1hx9Hx-0wZ24BZNlr-oQ10z_Rx5ssb9ecO_imai5O0VLgUaVaAmwpBhHqwwLOPXlJyGnLhNxVPJ-nEftxD2Ltr0w7mqHY-qcxrygtne90HmALwAO2LYrunyHzQXZXgn7zcSP6OEZR9Nbw5wBXFDJX8jW0zlsfsDdUET4BKy_TlQRe91yWzTFK3c6rnO8mZiWA2DwqVnDuxble3UPHS9jiK3J_C4IoudDdVLZuiohuirquqoNFScom_slRRi5gPeyjAlDlDg6_L6KyHQ1RkHXMUDPMN7qGT6yVCOG1gBWNL2CsxSEcoPy0QluU1T8WVNGqiiJoA3n-4cA&uid=mid_c0395bf745939f23b86704e2b354c6af&mguid=&ap=0.133654&tid=4&c_sync=1
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/html; charset=utf-8
gen_204
pagead2.googlesyndication.com/pagead/ Frame CFD5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-start2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame CFD5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame CFD5 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c48df7eabc67d1aa32d81b35c80e9af38a60a09fa6ae80772b161fec4d6fc147

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer

Response headers

Content-Type
image/png
generate_204
ep2.adtrafficquality.google/ Frame F654 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ep2.adtrafficquality.google/generate_204?U_E_NA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.65 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-aa-in-f1.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
cross-origin-resource-policy
cross-origin
csf.html
ad4m.at/ Frame 6D60 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/csf.html
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.129 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cae52c5023b0654db37683c7022bdb768967d0a047b26ee0d6554ab86c3497e

Request headers

Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ranges
bytes
age
118479
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=3600, must-revalidate, stale-while-revalidate=86400, stale-if-error=86400, no-transform
cf-cache-status
HIT
cf-ray
9c16b6710c7bbbff-ZRH
content-encoding
gzip
content-language
en
content-length
689
content-type
text/html
date
Wed, 21 Jan 2026 12:11:10 GMT
etag
"288fba5e94244d9d6bd5fbd13486bad1"
expires
Tue, 20 Jan 2026 03:16:31 GMT
last-modified
Wed, 01 Oct 2025 12:39:36 GMT
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
priority
u=0,i
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ZdRhL9YYShS4SXjCJEjoqoF9ptiT263%2FC2XA1WdQR78OaVExewg6eCzUbT6qIQGMEPFHwC6XmhLfnBjpViXGjtg7pKM%3D"}]}
server
cloudflare
server-timing
cfExtPri
vary
accept-encoding
c
gtrace.mediago.io/ju/log/ Frame 5EB5 		0
143 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://gtrace.mediago.io/ju/log/c?tn=41b6e88a2b85b0e731ef8e73e5558712&trackingid=bcf588586dd7c0887c0336313a2d7761&mguid=&c_sync=1&app=renderElapsedTime&ext={%22imgLoadTime%22:220,%22imgW%22:622,%22imgH%22:368,%22type%22:%22webp%22}
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
text/html; charset=utf-8
truncated
/ Frame 5EB5 		219 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e46a71b2896a426d6f658a1749560de4de5dddb0af9f8416a733374e5d32dedd

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5EB5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-start2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5EB5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame CFD5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5EB5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:10 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
evQoM_5ykg3cnFid_pK0j_59ykN_ItSbhBpMk1SRC4U.js
ep1.adtrafficquality.google/bg/ Frame 372C 		53 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/bg/evQoM_5ykg3cnFid_pK0j_59ykN_ItSbhBpMk1SRC4U.js
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/Klz6NWr5.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-aa-in-f2.1e100.net
Software
sffe /
Resource Hash
7af42833fe72920ddc9c589dfe92b48ffe7dca437f22d49b841a4c9354910b85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ep2.adtrafficquality.google/

Response headers

content-encoding
br
age
97891
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
x-content-type-options
nosniff
expires
Wed, 20 Jan 2027 08:59:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 20 Jan 2026 08:59:39 GMT
last-modified
Mon, 05 Jan 2026 11:18:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
accept-ranges
bytes
content-length
20925
x-xss-protection
0
server
sffe
eplist
gtrace.mediago.io/ju/cs/ Frame 1DBC 		153 B
267 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gtrace.mediago.io/ju/cs/eplist?tn=41b6e88a2b85b0e731ef8e73e5558712&gdpr_consent=&gdpr=0&dm=https%253A%252F%252Fcdn.mediago.io&mcb=mmgg_1768997470928_752
Requested by
Host: cdn.mediago.io
URL: https://cdn.mediago.io/js/cookieSync.html?tn=41b6e88a2b85b0e731ef8e73e5558712
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash
b56e0f67fd7cc1e3bdc28d2b8e9354c549bbe3461d8922e7bcbc025b1e972f17

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://cdn.mediago.io/

Response headers

access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
via
1.1 google
access-control-allow-origin
https%3A%2F%2Fcdn.mediago.io
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
153
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
application/javascript; charset=utf-8
access-control-allow-headers
Content-Type
eplist
gtrace.mediago.io/ju/cs/ Frame D611 		153 B
469 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gtrace.mediago.io/ju/cs/eplist?tn=41b6e88a2b85b0e731ef8e73e5558712&gdpr_consent=&gdpr=0&dm=https%253A%252F%252Fcdn.mediago.io&mcb=mmgg_1768997470931_690
Requested by
Host: cdn.mediago.io
URL: https://cdn.mediago.io/js/cookieSync.html?tn=41b6e88a2b85b0e731ef8e73e5558712
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash
33b5dd65f0c9078562183fb6981d3cc473e1b83bbe35a68e5740c9e56bfcb599

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://cdn.mediago.io/

Response headers

access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
via
1.1 google
access-control-allow-origin
https%3A%2F%2Fcdn.mediago.io
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
153
date
Wed, 21 Jan 2026 12:11:10 GMT
content-type
application/javascript; charset=utf-8
access-control-allow-headers
Content-Type
/
rs.ad4m.at/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://rs.ad4m.at/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.129 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
access-control-max-age
1800
allow
POST,OPTIONS
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
9c16b671880abe90-ZRH
content-encoding
br
content-type
text/plain
date
Wed, 21 Jan 2026 12:11:10 GMT
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
priority
u=1,i
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=XyMRB%2BSSptXbIvSH2OtfqywprFvTPFJr94cWEcHKK2G1qCx%2FhG7Kdib3pyiIJaFhlOKhwInd%2B9SGd0lWpRGiXDvVyrJrpp0%3D"}]}
server
cloudflare
server-timing
cfExtPri
via
1.1 google
/
rs.ad4m.at/ Frame CEEE 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.ad4m.at/
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.129 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b323aef985ed419145e834e6b857cf4fdadf3cb51b1adf116e82e20a1ef1a093

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
application/json
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding
br
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=sQOYjxXCVuKndRXouSFF9r8i870WS7v3OGoVVMZFzWXLR8LsfIaQUzpqbwECpIod6hq6g2n9dK3hnOP4Wr9iK1N%2BRpIQ6W8%3D"}]}
via
1.1 google
cf-ray
9c16b671c80dbe90-ZRH
access-control-allow-origin
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 21 Jan 2026 12:11:11 GMT
content-type
text/plain
server
cloudflare
priority
u=1,i
pixel
cm.g.doubleclick.net/ Frame D611 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_hm=c615b23c3cf785e22aut0d00mknzf4bp
Requested by
Host: cdn.mediago.io
URL: https://cdn.mediago.io/js/cookieSync.html?tn=41b6e88a2b85b0e731ef8e73e5558712
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.208.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bp-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://cdn.mediago.io/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Wed, 21 Jan 2026 12:11:11 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)
pixel
cm.g.doubleclick.net/ Frame 1DBC 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_hm=c615b23c3cf785e22aut0d00mknzf4bp
Requested by
Host: cdn.mediago.io
URL: https://cdn.mediago.io/js/cookieSync.html?tn=41b6e88a2b85b0e731ef8e73e5558712
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.208.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-bp-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://cdn.mediago.io/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Wed, 21 Jan 2026 12:11:11 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)
gen_204
ep1.adtrafficquality.google/pagead/ Frame 372C 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ep1.adtrafficquality.google/pagead/gen_204?id=sodar&v=46&t=2&bgai=BV5d9XsJwaa7FLbm5rNcP16OFwAQAAAAAOAHgBAI&bg=!6uml6abNAAZjEgz9QxI7ADQBe5WfOOVL29-8KZsQfD48gIhSN-jtm1q5eoXPEPk6ZjZTFltb_-hv2kakAbUttWtd916gAgAAACxSAAAAAmgBB34ANG1FvPjEGAuchLlJ_mKEX09yxdAI6XG-Jqp2ZYFlpIQU90XFznaaehxzlO_unx5QbYs-N3SZAq8EwO5T6Tmp_hTky_wWbaRpND6FFLMhRcTSYkMUqSxiUA1-cmPmetau-xonD2_BuORwHODW6yoZCIO2JzmJX7lcGGA3-DfJEchEQRivEEsaL_aylyIHGY6DMm2ycX2jId7PRikg2R4uXeg-NnPtL5OpXBLAdTGlO3mP2TGXhplKMbe8qi1KLWu5gv-nDgBKI6YthwXZmvaEuU5bkyTT1Q3deyF736mHNd6fHgrbH8blTue71IeQVSNrLLxWYy1xslTKA3Xr8Ahp7QcYy7su3JqBM2j1n2ojWs8hCoNF0EQdY6fW5CDepEUxI1ZHRTe6r9W0N0xm2GKcLb2xiMqqUPYX0r7bOFwsZyRIcqncTjupiD_quvs2Rjsqqm_3lYyK1EEcpB0aQSKwMXYNxzkaJy0h4AB-v7UmeZl4kngwNAoxwSS9OMny9COQl6XLmhJbCCzTbOxwV-lXk0kdoe0azPzEXPhBCvU5X2U6gKzmn28Phquh4IJbV08kIwPNJaJutyGYqLXheh2AH6ggdrFqwHstV78oq2YnvfT5EqFWER19E9ySEM8Cjd-YBgtytSmbxDebsO3D2tWCHZYmsVo8VUiVJd7KKxv_jtKTl4qNzXtS3flGxrhgPtvjyB0eWferunHL9-IbR3VwxCZrUww77-BstRvZjqlaeaetS8mksNmyBnx-WMJ9caGa1xrVteV4ULd3icjRyGafWX0v-plfQhk4ss8vgv0Q-dTLlJYEkEdOxInLl_duXfdYFq92DioDAsyiwFw_wNOy6P1uEXkq0Y7L9qJrSbi1g_pqUOu6WV1qDJ4ZS68muSRgOIVRytyWZv94JSx5eocTl2pishH-UqoJ8FFdRpv73FZCH54045vPltDKDOcshyYK6ibUfyRyEtQQjgGGujYS7RcHqsHnj9w
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-aa-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ep2.adtrafficquality.google/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:11 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
rar
as.ad4m.at/ad/ Frame 3226 		13 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://as.ad4m.at/ad/rar?a=672%2C490984%2C59372&b=YAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePp%2CDZRPf3fwfMVkxFPCmH9t1tmMpPfxSmTYx5HXgwk%2CVQqMswfmfJD4ESGCbHAtRt4bmHBSzTg1mcbxeY&f=qxg9SmfWfwghKCgHDtRC7bqueSgTJwEhpjkb%2CdpJXtEfkfAwVkFVCjHwtqCj7zgheS4T5JEHJWpY%2CmQ9BsefGfxWbJUECZHZtQC3jptKSwTe9xfb2XB&c=300&d=600&e=&g=3fbd4c37d93d121fa71b338ebbb7f713%2F7550855424939657792&i=4631%2C188175%2C26474&j=16%2C16%2C41&k=0&l=0&m=0&n=&p=&q=&o=dbm_Netmix_Reach01_Mweb&r=1768997471030&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCIRSgXsJwaZKLC92QjuwPstzD2Qyz_Im4bv6BgOXUEvAuEAEgi8KYAmD1lc6B4ATIAQmpAqia_ovzqbM-qAMByAObBKoEtgJP0LHqNxFKyoY-FoZ4GShxZNvVu0e_Ft2-j7wdij2kPMbnjHPMDaYeiCUuzD-Jl8LCbAWuen6_VSQbGC2WciSeIJwV6PArmzkwE0tEI1VqrqasmOFJHQOLnIZ01juSmE6xvSTY8ct_ITJds1JRC87AJiLwdnpX2qRXcbOLDj0X8O10Mjj-q0Tx5iQ5y-muVWFKkRNhXiLiTtQEEUKax1DSG6LTtfSgq5c5TmtkrUfmI9jskNiEf23hmT8UjEEdSvd2R58IXDHg492rDBPDb3HsJfY2RDstoAGNfE4cjUxL8_NJVDEPjZTAzdPgYRM8sM09EhJN3MwA9CEzYclPut5YTXyl7chWdAOIOVkeJl2ALVl2HEV3zl4mPLJNb8xJMT9INxIqu0YUBXAOeUmh2KhcJHE_KAjgwASDjeSumwTgBAOIBcfIuetIkAYBoAZN2AYCgAfqk59DqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcAoAjf5rAEsAgC0ggvCIBhEAEYnQEyCIqCgICAgIAIOg2AQIDAgICAgKiAAqgDSL39wTpY66HFjs2ckgOACgGYCwHICwGADAGqDQJDSOINEwiG0MWOzZySAxVdiIMHHTLuMMvqDRMI8ofGjs2ckgMVXYiDBx0y7jDL8A0BiA7___________8BsBPfnYEc0BMA2BMDghQbGhl1bHRyYXN1cmYucnUubWFsYXZpZGEuY29tiBQB2BQB0BUByhYCCgD4FgGAFwGyFw4YAioKNzAwMjE5MDI5NqoYFwkAAAAA8NHyQBIKNzAwMjE5MDI5NhgBshgJEgLtThhNIgEA0BkB%2526ae%253D1%2526num%253D1%2526cid%253DCAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE%2526sig%253DAOD64_0WUBvqSk58KdX6njzG_VICx7fUXg%2526client%253Dca-pub-2181195710737927%2526dbm_c%253DAKAmf-B4vyWUs0MutfNchUF5KM1b-FLg17IpsB4aUPfUZnr6SaXJohxsyAxCbPa_9iOGMBuy_wktUrEQmpNTML5QIKnMv3OK4wyOYOm5SSB5GFjvLSK1Fibvq_iMJ4N51WT2hOD0hJYIUzEhwqECUnyi_zyy8FRymzbzu4MH7v2PATzXV6CWl6GZsg1x-xiM_3KzgrKzha5cFZ9AFTz5HwLIXYI4Y7Wf9Ddyn9IJ13BsUzMRTAJUYMu7wRQWEhDJ_FVmgHj17hqckAICwzX1kHWJl2GznyFb7X-gkJqpf7j0PzLhvZ7rXc0%2526cry%253D1%2526dbm_d%253DAKAmf-BTFpeZVTgcslED6B70kB7cCXGQWRC1gCogHddiCiwXWYP9r1028vrtqme1YGae3j0v0PV_5mA1HerTsY5dRofJ02A9Jwyb94Cd3NcCgaBpP3APoatuH3uhAgsHQK47ywcz0dpL7XR337QFIJ6eq6LYPG7IaPTj4i9uElvnltzHPFGulBBgEsKTg4hId-rgzJB76Onun7f_y9BLDQ0oOMVCbmmUDMb9MoKZD9M2F1Wo28gTZsrPhiceQa69ESISBMsWeT2dRVtJngSNwLpjIU_2gjayfJo76ZE445vjIv-46gKmMchMojrTUDta2uMn97n5IYrHTpR4ukIH6cVTZeLRc4q1qEb8o0EhQrnsuC6ZFgwxbRCrQKop9YCwTxpMX2n5k_2BgiO2RgmL_LueNALIA-w8L_GXxI_N1k1Ot0SwMyO6Pn_K0qBg4P0GbUhUDvLO-jGWQIEC4WUHRjv33TdDhql_MAUC-0sXya8oUhz5CC8Ac6wlDYgF96U-LvC_i3yrgvCEmujCrAHONDZyINWh70F7B42HATfSaesJMsjIIcXVYFEKQMfSXeXve6U0_pEgywh1XPj1k5uK4zLhQtuHQnepYA-77g1cQmWEIDxHA-cENI6cBs3oZVauV5VV-_7NpdzaisXncR9LjEl1sZfDg-2LZAS74hk-ny91CjjE0U_co3_tl8hnzY8HVHU_9uCFAHBw6yVLn3PT0wnofDK8lAF38Q%2526adurl%253D&y=1&s=&t=&z=0
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.129 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
634c3052c0b5a2f0bc1054d2f2916081be03b5c6186142c1aca04b10ba886ab2
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status
DYNAMIC
cf-ray
9c16b6722c89bbff-ZRH
content-encoding
br
content-security-policy
block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Wed, 21 Jan 2026 12:11:11 GMT
expires
0
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy
accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma
no-cache
priority
u=0,i
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server
cloudflare
server-timing
cfExtPri
strict-transport-security
max-age=86400; includeSubDomains; preload
surrogate-control
no-store
vary
accept-encoding
via
1.1 google
x-content-type-options
nosniff
x-download-options
noopen
x-xss-protection
1; mode=block
ping
pagead2.googlesyndication.com/pagead/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://ultrasurf.ru.malavida.com/

Response headers
default.css
as.ad4m.at/ad/style/0.1.64/one-ad/ Frame 3226 		135 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://as.ad4m.at/ad/style/0.1.64/one-ad/default.css
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=672%2C490984%2C59372&b=YAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePp%2CDZRPf3fwfMVkxFPCmH9t1tmMpPfxSmTYx5HXgwk%2CVQqMswfmfJD4ESGCbHAtRt4bmHBSzTg1mcbxeY&f=qxg9SmfWfwghKCgHDtRC7bqueSgTJwEhpjkb%2CdpJXtEfkfAwVkFVCjHwtqCj7zgheS4T5JEHJWpY%2CmQ9BsefGfxWbJUECZHZtQC3jptKSwTe9xfb2XB&c=300&d=600&e=&g=3fbd4c37d93d121fa71b338ebbb7f713%2F7550855424939657792&i=4631%2C188175%2C26474&j=16%2C16%2C41&k=0&l=0&m=0&n=&p=&q=&o=dbm_Netmix_Reach01_Mweb&r=1768997471030&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCIRSgXsJwaZKLC92QjuwPstzD2Qyz_Im4bv6BgOXUEvAuEAEgi8KYAmD1lc6B4ATIAQmpAqia_ovzqbM-qAMByAObBKoEtgJP0LHqNxFKyoY-FoZ4GShxZNvVu0e_Ft2-j7wdij2kPMbnjHPMDaYeiCUuzD-Jl8LCbAWuen6_VSQbGC2WciSeIJwV6PArmzkwE0tEI1VqrqasmOFJHQOLnIZ01juSmE6xvSTY8ct_ITJds1JRC87AJiLwdnpX2qRXcbOLDj0X8O10Mjj-q0Tx5iQ5y-muVWFKkRNhXiLiTtQEEUKax1DSG6LTtfSgq5c5TmtkrUfmI9jskNiEf23hmT8UjEEdSvd2R58IXDHg492rDBPDb3HsJfY2RDstoAGNfE4cjUxL8_NJVDEPjZTAzdPgYRM8sM09EhJN3MwA9CEzYclPut5YTXyl7chWdAOIOVkeJl2ALVl2HEV3zl4mPLJNb8xJMT9INxIqu0YUBXAOeUmh2KhcJHE_KAjgwASDjeSumwTgBAOIBcfIuetIkAYBoAZN2AYCgAfqk59DqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcAoAjf5rAEsAgC0ggvCIBhEAEYnQEyCIqCgICAgIAIOg2AQIDAgICAgKiAAqgDSL39wTpY66HFjs2ckgOACgGYCwHICwGADAGqDQJDSOINEwiG0MWOzZySAxVdiIMHHTLuMMvqDRMI8ofGjs2ckgMVXYiDBx0y7jDL8A0BiA7___________8BsBPfnYEc0BMA2BMDghQbGhl1bHRyYXN1cmYucnUubWFsYXZpZGEuY29tiBQB2BQB0BUByhYCCgD4FgGAFwGyFw4YAioKNzAwMjE5MDI5NqoYFwkAAAAA8NHyQBIKNzAwMjE5MDI5NhgBshgJEgLtThhNIgEA0BkB%2526ae%253D1%2526num%253D1%2526cid%253DCAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE%2526sig%253DAOD64_0WUBvqSk58KdX6njzG_VICx7fUXg%2526client%253Dca-pub-2181195710737927%2526dbm_c%253DAKAmf-B4vyWUs0MutfNchUF5KM1b-FLg17IpsB4aUPfUZnr6SaXJohxsyAxCbPa_9iOGMBuy_wktUrEQmpNTML5QIKnMv3OK4wyOYOm5SSB5GFjvLSK1Fibvq_iMJ4N51WT2hOD0hJYIUzEhwqECUnyi_zyy8FRymzbzu4MH7v2PATzXV6CWl6GZsg1x-xiM_3KzgrKzha5cFZ9AFTz5HwLIXYI4Y7Wf9Ddyn9IJ13BsUzMRTAJUYMu7wRQWEhDJ_FVmgHj17hqckAICwzX1kHWJl2GznyFb7X-gkJqpf7j0PzLhvZ7rXc0%2526cry%253D1%2526dbm_d%253DAKAmf-BTFpeZVTgcslED6B70kB7cCXGQWRC1gCogHddiCiwXWYP9r1028vrtqme1YGae3j0v0PV_5mA1HerTsY5dRofJ02A9Jwyb94Cd3NcCgaBpP3APoatuH3uhAgsHQK47ywcz0dpL7XR337QFIJ6eq6LYPG7IaPTj4i9uElvnltzHPFGulBBgEsKTg4hId-rgzJB76Onun7f_y9BLDQ0oOMVCbmmUDMb9MoKZD9M2F1Wo28gTZsrPhiceQa69ESISBMsWeT2dRVtJngSNwLpjIU_2gjayfJo76ZE445vjIv-46gKmMchMojrTUDta2uMn97n5IYrHTpR4ukIH6cVTZeLRc4q1qEb8o0EhQrnsuC6ZFgwxbRCrQKop9YCwTxpMX2n5k_2BgiO2RgmL_LueNALIA-w8L_GXxI_N1k1Ot0SwMyO6Pn_K0qBg4P0GbUhUDvLO-jGWQIEC4WUHRjv33TdDhql_MAUC-0sXya8oUhz5CC8Ac6wlDYgF96U-LvC_i3yrgvCEmujCrAHONDZyINWh70F7B42HATfSaesJMsjIIcXVYFEKQMfSXeXve6U0_pEgywh1XPj1k5uK4zLhQtuHQnepYA-77g1cQmWEIDxHA-cENI6cBs3oZVauV5VV-_7NpdzaisXncR9LjEl1sZfDg-2LZAS74hk-ny91CjjE0U_co3_tl8hnzY8HVHU_9uCFAHBw6yVLn3PT0wnofDK8lAF38Q%2526adurl%253D&y=1&s=&t=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.129 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15facb0e9eeabb8d1160057069dee2641fe4d5ddcf900a3186ada9ff516c36b5

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://as.ad4m.at/ad/rar?a=672%2C490984%2C59372&b=YAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePp%2CDZRPf3fwfMVkxFPCmH9t1tmMpPfxSmTYx5HXgwk%2CVQqMswfmfJD4ESGCbHAtRt4bmHBSzTg1mcbxeY&f=qxg9SmfWfwghKCgHDtRC7bqueSgTJwEhpjkb%2CdpJXtEfkfAwVkFVCjHwtqCj7zgheS4T5JEHJWpY%2CmQ9BsefGfxWbJUECZHZtQC3jptKSwTe9xfb2XB&c=300&d=600&e=&g=3fbd4c37d93d121fa71b338ebbb7f713%2F7550855424939657792&i=4631%2C188175%2C26474&j=16%2C16%2C41&k=0&l=0&m=0&n=&p=&q=&o=dbm_Netmix_Reach01_Mweb&r=1768997471030&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCIRSgXsJwaZKLC92QjuwPstzD2Qyz_Im4bv6BgOXUEvAuEAEgi8KYAmD1lc6B4ATIAQmpAqia_ovzqbM-qAMByAObBKoEtgJP0LHqNxFKyoY-FoZ4GShxZNvVu0e_Ft2-j7wdij2kPMbnjHPMDaYeiCUuzD-Jl8LCbAWuen6_VSQbGC2WciSeIJwV6PArmzkwE0tEI1VqrqasmOFJHQOLnIZ01juSmE6xvSTY8ct_ITJds1JRC87AJiLwdnpX2qRXcbOLDj0X8O10Mjj-q0Tx5iQ5y-muVWFKkRNhXiLiTtQEEUKax1DSG6LTtfSgq5c5TmtkrUfmI9jskNiEf23hmT8UjEEdSvd2R58IXDHg492rDBPDb3HsJfY2RDstoAGNfE4cjUxL8_NJVDEPjZTAzdPgYRM8sM09EhJN3MwA9CEzYclPut5YTXyl7chWdAOIOVkeJl2ALVl2HEV3zl4mPLJNb8xJMT9INxIqu0YUBXAOeUmh2KhcJHE_KAjgwASDjeSumwTgBAOIBcfIuetIkAYBoAZN2AYCgAfqk59DqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcAoAjf5rAEsAgC0ggvCIBhEAEYnQEyCIqCgICAgIAIOg2AQIDAgICAgKiAAqgDSL39wTpY66HFjs2ckgOACgGYCwHICwGADAGqDQJDSOINEwiG0MWOzZySAxVdiIMHHTLuMMvqDRMI8ofGjs2ckgMVXYiDBx0y7jDL8A0BiA7___________8BsBPfnYEc0BMA2BMDghQbGhl1bHRyYXN1cmYucnUubWFsYXZpZGEuY29tiBQB2BQB0BUByhYCCgD4FgGAFwGyFw4YAioKNzAwMjE5MDI5NqoYFwkAAAAA8NHyQBIKNzAwMjE5MDI5NhgBshgJEgLtThhNIgEA0BkB%2526ae%253D1%2526num%253D1%2526cid%253DCAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE%2526sig%253DAOD64_0WUBvqSk58KdX6njzG_VICx7fUXg%2526client%253Dca-pub-2181195710737927%2526dbm_c%253DAKAmf-B4vyWUs0MutfNchUF5KM1b-FLg17IpsB4aUPfUZnr6SaXJohxsyAxCbPa_9iOGMBuy_wktUrEQmpNTML5QIKnMv3OK4wyOYOm5SSB5GFjvLSK1Fibvq_iMJ4N51WT2hOD0hJYIUzEhwqECUnyi_zyy8FRymzbzu4MH7v2PATzXV6CWl6GZsg1x-xiM_3KzgrKzha5cFZ9AFTz5HwLIXYI4Y7Wf9Ddyn9IJ13BsUzMRTAJUYMu7wRQWEhDJ_FVmgHj17hqckAICwzX1kHWJl2GznyFb7X-gkJqpf7j0PzLhvZ7rXc0%2526cry%253D1%2526dbm_d%253DAKAmf-BTFpeZVTgcslED6B70kB7cCXGQWRC1gCogHddiCiwXWYP9r1028vrtqme1YGae3j0v0PV_5mA1HerTsY5dRofJ02A9Jwyb94Cd3NcCgaBpP3APoatuH3uhAgsHQK47ywcz0dpL7XR337QFIJ6eq6LYPG7IaPTj4i9uElvnltzHPFGulBBgEsKTg4hId-rgzJB76Onun7f_y9BLDQ0oOMVCbmmUDMb9MoKZD9M2F1Wo28gTZsrPhiceQa69ESISBMsWeT2dRVtJngSNwLpjIU_2gjayfJo76ZE445vjIv-46gKmMchMojrTUDta2uMn97n5IYrHTpR4ukIH6cVTZeLRc4q1qEb8o0EhQrnsuC6ZFgwxbRCrQKop9YCwTxpMX2n5k_2BgiO2RgmL_LueNALIA-w8L_GXxI_N1k1Ot0SwMyO6Pn_K0qBg4P0GbUhUDvLO-jGWQIEC4WUHRjv33TdDhql_MAUC-0sXya8oUhz5CC8Ac6wlDYgF96U-LvC_i3yrgvCEmujCrAHONDZyINWh70F7B42HATfSaesJMsjIIcXVYFEKQMfSXeXve6U0_pEgywh1XPj1k5uK4zLhQtuHQnepYA-77g1cQmWEIDxHA-cENI6cBs3oZVauV5VV-_7NpdzaisXncR9LjEl1sZfDg-2LZAS74hk-ny91CjjE0U_co3_tl8hnzY8HVHU_9uCFAHBw6yVLn3PT0wnofDK8lAF38Q%2526adurl%253D&y=1&s=&t=&z=0

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"4d915ae0166063984af088f3105539db"
age
2260052
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zdSR7Sl5AcOlLo6Rv4a1EDfDdbmCssW0fNWs2rWS%2BYbZvatYEGoRITdW3s938NWAdMGaswjpB0MfpxRAJAy54vvqewRBs4se%2BVquFb8hQm6Q7BKzmpa1UKuqcJw%3D"}],"group":"cf-nel","max_age":604800}
expires
Thu, 22 Jan 2026 12:11:11 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 21 Jan 2026 12:11:11 GMT
content-type
text/css
last-modified
Fri, 05 Dec 2025 09:23:19 GMT
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
public, max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
9c16b6728c8cbbff-ZRH
server
cloudflare
AD9105BEFFA339C3F325362470778C0EC9E489FC4D6D0C3C18BF7C6C0E04DBA71E700542B39BE3512FD788B5C3AAA87E944A8BAC310F22ADFF67A132F2525916
assets.ad4m.at/logo/ Frame 3226 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/logo/AD9105BEFFA339C3F325362470778C0EC9E489FC4D6D0C3C18BF7C6C0E04DBA71E700542B39BE3512FD788B5C3AAA87E944A8BAC310F22ADFF67A132F2525916
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=672%2C490984%2C59372&b=YAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePp%2CDZRPf3fwfMVkxFPCmH9t1tmMpPfxSmTYx5HXgwk%2CVQqMswfmfJD4ESGCbHAtRt4bmHBSzTg1mcbxeY&f=qxg9SmfWfwghKCgHDtRC7bqueSgTJwEhpjkb%2CdpJXtEfkfAwVkFVCjHwtqCj7zgheS4T5JEHJWpY%2CmQ9BsefGfxWbJUECZHZtQC3jptKSwTe9xfb2XB&c=300&d=600&e=&g=3fbd4c37d93d121fa71b338ebbb7f713%2F7550855424939657792&i=4631%2C188175%2C26474&j=16%2C16%2C41&k=0&l=0&m=0&n=&p=&q=&o=dbm_Netmix_Reach01_Mweb&r=1768997471030&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCIRSgXsJwaZKLC92QjuwPstzD2Qyz_Im4bv6BgOXUEvAuEAEgi8KYAmD1lc6B4ATIAQmpAqia_ovzqbM-qAMByAObBKoEtgJP0LHqNxFKyoY-FoZ4GShxZNvVu0e_Ft2-j7wdij2kPMbnjHPMDaYeiCUuzD-Jl8LCbAWuen6_VSQbGC2WciSeIJwV6PArmzkwE0tEI1VqrqasmOFJHQOLnIZ01juSmE6xvSTY8ct_ITJds1JRC87AJiLwdnpX2qRXcbOLDj0X8O10Mjj-q0Tx5iQ5y-muVWFKkRNhXiLiTtQEEUKax1DSG6LTtfSgq5c5TmtkrUfmI9jskNiEf23hmT8UjEEdSvd2R58IXDHg492rDBPDb3HsJfY2RDstoAGNfE4cjUxL8_NJVDEPjZTAzdPgYRM8sM09EhJN3MwA9CEzYclPut5YTXyl7chWdAOIOVkeJl2ALVl2HEV3zl4mPLJNb8xJMT9INxIqu0YUBXAOeUmh2KhcJHE_KAjgwASDjeSumwTgBAOIBcfIuetIkAYBoAZN2AYCgAfqk59DqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcAoAjf5rAEsAgC0ggvCIBhEAEYnQEyCIqCgICAgIAIOg2AQIDAgICAgKiAAqgDSL39wTpY66HFjs2ckgOACgGYCwHICwGADAGqDQJDSOINEwiG0MWOzZySAxVdiIMHHTLuMMvqDRMI8ofGjs2ckgMVXYiDBx0y7jDL8A0BiA7___________8BsBPfnYEc0BMA2BMDghQbGhl1bHRyYXN1cmYucnUubWFsYXZpZGEuY29tiBQB2BQB0BUByhYCCgD4FgGAFwGyFw4YAioKNzAwMjE5MDI5NqoYFwkAAAAA8NHyQBIKNzAwMjE5MDI5NhgBshgJEgLtThhNIgEA0BkB%2526ae%253D1%2526num%253D1%2526cid%253DCAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE%2526sig%253DAOD64_0WUBvqSk58KdX6njzG_VICx7fUXg%2526client%253Dca-pub-2181195710737927%2526dbm_c%253DAKAmf-B4vyWUs0MutfNchUF5KM1b-FLg17IpsB4aUPfUZnr6SaXJohxsyAxCbPa_9iOGMBuy_wktUrEQmpNTML5QIKnMv3OK4wyOYOm5SSB5GFjvLSK1Fibvq_iMJ4N51WT2hOD0hJYIUzEhwqECUnyi_zyy8FRymzbzu4MH7v2PATzXV6CWl6GZsg1x-xiM_3KzgrKzha5cFZ9AFTz5HwLIXYI4Y7Wf9Ddyn9IJ13BsUzMRTAJUYMu7wRQWEhDJ_FVmgHj17hqckAICwzX1kHWJl2GznyFb7X-gkJqpf7j0PzLhvZ7rXc0%2526cry%253D1%2526dbm_d%253DAKAmf-BTFpeZVTgcslED6B70kB7cCXGQWRC1gCogHddiCiwXWYP9r1028vrtqme1YGae3j0v0PV_5mA1HerTsY5dRofJ02A9Jwyb94Cd3NcCgaBpP3APoatuH3uhAgsHQK47ywcz0dpL7XR337QFIJ6eq6LYPG7IaPTj4i9uElvnltzHPFGulBBgEsKTg4hId-rgzJB76Onun7f_y9BLDQ0oOMVCbmmUDMb9MoKZD9M2F1Wo28gTZsrPhiceQa69ESISBMsWeT2dRVtJngSNwLpjIU_2gjayfJo76ZE445vjIv-46gKmMchMojrTUDta2uMn97n5IYrHTpR4ukIH6cVTZeLRc4q1qEb8o0EhQrnsuC6ZFgwxbRCrQKop9YCwTxpMX2n5k_2BgiO2RgmL_LueNALIA-w8L_GXxI_N1k1Ot0SwMyO6Pn_K0qBg4P0GbUhUDvLO-jGWQIEC4WUHRjv33TdDhql_MAUC-0sXya8oUhz5CC8Ac6wlDYgF96U-LvC_i3yrgvCEmujCrAHONDZyINWh70F7B42HATfSaesJMsjIIcXVYFEKQMfSXeXve6U0_pEgywh1XPj1k5uK4zLhQtuHQnepYA-77g1cQmWEIDxHA-cENI6cBs3oZVauV5VV-_7NpdzaisXncR9LjEl1sZfDg-2LZAS74hk-ny91CjjE0U_co3_tl8hnzY8HVHU_9uCFAHBw6yVLn3PT0wnofDK8lAF38Q%2526adurl%253D&y=1&s=&t=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.129 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42db8f8af00180e3e012a2f2d86cd50413b1fc53eaacc38f2e625429a243ff49

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer

Response headers

cf-bgj
imgq:85,h2pri
etag
"a2d4cc45d4843e2011f21441789d3c70"
age
4677099
cf-cache-status
HIT
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=MRVIC0RDRn9FGzDPoA802Z8%2BbSWxiewNFPg56bZQRuCS3Eo2vnOiHcHWnZ6Qauv%2BlAiio4m4PDjyDAsIsVD23cyJfZLW05362UrB"}]}
cf-polished
ok
server-timing
cfExtPri
date
Wed, 21 Jan 2026 12:11:11 GMT
content-type
image/png
last-modified
Thu, 31 Jul 2025 13:16:05 GMT
vary
Accept-Encoding
priority
u=4,i
cache-control
public, max-age=315360000, immutable
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray
9c16b6729c8ebbff-ZRH
accept-ranges
bytes
content-length
2195
server
cloudflare
92F9E28AB55B836FA34DAE8D8A83CF607BA571D22673294B159845B4B0B7C0B7DB2103D984DDC9C8B92BA5202EDBC2B93725427988DBA3084876637B5D303476
assets.ad4m.at/ Frame 3226 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/92F9E28AB55B836FA34DAE8D8A83CF607BA571D22673294B159845B4B0B7C0B7DB2103D984DDC9C8B92BA5202EDBC2B93725427988DBA3084876637B5D303476
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=672%2C490984%2C59372&b=YAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePp%2CDZRPf3fwfMVkxFPCmH9t1tmMpPfxSmTYx5HXgwk%2CVQqMswfmfJD4ESGCbHAtRt4bmHBSzTg1mcbxeY&f=qxg9SmfWfwghKCgHDtRC7bqueSgTJwEhpjkb%2CdpJXtEfkfAwVkFVCjHwtqCj7zgheS4T5JEHJWpY%2CmQ9BsefGfxWbJUECZHZtQC3jptKSwTe9xfb2XB&c=300&d=600&e=&g=3fbd4c37d93d121fa71b338ebbb7f713%2F7550855424939657792&i=4631%2C188175%2C26474&j=16%2C16%2C41&k=0&l=0&m=0&n=&p=&q=&o=dbm_Netmix_Reach01_Mweb&r=1768997471030&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCIRSgXsJwaZKLC92QjuwPstzD2Qyz_Im4bv6BgOXUEvAuEAEgi8KYAmD1lc6B4ATIAQmpAqia_ovzqbM-qAMByAObBKoEtgJP0LHqNxFKyoY-FoZ4GShxZNvVu0e_Ft2-j7wdij2kPMbnjHPMDaYeiCUuzD-Jl8LCbAWuen6_VSQbGC2WciSeIJwV6PArmzkwE0tEI1VqrqasmOFJHQOLnIZ01juSmE6xvSTY8ct_ITJds1JRC87AJiLwdnpX2qRXcbOLDj0X8O10Mjj-q0Tx5iQ5y-muVWFKkRNhXiLiTtQEEUKax1DSG6LTtfSgq5c5TmtkrUfmI9jskNiEf23hmT8UjEEdSvd2R58IXDHg492rDBPDb3HsJfY2RDstoAGNfE4cjUxL8_NJVDEPjZTAzdPgYRM8sM09EhJN3MwA9CEzYclPut5YTXyl7chWdAOIOVkeJl2ALVl2HEV3zl4mPLJNb8xJMT9INxIqu0YUBXAOeUmh2KhcJHE_KAjgwASDjeSumwTgBAOIBcfIuetIkAYBoAZN2AYCgAfqk59DqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcAoAjf5rAEsAgC0ggvCIBhEAEYnQEyCIqCgICAgIAIOg2AQIDAgICAgKiAAqgDSL39wTpY66HFjs2ckgOACgGYCwHICwGADAGqDQJDSOINEwiG0MWOzZySAxVdiIMHHTLuMMvqDRMI8ofGjs2ckgMVXYiDBx0y7jDL8A0BiA7___________8BsBPfnYEc0BMA2BMDghQbGhl1bHRyYXN1cmYucnUubWFsYXZpZGEuY29tiBQB2BQB0BUByhYCCgD4FgGAFwGyFw4YAioKNzAwMjE5MDI5NqoYFwkAAAAA8NHyQBIKNzAwMjE5MDI5NhgBshgJEgLtThhNIgEA0BkB%2526ae%253D1%2526num%253D1%2526cid%253DCAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE%2526sig%253DAOD64_0WUBvqSk58KdX6njzG_VICx7fUXg%2526client%253Dca-pub-2181195710737927%2526dbm_c%253DAKAmf-B4vyWUs0MutfNchUF5KM1b-FLg17IpsB4aUPfUZnr6SaXJohxsyAxCbPa_9iOGMBuy_wktUrEQmpNTML5QIKnMv3OK4wyOYOm5SSB5GFjvLSK1Fibvq_iMJ4N51WT2hOD0hJYIUzEhwqECUnyi_zyy8FRymzbzu4MH7v2PATzXV6CWl6GZsg1x-xiM_3KzgrKzha5cFZ9AFTz5HwLIXYI4Y7Wf9Ddyn9IJ13BsUzMRTAJUYMu7wRQWEhDJ_FVmgHj17hqckAICwzX1kHWJl2GznyFb7X-gkJqpf7j0PzLhvZ7rXc0%2526cry%253D1%2526dbm_d%253DAKAmf-BTFpeZVTgcslED6B70kB7cCXGQWRC1gCogHddiCiwXWYP9r1028vrtqme1YGae3j0v0PV_5mA1HerTsY5dRofJ02A9Jwyb94Cd3NcCgaBpP3APoatuH3uhAgsHQK47ywcz0dpL7XR337QFIJ6eq6LYPG7IaPTj4i9uElvnltzHPFGulBBgEsKTg4hId-rgzJB76Onun7f_y9BLDQ0oOMVCbmmUDMb9MoKZD9M2F1Wo28gTZsrPhiceQa69ESISBMsWeT2dRVtJngSNwLpjIU_2gjayfJo76ZE445vjIv-46gKmMchMojrTUDta2uMn97n5IYrHTpR4ukIH6cVTZeLRc4q1qEb8o0EhQrnsuC6ZFgwxbRCrQKop9YCwTxpMX2n5k_2BgiO2RgmL_LueNALIA-w8L_GXxI_N1k1Ot0SwMyO6Pn_K0qBg4P0GbUhUDvLO-jGWQIEC4WUHRjv33TdDhql_MAUC-0sXya8oUhz5CC8Ac6wlDYgF96U-LvC_i3yrgvCEmujCrAHONDZyINWh70F7B42HATfSaesJMsjIIcXVYFEKQMfSXeXve6U0_pEgywh1XPj1k5uK4zLhQtuHQnepYA-77g1cQmWEIDxHA-cENI6cBs3oZVauV5VV-_7NpdzaisXncR9LjEl1sZfDg-2LZAS74hk-ny91CjjE0U_co3_tl8hnzY8HVHU_9uCFAHBw6yVLn3PT0wnofDK8lAF38Q%2526adurl%253D&y=1&s=&t=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.129 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac717ebd92348428353e1e0166042fa0f0f760717cbd6a82ecbb14eb55dee7f9

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer

Response headers

cf-bgj
imgq:85,h2pri
etag
"50857580f7d0c799b9e8ff3329be5231"
age
1438256
cf-cache-status
HIT
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=8PetNAnZ4eX6iLBznL4vlmNRpKepLJqjR%2FtkJojG86oFHmcU7JbTXPRINcl%2B6JjOpIjJ8lm6AVSYXvigBU5e9x5IlLZWPlVaBB4e"}]}
cf-polished
webp_bigger
server-timing
cfExtPri
date
Wed, 21 Jan 2026 12:11:11 GMT
content-type
image/jpeg
last-modified
Sun, 04 Jan 2026 20:40:14 GMT
vary
Accept-Encoding
priority
u=1,i
cache-control
public, max-age=315360000, immutable
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray
9c16b6729c92bbff-ZRH
accept-ranges
bytes
content-length
23912
server
cloudflare
zanox-captrader-htlp.php
captrader-tracking.de/ Frame 3226
Redirect Chain
  • https://www.awin1.com/cshow.php?s=3065912&v=11795&q=430656&r=412871&pv=1&pref3=oneidYAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePponeid__dbm_Netmix_Reach01_Mweb&gdpr_consent=&gdpr=0&gdpr_pd=0
  • https://captrader-tracking.de/zanox-captrader-htlp.php
0
0
FC3EBC00BD63728CDED7BF49C90089F0AD060D19BAC0CC7D24DD7223868536C4D9FD0FDC781B72F45D97ADF434B98DCA70652A20CF09E9F68F06C8B1644B1447
assets.ad4m.at/logo/ Frame 3226 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/logo/FC3EBC00BD63728CDED7BF49C90089F0AD060D19BAC0CC7D24DD7223868536C4D9FD0FDC781B72F45D97ADF434B98DCA70652A20CF09E9F68F06C8B1644B1447
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=672%2C490984%2C59372&b=YAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePp%2CDZRPf3fwfMVkxFPCmH9t1tmMpPfxSmTYx5HXgwk%2CVQqMswfmfJD4ESGCbHAtRt4bmHBSzTg1mcbxeY&f=qxg9SmfWfwghKCgHDtRC7bqueSgTJwEhpjkb%2CdpJXtEfkfAwVkFVCjHwtqCj7zgheS4T5JEHJWpY%2CmQ9BsefGfxWbJUECZHZtQC3jptKSwTe9xfb2XB&c=300&d=600&e=&g=3fbd4c37d93d121fa71b338ebbb7f713%2F7550855424939657792&i=4631%2C188175%2C26474&j=16%2C16%2C41&k=0&l=0&m=0&n=&p=&q=&o=dbm_Netmix_Reach01_Mweb&r=1768997471030&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCIRSgXsJwaZKLC92QjuwPstzD2Qyz_Im4bv6BgOXUEvAuEAEgi8KYAmD1lc6B4ATIAQmpAqia_ovzqbM-qAMByAObBKoEtgJP0LHqNxFKyoY-FoZ4GShxZNvVu0e_Ft2-j7wdij2kPMbnjHPMDaYeiCUuzD-Jl8LCbAWuen6_VSQbGC2WciSeIJwV6PArmzkwE0tEI1VqrqasmOFJHQOLnIZ01juSmE6xvSTY8ct_ITJds1JRC87AJiLwdnpX2qRXcbOLDj0X8O10Mjj-q0Tx5iQ5y-muVWFKkRNhXiLiTtQEEUKax1DSG6LTtfSgq5c5TmtkrUfmI9jskNiEf23hmT8UjEEdSvd2R58IXDHg492rDBPDb3HsJfY2RDstoAGNfE4cjUxL8_NJVDEPjZTAzdPgYRM8sM09EhJN3MwA9CEzYclPut5YTXyl7chWdAOIOVkeJl2ALVl2HEV3zl4mPLJNb8xJMT9INxIqu0YUBXAOeUmh2KhcJHE_KAjgwASDjeSumwTgBAOIBcfIuetIkAYBoAZN2AYCgAfqk59DqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcAoAjf5rAEsAgC0ggvCIBhEAEYnQEyCIqCgICAgIAIOg2AQIDAgICAgKiAAqgDSL39wTpY66HFjs2ckgOACgGYCwHICwGADAGqDQJDSOINEwiG0MWOzZySAxVdiIMHHTLuMMvqDRMI8ofGjs2ckgMVXYiDBx0y7jDL8A0BiA7___________8BsBPfnYEc0BMA2BMDghQbGhl1bHRyYXN1cmYucnUubWFsYXZpZGEuY29tiBQB2BQB0BUByhYCCgD4FgGAFwGyFw4YAioKNzAwMjE5MDI5NqoYFwkAAAAA8NHyQBIKNzAwMjE5MDI5NhgBshgJEgLtThhNIgEA0BkB%2526ae%253D1%2526num%253D1%2526cid%253DCAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE%2526sig%253DAOD64_0WUBvqSk58KdX6njzG_VICx7fUXg%2526client%253Dca-pub-2181195710737927%2526dbm_c%253DAKAmf-B4vyWUs0MutfNchUF5KM1b-FLg17IpsB4aUPfUZnr6SaXJohxsyAxCbPa_9iOGMBuy_wktUrEQmpNTML5QIKnMv3OK4wyOYOm5SSB5GFjvLSK1Fibvq_iMJ4N51WT2hOD0hJYIUzEhwqECUnyi_zyy8FRymzbzu4MH7v2PATzXV6CWl6GZsg1x-xiM_3KzgrKzha5cFZ9AFTz5HwLIXYI4Y7Wf9Ddyn9IJ13BsUzMRTAJUYMu7wRQWEhDJ_FVmgHj17hqckAICwzX1kHWJl2GznyFb7X-gkJqpf7j0PzLhvZ7rXc0%2526cry%253D1%2526dbm_d%253DAKAmf-BTFpeZVTgcslED6B70kB7cCXGQWRC1gCogHddiCiwXWYP9r1028vrtqme1YGae3j0v0PV_5mA1HerTsY5dRofJ02A9Jwyb94Cd3NcCgaBpP3APoatuH3uhAgsHQK47ywcz0dpL7XR337QFIJ6eq6LYPG7IaPTj4i9uElvnltzHPFGulBBgEsKTg4hId-rgzJB76Onun7f_y9BLDQ0oOMVCbmmUDMb9MoKZD9M2F1Wo28gTZsrPhiceQa69ESISBMsWeT2dRVtJngSNwLpjIU_2gjayfJo76ZE445vjIv-46gKmMchMojrTUDta2uMn97n5IYrHTpR4ukIH6cVTZeLRc4q1qEb8o0EhQrnsuC6ZFgwxbRCrQKop9YCwTxpMX2n5k_2BgiO2RgmL_LueNALIA-w8L_GXxI_N1k1Ot0SwMyO6Pn_K0qBg4P0GbUhUDvLO-jGWQIEC4WUHRjv33TdDhql_MAUC-0sXya8oUhz5CC8Ac6wlDYgF96U-LvC_i3yrgvCEmujCrAHONDZyINWh70F7B42HATfSaesJMsjIIcXVYFEKQMfSXeXve6U0_pEgywh1XPj1k5uK4zLhQtuHQnepYA-77g1cQmWEIDxHA-cENI6cBs3oZVauV5VV-_7NpdzaisXncR9LjEl1sZfDg-2LZAS74hk-ny91CjjE0U_co3_tl8hnzY8HVHU_9uCFAHBw6yVLn3PT0wnofDK8lAF38Q%2526adurl%253D&y=1&s=&t=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.129 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d15b8cf878d31b6deef7216e09874c9d612e3940831ff5d236af10f5397908c

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer

Response headers

cf-bgj
imgq:85,h2pri
etag
"a1d18a1ed823263abf3c22a49562fb8b"
age
4785590
cf-cache-status
HIT
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=mF2aNktuOamIRLpHAHbbY9JBJI2OYkobFM4PTYEkQNcNfsTCiQaHQypA20NeYPf1CjS9xAsK6KRehB8hOo7QFqEyPKrPV4ntfGk3"}]}
cf-polished
webp_bigger
server-timing
cfExtPri
date
Wed, 21 Jan 2026 12:11:11 GMT
content-type
image/png
last-modified
Thu, 31 Jul 2025 15:40:31 GMT
vary
Accept-Encoding
priority
u=4,i
cache-control
public, max-age=315360000, immutable
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray
9c16b6729c93bbff-ZRH
accept-ranges
bytes
content-length
2390
server
cloudflare
C356921971DB52B4943FBED1DB5DEE5BF89AFD3E4B08064F949CE297CFDA683A8E2C698EAD58CF8A41FC97633B752F5235D1CFF6C1A859C349A8305044834AB2
assets.ad4m.at/ Frame 3226 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/C356921971DB52B4943FBED1DB5DEE5BF89AFD3E4B08064F949CE297CFDA683A8E2C698EAD58CF8A41FC97633B752F5235D1CFF6C1A859C349A8305044834AB2
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=672%2C490984%2C59372&b=YAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePp%2CDZRPf3fwfMVkxFPCmH9t1tmMpPfxSmTYx5HXgwk%2CVQqMswfmfJD4ESGCbHAtRt4bmHBSzTg1mcbxeY&f=qxg9SmfWfwghKCgHDtRC7bqueSgTJwEhpjkb%2CdpJXtEfkfAwVkFVCjHwtqCj7zgheS4T5JEHJWpY%2CmQ9BsefGfxWbJUECZHZtQC3jptKSwTe9xfb2XB&c=300&d=600&e=&g=3fbd4c37d93d121fa71b338ebbb7f713%2F7550855424939657792&i=4631%2C188175%2C26474&j=16%2C16%2C41&k=0&l=0&m=0&n=&p=&q=&o=dbm_Netmix_Reach01_Mweb&r=1768997471030&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCIRSgXsJwaZKLC92QjuwPstzD2Qyz_Im4bv6BgOXUEvAuEAEgi8KYAmD1lc6B4ATIAQmpAqia_ovzqbM-qAMByAObBKoEtgJP0LHqNxFKyoY-FoZ4GShxZNvVu0e_Ft2-j7wdij2kPMbnjHPMDaYeiCUuzD-Jl8LCbAWuen6_VSQbGC2WciSeIJwV6PArmzkwE0tEI1VqrqasmOFJHQOLnIZ01juSmE6xvSTY8ct_ITJds1JRC87AJiLwdnpX2qRXcbOLDj0X8O10Mjj-q0Tx5iQ5y-muVWFKkRNhXiLiTtQEEUKax1DSG6LTtfSgq5c5TmtkrUfmI9jskNiEf23hmT8UjEEdSvd2R58IXDHg492rDBPDb3HsJfY2RDstoAGNfE4cjUxL8_NJVDEPjZTAzdPgYRM8sM09EhJN3MwA9CEzYclPut5YTXyl7chWdAOIOVkeJl2ALVl2HEV3zl4mPLJNb8xJMT9INxIqu0YUBXAOeUmh2KhcJHE_KAjgwASDjeSumwTgBAOIBcfIuetIkAYBoAZN2AYCgAfqk59DqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcAoAjf5rAEsAgC0ggvCIBhEAEYnQEyCIqCgICAgIAIOg2AQIDAgICAgKiAAqgDSL39wTpY66HFjs2ckgOACgGYCwHICwGADAGqDQJDSOINEwiG0MWOzZySAxVdiIMHHTLuMMvqDRMI8ofGjs2ckgMVXYiDBx0y7jDL8A0BiA7___________8BsBPfnYEc0BMA2BMDghQbGhl1bHRyYXN1cmYucnUubWFsYXZpZGEuY29tiBQB2BQB0BUByhYCCgD4FgGAFwGyFw4YAioKNzAwMjE5MDI5NqoYFwkAAAAA8NHyQBIKNzAwMjE5MDI5NhgBshgJEgLtThhNIgEA0BkB%2526ae%253D1%2526num%253D1%2526cid%253DCAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE%2526sig%253DAOD64_0WUBvqSk58KdX6njzG_VICx7fUXg%2526client%253Dca-pub-2181195710737927%2526dbm_c%253DAKAmf-B4vyWUs0MutfNchUF5KM1b-FLg17IpsB4aUPfUZnr6SaXJohxsyAxCbPa_9iOGMBuy_wktUrEQmpNTML5QIKnMv3OK4wyOYOm5SSB5GFjvLSK1Fibvq_iMJ4N51WT2hOD0hJYIUzEhwqECUnyi_zyy8FRymzbzu4MH7v2PATzXV6CWl6GZsg1x-xiM_3KzgrKzha5cFZ9AFTz5HwLIXYI4Y7Wf9Ddyn9IJ13BsUzMRTAJUYMu7wRQWEhDJ_FVmgHj17hqckAICwzX1kHWJl2GznyFb7X-gkJqpf7j0PzLhvZ7rXc0%2526cry%253D1%2526dbm_d%253DAKAmf-BTFpeZVTgcslED6B70kB7cCXGQWRC1gCogHddiCiwXWYP9r1028vrtqme1YGae3j0v0PV_5mA1HerTsY5dRofJ02A9Jwyb94Cd3NcCgaBpP3APoatuH3uhAgsHQK47ywcz0dpL7XR337QFIJ6eq6LYPG7IaPTj4i9uElvnltzHPFGulBBgEsKTg4hId-rgzJB76Onun7f_y9BLDQ0oOMVCbmmUDMb9MoKZD9M2F1Wo28gTZsrPhiceQa69ESISBMsWeT2dRVtJngSNwLpjIU_2gjayfJo76ZE445vjIv-46gKmMchMojrTUDta2uMn97n5IYrHTpR4ukIH6cVTZeLRc4q1qEb8o0EhQrnsuC6ZFgwxbRCrQKop9YCwTxpMX2n5k_2BgiO2RgmL_LueNALIA-w8L_GXxI_N1k1Ot0SwMyO6Pn_K0qBg4P0GbUhUDvLO-jGWQIEC4WUHRjv33TdDhql_MAUC-0sXya8oUhz5CC8Ac6wlDYgF96U-LvC_i3yrgvCEmujCrAHONDZyINWh70F7B42HATfSaesJMsjIIcXVYFEKQMfSXeXve6U0_pEgywh1XPj1k5uK4zLhQtuHQnepYA-77g1cQmWEIDxHA-cENI6cBs3oZVauV5VV-_7NpdzaisXncR9LjEl1sZfDg-2LZAS74hk-ny91CjjE0U_co3_tl8hnzY8HVHU_9uCFAHBw6yVLn3PT0wnofDK8lAF38Q%2526adurl%253D&y=1&s=&t=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.129 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65e308187351398e32580e3c7a416cd281216d02ca28b4cdef13ca884f1c2663

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"6e833ddc25cd03ae9a529219cfd5c4ea"
age
4383799
cf-bgj
imgq:85,h2pri
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=QsyvFFA%2Btun0HdJyjU%2FOfmT2%2FxKTtY7B4yhP2NqNt4Z6t0cyxyrkduTyP6mfdIoyYtCbMfmrggd70UNBi9MAGa0QXABhGfDqAkTX"}]}
cf-polished
webp_bigger
server-timing
cfExtPri
date
Wed, 21 Jan 2026 12:11:11 GMT
content-type
image/jpeg
last-modified
Thu, 11 Jan 2024 12:22:48 GMT
vary
Accept-Encoding
priority
u=1,i
cache-control
public, max-age=315360000, immutable
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray
9c16b6729c8fbbff-ZRH
accept-ranges
bytes
content-length
33345
server
cloudflare
cshow.php
www.awin1.com/ Frame 3226 		43 B
701 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.awin1.com/cshow.php?s=2026324&v=9145&q=320355&r=412871&pv=1&pref3=oneidDZRPf3fwfMVkxFPCmH9t1tmMpPfxSmTYx5HXgwkoneid__dbm_Netmix_Reach01_Mweb&gdpr_consent=&gdpr=0&gdpr_pd=0
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=672%2C490984%2C59372&b=YAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePp%2CDZRPf3fwfMVkxFPCmH9t1tmMpPfxSmTYx5HXgwk%2CVQqMswfmfJD4ESGCbHAtRt4bmHBSzTg1mcbxeY&f=qxg9SmfWfwghKCgHDtRC7bqueSgTJwEhpjkb%2CdpJXtEfkfAwVkFVCjHwtqCj7zgheS4T5JEHJWpY%2CmQ9BsefGfxWbJUECZHZtQC3jptKSwTe9xfb2XB&c=300&d=600&e=&g=3fbd4c37d93d121fa71b338ebbb7f713%2F7550855424939657792&i=4631%2C188175%2C26474&j=16%2C16%2C41&k=0&l=0&m=0&n=&p=&q=&o=dbm_Netmix_Reach01_Mweb&r=1768997471030&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCIRSgXsJwaZKLC92QjuwPstzD2Qyz_Im4bv6BgOXUEvAuEAEgi8KYAmD1lc6B4ATIAQmpAqia_ovzqbM-qAMByAObBKoEtgJP0LHqNxFKyoY-FoZ4GShxZNvVu0e_Ft2-j7wdij2kPMbnjHPMDaYeiCUuzD-Jl8LCbAWuen6_VSQbGC2WciSeIJwV6PArmzkwE0tEI1VqrqasmOFJHQOLnIZ01juSmE6xvSTY8ct_ITJds1JRC87AJiLwdnpX2qRXcbOLDj0X8O10Mjj-q0Tx5iQ5y-muVWFKkRNhXiLiTtQEEUKax1DSG6LTtfSgq5c5TmtkrUfmI9jskNiEf23hmT8UjEEdSvd2R58IXDHg492rDBPDb3HsJfY2RDstoAGNfE4cjUxL8_NJVDEPjZTAzdPgYRM8sM09EhJN3MwA9CEzYclPut5YTXyl7chWdAOIOVkeJl2ALVl2HEV3zl4mPLJNb8xJMT9INxIqu0YUBXAOeUmh2KhcJHE_KAjgwASDjeSumwTgBAOIBcfIuetIkAYBoAZN2AYCgAfqk59DqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcAoAjf5rAEsAgC0ggvCIBhEAEYnQEyCIqCgICAgIAIOg2AQIDAgICAgKiAAqgDSL39wTpY66HFjs2ckgOACgGYCwHICwGADAGqDQJDSOINEwiG0MWOzZySAxVdiIMHHTLuMMvqDRMI8ofGjs2ckgMVXYiDBx0y7jDL8A0BiA7___________8BsBPfnYEc0BMA2BMDghQbGhl1bHRyYXN1cmYucnUubWFsYXZpZGEuY29tiBQB2BQB0BUByhYCCgD4FgGAFwGyFw4YAioKNzAwMjE5MDI5NqoYFwkAAAAA8NHyQBIKNzAwMjE5MDI5NhgBshgJEgLtThhNIgEA0BkB%2526ae%253D1%2526num%253D1%2526cid%253DCAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE%2526sig%253DAOD64_0WUBvqSk58KdX6njzG_VICx7fUXg%2526client%253Dca-pub-2181195710737927%2526dbm_c%253DAKAmf-B4vyWUs0MutfNchUF5KM1b-FLg17IpsB4aUPfUZnr6SaXJohxsyAxCbPa_9iOGMBuy_wktUrEQmpNTML5QIKnMv3OK4wyOYOm5SSB5GFjvLSK1Fibvq_iMJ4N51WT2hOD0hJYIUzEhwqECUnyi_zyy8FRymzbzu4MH7v2PATzXV6CWl6GZsg1x-xiM_3KzgrKzha5cFZ9AFTz5HwLIXYI4Y7Wf9Ddyn9IJ13BsUzMRTAJUYMu7wRQWEhDJ_FVmgHj17hqckAICwzX1kHWJl2GznyFb7X-gkJqpf7j0PzLhvZ7rXc0%2526cry%253D1%2526dbm_d%253DAKAmf-BTFpeZVTgcslED6B70kB7cCXGQWRC1gCogHddiCiwXWYP9r1028vrtqme1YGae3j0v0PV_5mA1HerTsY5dRofJ02A9Jwyb94Cd3NcCgaBpP3APoatuH3uhAgsHQK47ywcz0dpL7XR337QFIJ6eq6LYPG7IaPTj4i9uElvnltzHPFGulBBgEsKTg4hId-rgzJB76Onun7f_y9BLDQ0oOMVCbmmUDMb9MoKZD9M2F1Wo28gTZsrPhiceQa69ESISBMsWeT2dRVtJngSNwLpjIU_2gjayfJo76ZE445vjIv-46gKmMchMojrTUDta2uMn97n5IYrHTpR4ukIH6cVTZeLRc4q1qEb8o0EhQrnsuC6ZFgwxbRCrQKop9YCwTxpMX2n5k_2BgiO2RgmL_LueNALIA-w8L_GXxI_N1k1Ot0SwMyO6Pn_K0qBg4P0GbUhUDvLO-jGWQIEC4WUHRjv33TdDhql_MAUC-0sXya8oUhz5CC8Ac6wlDYgF96U-LvC_i3yrgvCEmujCrAHONDZyINWh70F7B42HATfSaesJMsjIIcXVYFEKQMfSXeXve6U0_pEgywh1XPj1k5uK4zLhQtuHQnepYA-77g1cQmWEIDxHA-cENI6cBs3oZVauV5VV-_7NpdzaisXncR9LjEl1sZfDg-2LZAS74hk-ny91CjjE0U_co3_tl8hnzY8HVHU_9uCFAHBw6yVLn3PT0wnofDK8lAF38Q%2526adurl%253D&y=1&s=&t=&z=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.197.133.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-197-133-195.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer

Response headers

Strict-Transport-Security
max-age=86400
Cache-Control
no-store, no-cache, max-age=0, must-revalidate
Pragma
no-cache
Connection
keep-alive
Expires
0
Awin-Akamai-Rule-Set
default
Content-Length
43
Node
Helix
Date
Wed, 21 Jan 2026 12:11:11 GMT
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Content-Type
image/gif
E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
assets.ad4m.at/logo/ Frame 3226 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/logo/E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=672%2C490984%2C59372&b=YAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePp%2CDZRPf3fwfMVkxFPCmH9t1tmMpPfxSmTYx5HXgwk%2CVQqMswfmfJD4ESGCbHAtRt4bmHBSzTg1mcbxeY&f=qxg9SmfWfwghKCgHDtRC7bqueSgTJwEhpjkb%2CdpJXtEfkfAwVkFVCjHwtqCj7zgheS4T5JEHJWpY%2CmQ9BsefGfxWbJUECZHZtQC3jptKSwTe9xfb2XB&c=300&d=600&e=&g=3fbd4c37d93d121fa71b338ebbb7f713%2F7550855424939657792&i=4631%2C188175%2C26474&j=16%2C16%2C41&k=0&l=0&m=0&n=&p=&q=&o=dbm_Netmix_Reach01_Mweb&r=1768997471030&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCIRSgXsJwaZKLC92QjuwPstzD2Qyz_Im4bv6BgOXUEvAuEAEgi8KYAmD1lc6B4ATIAQmpAqia_ovzqbM-qAMByAObBKoEtgJP0LHqNxFKyoY-FoZ4GShxZNvVu0e_Ft2-j7wdij2kPMbnjHPMDaYeiCUuzD-Jl8LCbAWuen6_VSQbGC2WciSeIJwV6PArmzkwE0tEI1VqrqasmOFJHQOLnIZ01juSmE6xvSTY8ct_ITJds1JRC87AJiLwdnpX2qRXcbOLDj0X8O10Mjj-q0Tx5iQ5y-muVWFKkRNhXiLiTtQEEUKax1DSG6LTtfSgq5c5TmtkrUfmI9jskNiEf23hmT8UjEEdSvd2R58IXDHg492rDBPDb3HsJfY2RDstoAGNfE4cjUxL8_NJVDEPjZTAzdPgYRM8sM09EhJN3MwA9CEzYclPut5YTXyl7chWdAOIOVkeJl2ALVl2HEV3zl4mPLJNb8xJMT9INxIqu0YUBXAOeUmh2KhcJHE_KAjgwASDjeSumwTgBAOIBcfIuetIkAYBoAZN2AYCgAfqk59DqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcAoAjf5rAEsAgC0ggvCIBhEAEYnQEyCIqCgICAgIAIOg2AQIDAgICAgKiAAqgDSL39wTpY66HFjs2ckgOACgGYCwHICwGADAGqDQJDSOINEwiG0MWOzZySAxVdiIMHHTLuMMvqDRMI8ofGjs2ckgMVXYiDBx0y7jDL8A0BiA7___________8BsBPfnYEc0BMA2BMDghQbGhl1bHRyYXN1cmYucnUubWFsYXZpZGEuY29tiBQB2BQB0BUByhYCCgD4FgGAFwGyFw4YAioKNzAwMjE5MDI5NqoYFwkAAAAA8NHyQBIKNzAwMjE5MDI5NhgBshgJEgLtThhNIgEA0BkB%2526ae%253D1%2526num%253D1%2526cid%253DCAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE%2526sig%253DAOD64_0WUBvqSk58KdX6njzG_VICx7fUXg%2526client%253Dca-pub-2181195710737927%2526dbm_c%253DAKAmf-B4vyWUs0MutfNchUF5KM1b-FLg17IpsB4aUPfUZnr6SaXJohxsyAxCbPa_9iOGMBuy_wktUrEQmpNTML5QIKnMv3OK4wyOYOm5SSB5GFjvLSK1Fibvq_iMJ4N51WT2hOD0hJYIUzEhwqECUnyi_zyy8FRymzbzu4MH7v2PATzXV6CWl6GZsg1x-xiM_3KzgrKzha5cFZ9AFTz5HwLIXYI4Y7Wf9Ddyn9IJ13BsUzMRTAJUYMu7wRQWEhDJ_FVmgHj17hqckAICwzX1kHWJl2GznyFb7X-gkJqpf7j0PzLhvZ7rXc0%2526cry%253D1%2526dbm_d%253DAKAmf-BTFpeZVTgcslED6B70kB7cCXGQWRC1gCogHddiCiwXWYP9r1028vrtqme1YGae3j0v0PV_5mA1HerTsY5dRofJ02A9Jwyb94Cd3NcCgaBpP3APoatuH3uhAgsHQK47ywcz0dpL7XR337QFIJ6eq6LYPG7IaPTj4i9uElvnltzHPFGulBBgEsKTg4hId-rgzJB76Onun7f_y9BLDQ0oOMVCbmmUDMb9MoKZD9M2F1Wo28gTZsrPhiceQa69ESISBMsWeT2dRVtJngSNwLpjIU_2gjayfJo76ZE445vjIv-46gKmMchMojrTUDta2uMn97n5IYrHTpR4ukIH6cVTZeLRc4q1qEb8o0EhQrnsuC6ZFgwxbRCrQKop9YCwTxpMX2n5k_2BgiO2RgmL_LueNALIA-w8L_GXxI_N1k1Ot0SwMyO6Pn_K0qBg4P0GbUhUDvLO-jGWQIEC4WUHRjv33TdDhql_MAUC-0sXya8oUhz5CC8Ac6wlDYgF96U-LvC_i3yrgvCEmujCrAHONDZyINWh70F7B42HATfSaesJMsjIIcXVYFEKQMfSXeXve6U0_pEgywh1XPj1k5uK4zLhQtuHQnepYA-77g1cQmWEIDxHA-cENI6cBs3oZVauV5VV-_7NpdzaisXncR9LjEl1sZfDg-2LZAS74hk-ny91CjjE0U_co3_tl8hnzY8HVHU_9uCFAHBw6yVLn3PT0wnofDK8lAF38Q%2526adurl%253D&y=1&s=&t=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.129 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
175ab4db36c48421fb1868cf5d9af547f757560d2b04402658eec706fd9a4f10

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"8079c6f45c6199b626698777fcfa2bc0"
age
2358153
cf-bgj
imgq:85,h2pri
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=s3PnB1FIu5tJbvma6RAE6OpetYt1z%2FD62W4yxZTW2nuQd6kVtblshLbXjz2eACG3EBZwNksa2W%2FSRDqfB%2BNcepWkleknU%2BCJZ3yb"}]}
cf-polished
webp_bigger
server-timing
cfExtPri
date
Wed, 21 Jan 2026 12:11:11 GMT
content-type
image/png
last-modified
Wed, 25 Sep 2024 07:06:22 GMT
vary
Accept-Encoding
priority
u=4,i
cache-control
public, max-age=315360000, immutable
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray
9c16b6729c91bbff-ZRH
accept-ranges
bytes
content-length
5524
server
cloudflare
F488D605D0037736886CC805B45A92F1DB8C9D719CBC0900C6B8C4BBA072D8FDA8FD74D5A87FEED1B5857E5B804CAE00D899A4ED087E36E0DB85FC062CCF009F
assets.ad4m.at/ Frame 3226 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/F488D605D0037736886CC805B45A92F1DB8C9D719CBC0900C6B8C4BBA072D8FDA8FD74D5A87FEED1B5857E5B804CAE00D899A4ED087E36E0DB85FC062CCF009F
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=672%2C490984%2C59372&b=YAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePp%2CDZRPf3fwfMVkxFPCmH9t1tmMpPfxSmTYx5HXgwk%2CVQqMswfmfJD4ESGCbHAtRt4bmHBSzTg1mcbxeY&f=qxg9SmfWfwghKCgHDtRC7bqueSgTJwEhpjkb%2CdpJXtEfkfAwVkFVCjHwtqCj7zgheS4T5JEHJWpY%2CmQ9BsefGfxWbJUECZHZtQC3jptKSwTe9xfb2XB&c=300&d=600&e=&g=3fbd4c37d93d121fa71b338ebbb7f713%2F7550855424939657792&i=4631%2C188175%2C26474&j=16%2C16%2C41&k=0&l=0&m=0&n=&p=&q=&o=dbm_Netmix_Reach01_Mweb&r=1768997471030&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCIRSgXsJwaZKLC92QjuwPstzD2Qyz_Im4bv6BgOXUEvAuEAEgi8KYAmD1lc6B4ATIAQmpAqia_ovzqbM-qAMByAObBKoEtgJP0LHqNxFKyoY-FoZ4GShxZNvVu0e_Ft2-j7wdij2kPMbnjHPMDaYeiCUuzD-Jl8LCbAWuen6_VSQbGC2WciSeIJwV6PArmzkwE0tEI1VqrqasmOFJHQOLnIZ01juSmE6xvSTY8ct_ITJds1JRC87AJiLwdnpX2qRXcbOLDj0X8O10Mjj-q0Tx5iQ5y-muVWFKkRNhXiLiTtQEEUKax1DSG6LTtfSgq5c5TmtkrUfmI9jskNiEf23hmT8UjEEdSvd2R58IXDHg492rDBPDb3HsJfY2RDstoAGNfE4cjUxL8_NJVDEPjZTAzdPgYRM8sM09EhJN3MwA9CEzYclPut5YTXyl7chWdAOIOVkeJl2ALVl2HEV3zl4mPLJNb8xJMT9INxIqu0YUBXAOeUmh2KhcJHE_KAjgwASDjeSumwTgBAOIBcfIuetIkAYBoAZN2AYCgAfqk59DqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcAoAjf5rAEsAgC0ggvCIBhEAEYnQEyCIqCgICAgIAIOg2AQIDAgICAgKiAAqgDSL39wTpY66HFjs2ckgOACgGYCwHICwGADAGqDQJDSOINEwiG0MWOzZySAxVdiIMHHTLuMMvqDRMI8ofGjs2ckgMVXYiDBx0y7jDL8A0BiA7___________8BsBPfnYEc0BMA2BMDghQbGhl1bHRyYXN1cmYucnUubWFsYXZpZGEuY29tiBQB2BQB0BUByhYCCgD4FgGAFwGyFw4YAioKNzAwMjE5MDI5NqoYFwkAAAAA8NHyQBIKNzAwMjE5MDI5NhgBshgJEgLtThhNIgEA0BkB%2526ae%253D1%2526num%253D1%2526cid%253DCAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE%2526sig%253DAOD64_0WUBvqSk58KdX6njzG_VICx7fUXg%2526client%253Dca-pub-2181195710737927%2526dbm_c%253DAKAmf-B4vyWUs0MutfNchUF5KM1b-FLg17IpsB4aUPfUZnr6SaXJohxsyAxCbPa_9iOGMBuy_wktUrEQmpNTML5QIKnMv3OK4wyOYOm5SSB5GFjvLSK1Fibvq_iMJ4N51WT2hOD0hJYIUzEhwqECUnyi_zyy8FRymzbzu4MH7v2PATzXV6CWl6GZsg1x-xiM_3KzgrKzha5cFZ9AFTz5HwLIXYI4Y7Wf9Ddyn9IJ13BsUzMRTAJUYMu7wRQWEhDJ_FVmgHj17hqckAICwzX1kHWJl2GznyFb7X-gkJqpf7j0PzLhvZ7rXc0%2526cry%253D1%2526dbm_d%253DAKAmf-BTFpeZVTgcslED6B70kB7cCXGQWRC1gCogHddiCiwXWYP9r1028vrtqme1YGae3j0v0PV_5mA1HerTsY5dRofJ02A9Jwyb94Cd3NcCgaBpP3APoatuH3uhAgsHQK47ywcz0dpL7XR337QFIJ6eq6LYPG7IaPTj4i9uElvnltzHPFGulBBgEsKTg4hId-rgzJB76Onun7f_y9BLDQ0oOMVCbmmUDMb9MoKZD9M2F1Wo28gTZsrPhiceQa69ESISBMsWeT2dRVtJngSNwLpjIU_2gjayfJo76ZE445vjIv-46gKmMchMojrTUDta2uMn97n5IYrHTpR4ukIH6cVTZeLRc4q1qEb8o0EhQrnsuC6ZFgwxbRCrQKop9YCwTxpMX2n5k_2BgiO2RgmL_LueNALIA-w8L_GXxI_N1k1Ot0SwMyO6Pn_K0qBg4P0GbUhUDvLO-jGWQIEC4WUHRjv33TdDhql_MAUC-0sXya8oUhz5CC8Ac6wlDYgF96U-LvC_i3yrgvCEmujCrAHONDZyINWh70F7B42HATfSaesJMsjIIcXVYFEKQMfSXeXve6U0_pEgywh1XPj1k5uK4zLhQtuHQnepYA-77g1cQmWEIDxHA-cENI6cBs3oZVauV5VV-_7NpdzaisXncR9LjEl1sZfDg-2LZAS74hk-ny91CjjE0U_co3_tl8hnzY8HVHU_9uCFAHBw6yVLn3PT0wnofDK8lAF38Q%2526adurl%253D&y=1&s=&t=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.129 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3d3161d771605cc743772a3ccc849afb69adee68aa0b4a8e5904a4ea4537198

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"15552263541bbf2f6ac082b419d02dc8"
age
4071589
cf-bgj
h2pri,imgq:85
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=BR2mGM%2FDK1tWKPjz4arSnCaKPKr1uHm9ulfiHv9JrrhH3L4mgP9%2B5fkpAv9tHhKHilqx30dddz%2FpZ%2FrBx2Buc2nLdObkwSD9PiMK"}]}
cf-polished
webp_bigger
server-timing
cfExtPri
date
Wed, 21 Jan 2026 12:11:11 GMT
content-type
image/jpeg
last-modified
Thu, 31 Jul 2025 16:33:08 GMT
vary
Accept-Encoding
priority
u=1,i
cache-control
public, max-age=315360000, immutable
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray
9c16b6729c90bbff-ZRH
accept-ranges
bytes
content-length
16320
server
cloudflare
2aed39855b5f46b777481d90b61d111f
pv.medialead.de/trck/epv/ Frame 3226 		291 B
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pv.medialead.de/trck/epv/2aed39855b5f46b777481d90b61d111f?subid=oneidVQqMswfmfJD4ESGCbHAtRt4bmHBSzTg1mcbxeYoneid__dbm_Netmix_Reach01_Mweb&gdpr_consent=&gdpr=0&gdpr_pd=0
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=672%2C490984%2C59372&b=YAq7Trf3f8GhGC9HetQt7J3ukS1TdRQUJePp%2CDZRPf3fwfMVkxFPCmH9t1tmMpPfxSmTYx5HXgwk%2CVQqMswfmfJD4ESGCbHAtRt4bmHBSzTg1mcbxeY&f=qxg9SmfWfwghKCgHDtRC7bqueSgTJwEhpjkb%2CdpJXtEfkfAwVkFVCjHwtqCj7zgheS4T5JEHJWpY%2CmQ9BsefGfxWbJUECZHZtQC3jptKSwTe9xfb2XB&c=300&d=600&e=&g=3fbd4c37d93d121fa71b338ebbb7f713%2F7550855424939657792&i=4631%2C188175%2C26474&j=16%2C16%2C41&k=0&l=0&m=0&n=&p=&q=&o=dbm_Netmix_Reach01_Mweb&r=1768997471030&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCIRSgXsJwaZKLC92QjuwPstzD2Qyz_Im4bv6BgOXUEvAuEAEgi8KYAmD1lc6B4ATIAQmpAqia_ovzqbM-qAMByAObBKoEtgJP0LHqNxFKyoY-FoZ4GShxZNvVu0e_Ft2-j7wdij2kPMbnjHPMDaYeiCUuzD-Jl8LCbAWuen6_VSQbGC2WciSeIJwV6PArmzkwE0tEI1VqrqasmOFJHQOLnIZ01juSmE6xvSTY8ct_ITJds1JRC87AJiLwdnpX2qRXcbOLDj0X8O10Mjj-q0Tx5iQ5y-muVWFKkRNhXiLiTtQEEUKax1DSG6LTtfSgq5c5TmtkrUfmI9jskNiEf23hmT8UjEEdSvd2R58IXDHg492rDBPDb3HsJfY2RDstoAGNfE4cjUxL8_NJVDEPjZTAzdPgYRM8sM09EhJN3MwA9CEzYclPut5YTXyl7chWdAOIOVkeJl2ALVl2HEV3zl4mPLJNb8xJMT9INxIqu0YUBXAOeUmh2KhcJHE_KAjgwASDjeSumwTgBAOIBcfIuetIkAYBoAZN2AYCgAfqk59DqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcAoAjf5rAEsAgC0ggvCIBhEAEYnQEyCIqCgICAgIAIOg2AQIDAgICAgKiAAqgDSL39wTpY66HFjs2ckgOACgGYCwHICwGADAGqDQJDSOINEwiG0MWOzZySAxVdiIMHHTLuMMvqDRMI8ofGjs2ckgMVXYiDBx0y7jDL8A0BiA7___________8BsBPfnYEc0BMA2BMDghQbGhl1bHRyYXN1cmYucnUubWFsYXZpZGEuY29tiBQB2BQB0BUByhYCCgD4FgGAFwGyFw4YAioKNzAwMjE5MDI5NqoYFwkAAAAA8NHyQBIKNzAwMjE5MDI5NhgBshgJEgLtThhNIgEA0BkB%2526ae%253D1%2526num%253D1%2526cid%253DCAQSsgEA56J1eYHTUqmPYNb0A2OF-hDObK5SfWyUjn-5xietuuGHoyjNfHqWMOqjufbfDrBI6bXrUMD3yy8weNWBIYxFemeNy65355L9F9IpS63VYDM_97XG80_6SRfQ_1ayh3AMHQQUgZqV7_1asaVp5WAvWr6ntsvF545NNUDckty1lbRvlAfDFeKJf9_oh1WImT4ovaARLH_A9VfTRAjhRurwQQh6AJUmPRA5EasC5veStZC5GAE%2526sig%253DAOD64_0WUBvqSk58KdX6njzG_VICx7fUXg%2526client%253Dca-pub-2181195710737927%2526dbm_c%253DAKAmf-B4vyWUs0MutfNchUF5KM1b-FLg17IpsB4aUPfUZnr6SaXJohxsyAxCbPa_9iOGMBuy_wktUrEQmpNTML5QIKnMv3OK4wyOYOm5SSB5GFjvLSK1Fibvq_iMJ4N51WT2hOD0hJYIUzEhwqECUnyi_zyy8FRymzbzu4MH7v2PATzXV6CWl6GZsg1x-xiM_3KzgrKzha5cFZ9AFTz5HwLIXYI4Y7Wf9Ddyn9IJ13BsUzMRTAJUYMu7wRQWEhDJ_FVmgHj17hqckAICwzX1kHWJl2GznyFb7X-gkJqpf7j0PzLhvZ7rXc0%2526cry%253D1%2526dbm_d%253DAKAmf-BTFpeZVTgcslED6B70kB7cCXGQWRC1gCogHddiCiwXWYP9r1028vrtqme1YGae3j0v0PV_5mA1HerTsY5dRofJ02A9Jwyb94Cd3NcCgaBpP3APoatuH3uhAgsHQK47ywcz0dpL7XR337QFIJ6eq6LYPG7IaPTj4i9uElvnltzHPFGulBBgEsKTg4hId-rgzJB76Onun7f_y9BLDQ0oOMVCbmmUDMb9MoKZD9M2F1Wo28gTZsrPhiceQa69ESISBMsWeT2dRVtJngSNwLpjIU_2gjayfJo76ZE445vjIv-46gKmMchMojrTUDta2uMn97n5IYrHTpR4ukIH6cVTZeLRc4q1qEb8o0EhQrnsuC6ZFgwxbRCrQKop9YCwTxpMX2n5k_2BgiO2RgmL_LueNALIA-w8L_GXxI_N1k1Ot0SwMyO6Pn_K0qBg4P0GbUhUDvLO-jGWQIEC4WUHRjv33TdDhql_MAUC-0sXya8oUhz5CC8Ac6wlDYgF96U-LvC_i3yrgvCEmujCrAHONDZyINWh70F7B42HATfSaesJMsjIIcXVYFEKQMfSXeXve6U0_pEgywh1XPj1k5uK4zLhQtuHQnepYA-77g1cQmWEIDxHA-cENI6cBs3oZVauV5VV-_7NpdzaisXncR9LjEl1sZfDg-2LZAS74hk-ny91CjjE0U_co3_tl8hnzY8HVHU_9uCFAHBw6yVLn3PT0wnofDK8lAF38Q%2526adurl%253D&y=1&s=&t=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.121.248.44 , France, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ip44.ip-91-121-248.eu
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer

Response headers

proxy-host
pv.medialead.de
access-control-allow-origin
content-length
291
date
Wed, 21 Jan 2026 12:11:11 GMT
content-type
application/javascript; charset=utf-8
vary
Origin
server
nginx
attribution-reporting-register-source
{"source_event_id":"17200573720105030","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
host
pv.medialead.de
sodar
ep1.adtrafficquality.google/pagead/ 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=237&t=2&li=gpt_m202601150101&jk=989187141825270&bg=!7u2l7aLNAAZjEgz9QxI7ADQBe5WfOGsTi1v4uaK6jXtJxyOZrEunuBK_8BEhmqOeedXzX2DQR6vI1NmA0BKcc2lecmB8AgAAAJlSAAAAAmgBB34ANhPdQYrbDdq5H6wHPL8BHf7UhvyMjMGgdL9TQ-GuD4HUqKtzWilnBWrZT5fzqtqiynFqxFcZTAoA1nVwAFsOx9SOZ-o_lxAaChEhgcJadraAhB1cQ5tRLDPp4lKos4lTdWdxawCD3cbm5Hqvq439cAngHrtCnfGxX9GVu4Rn45732AlxSLX7Gg7oj9D2ATeAZUyGnL89mji8HLTleUBOWJAcYgzfg6PQncigDuYa86g7q8n-UH53Y0aWEUF92whROXYHszJPVZNM0GHh6obWuC6AvCMXZMdrC9PtijRcmlAFIM7vqB85pK-TcVWF9dyNw5hlTJwbyi7-A2V8-tFPoM0iXuiHlp0_YDv4KNhIaGGZAnDbeIC3GTqYHPQ9FIbwxRMC8Zc8YuQy2cSRyqZ1s6KibiM4OKFhqDGxSm-tPXmgeegzHSQ-iNK7hpYMlkdhRGKblzGBD7YBGEXU0XzvY9yKoZOOdWUiHLMts42KOwnTINQ7lXaqLYSPD5AgqddhgzDpi0Hsvuon21exg08DCeqBf4juPIOPnfLLrLEnQz0IS0-a-g580dAu0y-wfW3yxJsLw-578eE_QfGIbYUV4mThiWyhfxf4WRVRJzH3eDggKHtxP2BqevBYI6NVKV9n9-VNylUY2zNoPXdTJ7bVys_IWHSDwkKS6rFUIo2kFA2hvExlI27UANPl6IMkv4LHfcAT7f5IB3IiL6PUZT1dcfhNRyklYZbN-yMJFMh7RhHOpwGaV0lzgDRYm7-fY2vRIMFwWw6MvKlhmsgdLO6QDO1b5lvNdC55RnaZ-7BGn7k336H75UeLpa8zbQehNqDqP1fhkeJ7ISBOx9ALkUe1reN0J0ekJm4HWTowS1kSRK3wIHBB_8zb6sAve2AKWKNFsv6mo4sSkVCBBSXIsUxsYk3to9HS3UblurivQYZMioSfNRtsyjIs5JqY9xwMNRhNbGyvn7AiHQvhuNGRTPIyz8Ch3tpYMjAaJVGIuPIEsE3GlPcP7vu3B1HK0yFIojIQgE5jAL42woBr6JI1klz2Yqbu3dHr1zLMhIL33ZtzL_dutL0qY34Vqo99StrmNEKqH2rydNVBLbKK2q3nnqh9fiiDTgi17_bVEQbymKuDthOF-95wm0UlHIbKgDvd_kc_05ze-xFy2bisNItYCkGIzIW1dOyDXSnlQ3zbTcw7Kko1S8Y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-aa-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://ultrasurf.ru.malavida.com/

Response headers

timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:11 GMT
x-xss-protection
0
content-type
image/
server
cafe
activeview
pagead2.googlesyndication.com/pcs/ Frame CFD5 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssNzAtFFJNtS0Hd9JGvbaHuvynNQZfACCplV6HB83oCU0-JrzSzv9nGGzubnuyMyy4Ca78tQPmBthNpq_RvOQKTggWIOHlusFoYh8xO13qqkfNWNscVejzv22N2FrWsSCWnyk51b4CFj5iUg6eeOBEryuUZuGzfjSg6DpjHlwg1kPsK72I&sig=Cg0ArKJSzDr18hLR9SnbEAE&id=lidar2&mcvt=1000&p=272,315,522,1285&tm=1006.5999984741211&tu=6.599998474121094&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20260107&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=581081947&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=6493027000&rst=1768997470634&rpt=234&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 21 Jan 2026 12:11:11 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
activeview
pagead2.googlesyndication.com/pcs/ Frame 5EB5 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvFGMKDsV4hzBT-kljRK0bN9414jzzWMdLOkRhcd7tw5ngI00Dvh5mu1_nprugKg46W5ufS47ft9lAU2vEUSuj2Rua1dXmdMv-uKX3XeTcaMhZdlA0WDLdo6n1YeoutzgMBN-z1q_qvA_jzMuOuC-MePFaOtK3TWG_o7U9INQWcQd3vzsw&sig=Cg0ArKJSzC8BYyEPeTqGEAE&id=lidar2&mcvt=1000&p=967,220,1217,520&tm=1009.5999984741211&tu=9.599998474121094&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20260107&bin=7&avms=nio&bs=0,0&mc=0.93&if=1&vu=1&app=0&itpl=20&adk=491449773&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=6493027000&rst=1768997470653&rpt=229&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 21 Jan 2026 12:11:11 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
c
gtrace.mediago.io/ju/log/ Frame CFD5 		0
39 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://gtrace.mediago.io/ju/log/c?tn=41b6e88a2b85b0e731ef8e73e5558712&trackingid=b37b648af8165f20b7bd525692374c43&mguid=&c_sync=1&app=vimpLog&ext={%22name%22:%22REAL_VIMP%22,%22vimp_elapsed_time%22:1259,%22time%22:1768997471893,%22intersectCount%22:1,%22intersectErrCount%22:0}
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 21 Jan 2026 12:11:11 GMT
content-type
text/html; charset=utf-8
ic
trace-eu.mediago.io/ju/ Frame CFD5 		0
121 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trace-eu.mediago.io/ju/ic?tn=41b6e88a2b85b0e731ef8e73e5558712&trackingid=b37b648af8165f20b7bd525692374c43&acid=32647&data=_jMFaF2aLO4Re0U3kKOAZ9B2ppgGsjaBu6rBUw6KN5cCVt0mB-rLEcVugeJ-RBb820Sfr9WcqjnNDi5bGD0Gf8Ys1Qg-o1qyrJFswqNzTyyWXbPerx9y7bvz2mGlvTWFtfWHe92Cu_O7LpdXN6xuyJ1lNX74Qh54wA-MzTXQljGjKNohVtf4kfNUhUb6LTACo8SG1udXmO_1AZxwVx3vt5PlI3xQlU9q_QS_aYAnAqaON6X_eHxYGZU879jilCcbCHCL8yYlSzzaT4T7G48qxUnWuiuRehCLSPjTqfm1EeXeQa-Ryrit2-Nox-inv4fTc1MButvOF5lfR52XF42WxLbwWi6j7MiY1IDrK9xJ4b-Nxxhn7sWJOqs1iw0Uv5EUUYPuLNimHUE5gpf275yXTicBZRdw8CPCx_R6TbcvJxv1peuRSi_BCWKC-MV_ByZk4kaSoGEdxj61Yfddb1j8qeK72F0e4XUqiQZDDSpRBxIGhGeCaPiqQvZtb_wRwI6Q-PPY-x8BgBiiwVn9_61ckRz9fme-On1CdUcr_QL2Dh40V6eGEENf1p4goD2S8s01PK8bCIe4mvG6Wmt4azT0rCxS90ghcWTvsCHFIU9JqJbaYK0iL_g4BvCT8gsrMWIqAKlUBqaVhxwcONTi1yrgWzg0X8er_V7SpQDKKSRC81VUaYMs6Nn1sbexHWexmrZMboloNg7Yw0irNpNoKITxai2KnrdnLyVOvoHM21r_0GCKYjWnbFCaanF78XfXTwM7IYeL-TnmswHWce08F4pQcoLapSuh7-XLhqec0ieHFz7bKq_LzOxGIroHEmWM_rSJ5NI7Jw0sR-NlnaPQPDAdHIByTyO_HF7cxGBkWPQp7GgTkgviGi6zrqgxc4uQtCroZzg6pa6rR1NHGPOLJaLGYnKCsSKE0fULgVLVOqLLDGj83bUYVytQ3Cs_8XkS0b_gATCEe2H_YUObPTQcY8vj26zTtm54EldcTNT3Ww8SXYU3hhP9GG0TazRdgTu2PFyWvFWwSq_gpm_TgfuwuOAGgX5KKEprAZcTXLo91pzngfb8asOgW_mSG5dGrZY6YegQIynsPTxi51vOwIp2OFvfyVI-jUBCuVox5A0Jzm6SfGMr75JVT9QRkSlGxVom3yaOEO7bebx39urt4ahMNXkP2QcH1z0xARNih6x6-PeHuOQeYl8pFFH9tTDSz-cX_Pr4ba-PROYlAhjJjeylggk8Kfnck4U1sfI1wIX0T1PjQAOGiX6obB3k5WI4VBteUgcdFd8NYmAUwREfxD_qtIUCwxjg_fPIqIux09kIo-dIYfaI1zH-WDaX_zgpY80QL4AEHfcB0xK3macbPWTAd3hmaUOlE-8g6HXikXEk3NRt4vmsn3x9zXBoaHYA8S9tv94AwnfNFXBEMb5gv8MW8tbQwftK_53R3CjwPx_sajCQzD-BxrVawO0dlUTPIDmH-p64-YgxGFSM9OiK93rw91KKhTlTavSEvMw6I55pFRND-M6Hqu1keZJBpbpAvcPmwiVopZiQYrRhfVS7FyQtzoh0fiI8cCUh3oPt0L9DJbcqWKrH4EbGMHc86xeo70vSMsBlgXpho9yc87cKOz6a1waaxrLshWPq8PgiShgZQiTSXOg&uid=mid_c0395bf745939f23b86704e2b354c6af&mguid=&ap=0.133654&tid=4&c_sync=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:11 GMT
content-type
text/html; charset=utf-8
c
gtrace.mediago.io/ju/log/ Frame 5EB5 		0
39 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://gtrace.mediago.io/ju/log/c?tn=41b6e88a2b85b0e731ef8e73e5558712&trackingid=bcf588586dd7c0887c0336313a2d7761&mguid=&c_sync=1&app=vimpLog&ext={%22name%22:%22REAL_VIMP%22,%22vimp_elapsed_time%22:1240,%22time%22:1768997471894,%22intersectCount%22:1,%22intersectErrCount%22:0}
Requested by
Host: 08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
URL: https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 21 Jan 2026 12:11:11 GMT
content-type
text/html; charset=utf-8
ic
trace-eu.mediago.io/ju/ Frame 5EB5 		0
121 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trace-eu.mediago.io/ju/ic?tn=41b6e88a2b85b0e731ef8e73e5558712&trackingid=bcf588586dd7c0887c0336313a2d7761&acid=32647&data=KbTsUXrKPItYeITxsxloX0wPqwiKd0xgmOc4re8eUvdtbCV8WM6pF5basLAIEW6RdXVgqvwlNMGPWrgEdHB8LDHhTn_Fxb6QrkTRJSyP41KstcGI_2Yw1zRoqDWAsZdKmfTmnXR_zii6QcixR5I7TRNXxhe5SpfMJn0CArG03QNxEniNlHZ8jkYRwY1Y6ajuHYJ0W-UjFkvz3dVPOBw-uvyIlKGQgPlh-9oyCZh09Hdr0Qo1Xv49hbuQVJ-HLF2cBs5Q8ZWJBZlsihYlSDpMXQbiGVCHVQ1AsVZl_cVuS1u6Ga3ZCdZ7HnuDrCqwKuvEzvsOipvbp3GUxfMg8EwKO80QcXgtNgcho8YYc1_UckuqtfbEPnCMlzP2laYmbtHtCjJ5yDI2sb5z1D91TupYh9CqE5_09cIgcPu-_UvrdHRFCxL6MmUD__JAdcJQdmRVDVtrj7eYOwIhZmks1Ozn9Ni8fUtQjmW0ll6WxpbF73ga38E9taZ0UqExZltvMdwnaaEihw5rwePuvDBfZBP36CQoPUP3FccOsNW1Nd6qqv7mxLx31tkeVcF9VZnq7RTl4_PU4kAKJ9R2PdZ1msbtgwOZb_jbiPhNxP3OlVKtgijmspkg-OHwQJw0KxKuJdRBQg-OnIKviyRSBR3PhZfoIZe1_M40wEhWvZYxUzmm9sLrpHBWHQl_X_jg0A8n4C3xEimpfF6morM0oxRih1makT2MZCHyDc4raYycB-1XPJCG-VasbCqopXmR7uhFgUR-Wm3CmFFgo6hh-XblZoJD0vw2SRXGAPsbalAmvQocaGnjYYm1GTiW0bpkztCFsDKg-ZIlCrwV-Q09XXspYwlAYaWqXm5G1iiFd1vdpPh_PCZPFo5S_Rp1Ig6XaM0Cr8VWCctVFkjhkmvjgdLjBOUrTnrZ6NK2daO-XSZLMuJwPAUmjJlEZ4hfJNcIA7uoXsYA_gh0FreMEDr8X0RXlZBbFArmJLVT4ly7U_UizDDkw17cpkTfyW1-RYlPFvHoZiaNtHIR9OSsctNtuwytn7iR-KW6OyQmk-MpWU1-tSsZH_xCqcWxmm8ebMPgoIdh8asQipAplA-bpgYiZwpjV_KbCI0nExFdfM_f6yy5fZNa_m8X0CLsgMn7AdYNgE3Guc0BjkAbO9BTX_mtiQ_Q6H1A91wUqDJIKJ4ANWAE7DW2GqOUCgufZLLtorqh3sK5XnEzPcBb-fiwr6FP8DHCb14bEGcVD-9ExVu9_KXI6ItZePwcFBW8oi2N-xUr8eT-A_QEBvxY9xo1BxOp7VcG_4zJVBDtHpfqkg-UgBJYt-xqu1MqrMDK8hh2ZNzQ_TYOSxj5nw-zSvoke7U4MbdoIMN7EwWL_7yXX55PDY0htHRfQCjg6CPooCQgNgWvZgxcxvIYc0qHObXDYt0GH33saO5CCvXKW2yGfBiV3KOUXIzMaKB6ZGsdKKkEtclsUAk1OX7a6-gTKbsj1T-GzCvd8Z2GJXyYKbnJhAwNalCW85vgWZw2pD_GhKu1S2j3swnJLqmpgpahMdk2VtkLknyOeA7OZmt2ds9gKewE6ISiGPp22AyFuKay1U2ysTkqEcjup9_KGxKApPLlbGClWwAkK-uYWVN0rmwvZmx5w9e4xqPSGg0&uid=mid_c0395bf745939f23b86704e2b354c6af&mguid=&ap=0.035092&tid=72&c_sync=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.168.80 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
80.168.214.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:11 GMT
content-type
text/html; charset=utf-8
gen_204
pagead2.googlesyndication.com/pagead/ Frame CEEE 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3430157400450&version=m202601130101&ct=77&x=1&cor=4726720178563546112
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 21 Jan 2026 12:11:11 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-DHF0S7H5E7&gtm=45je61g1v877222445z8867895757za20gzb72589808zd72589808&_p=1768997469833&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma=0&tcfd=10000&gdid=dMTc4Zm&cid=847096965.1768997470&ul=de-ch&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEIAAGQ&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115938465~115938468~117041587~117091819~117171316&sid=1768997470&sct=1&seg=0&dl=https%3A%2F%2Fultrasurf.ru.malavida.com%2Fwindows%2F&dt=UltraSurf%201.8.1%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%BD%D0%B0%20%D0%9F%D0%9A%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&_s=2&tfd=6078
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DHF0S7H5E7&cx=c&gtm=4e61g1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://ultrasurf.ru.malavida.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:170:0
report-to
{"group":"ascnsrsggc:170:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:170:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://ultrasurf.ru.malavida.com
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:170:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:15 GMT
content-type
text/plain
server
Golfe2
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-96K7KT3ZPX&gtm=45je61g1v867895757za20gzb72589808zd72589808&_p=1768997469833&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma=0&tcfd=10000&gdid=dMTc4Zm&cid=847096965.1768997470&ul=de-ch&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEIAAGQ&tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115938465~115938469~117041587~117171316&sid=1768997470&sct=1&seg=0&dl=https%3A%2F%2Fultrasurf.ru.malavida.com%2Fwindows%2F&dt=UltraSurf%201.8.1%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%BD%D0%B0%20%D0%9F%D0%9A%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&_s=2&tfd=6081
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-96K7KT3ZPX&cx=c&gtm=4e61g1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://ultrasurf.ru.malavida.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:170:0
report-to
{"group":"ascnsrsggc:170:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:170:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://ultrasurf.ru.malavida.com
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:170:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 21 Jan 2026 12:11:15 GMT
content-type
text/plain
server
Golfe2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
captrader-tracking.de
URL
https://captrader-tracking.de/zanox-captrader-htlp.php

Verdicts & Comments Add Verdict or Comment

93 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| dataLayer function| __tcfapi object| NSMv object| slotDefinitions object| slotDefinitionsNoPrebid object| googletag function| defineAdSlot function| filterSlots function| objectToArray function| getSlotPath function| sendAdRequest function| sendAdRequestNoPrebid function| addLazyListeners function| initAdserver object| didomiEventListeners object| didomiOnReady object| CheckSo function| fitTextDownloadButton function| removeNextSiblings function| loadDynamicReq object| gExecuteOnLoad number| gJsToLoad number| gJsLoaded function| downloadJSAtOnload function| execJSAtOnload function| showPopup object| didomiVendorListCore object| didomiRemoteConfig string| didomiCountry string| didomiRegion object| didomiGeoRegulations object| ggeac object| google_tag_data boolean| google_plmetrics object| google_js_reporting_queue object| webpackChunkDidomi object| Didomi function| __uspapi object| DidomiSanitizing object| google_tag_manager object| google_reactive_ads_global_state object| adsbygoogle object| didomiState number| google_unique_id function| onYouTubeIframeAPIReady object| gaGlobal object| criteo_syncframe_state object| criteo_pubtag object| criteo_identitytag_163 object| Criteo object| Criteo_identitytag_163 function| setCookie function| getCookie function| OnButtonAction function| LinkMediaKit function| LinkControl function| TabControl function| ButtonOnClik function| mediakit_doubleclick_select function| createXMLHTTPObject function| makeHttpRequest function| makeRequestSinc function| makeRequestAsinc function| pageTracker function| OntDescCountry function| closingEventsPopup function| hideShow function| hasClass function| hide function| hide2 function| isArray function| show function| expand function| colapse function| collapse function| showIdHideGroup function| initDateSelects function| launchEvent object| $jscomp function| getLang string| gLang object| userManager object| mv_box function| loadCSS object| GoogleGcLKhOms object| google_image_requests

24 Cookies

Domain/Path Name / Value
.ad4m.at/csf.html Name: userId
Value: -p2f3Eaknq4hbEAoteuloee34JnSx0O7
.malavida.com/ Name: PHPSESSID
Value: 67f701162cf1bc9588772c22416ab489
.malavida.com/ Name: _ga
Value: GA1.1.847096965.1768997470
.criteo.com/ Name: uid
Value: 16a9804f-a607-48af-91ee-9bde89fa3c06
.criteo.com/ Name: cto_bundle
Value: czFXWV9CNUtVQm5UWU5xZ2xKSko1RzhNSUdiR3BoOWFHa0ptb01xNUJFT3FJQXB0cTBwdXZDaGxVczc0dFYwSnJNSjd5Ym11WlYyZlNjVmslMkJQeGppTzI0aEs3JTJGbTVIZDY2WGpoVWZNR2hPdnUwVWhodCUyQnRQbm5uSE9MR3IlMkJ0YjByVHRucSUyRkl4UDFVSXlxT3NJRmNrWnlkOHJnJTNEJTNE
.malavida.com/ Name: cto_bundle
Value: vmLMoF9QSjVjTWFmOWNENzJTVWJHNTM4dDJzM3F6cThpUWZpR0NPdTE3VU5IUUt4ZyUyRmZtR1BNdGQ5UkMlMkZIMWxwYXA2UURHZVA4azY1bWFIYVlzeUEyZXU5R1BobDRCdEZKSWdWRGVhaXJsQ01yMERIMDg4Y2FiJTJCJTJGYlVNU3dBNTh0MyUyRmxQbyUyQnpnSGFBcVVvbHd1ZlBpbjVicHclM0QlM0Q
.doubleclick.net/ Name: IDE
Value: AHWqTUlb_dVTGk3akfQ_R3GY-U9f2n3b9b0PQ8aGHhF6rNUo3cdeBJ6HvC2R_dqc
.malavida.com/ Name: __gads
Value: ID=e972f42d000a6edb:T=1768997470:RT=1768997470:S=ALNI_MadwY9uOp3POG_c51dn5NXvkOCDRw
.malavida.com/ Name: __gpi
Value: UID=0000132c171f56f7:T=1768997470:RT=1768997470:S=ALNI_MbTy1502FnyPvuFEiA9HhtjFOkIVw
.malavida.com/ Name: __eoi
Value: ID=15cb76a220a3adc0:T=1768997470:RT=1768997470:S=AA-AfjYnLZF97O-h7pFcUIFbrjE7
.malavida.com/ Name: _ga_DHF0S7H5E7
Value: GS2.1.s1768997470$o1$g0$t1768997470$j60$l0$h0
.malavida.com/ Name: _ga_96K7KT3ZPX
Value: GS2.1.s1768997470$o1$g0$t1768997470$j60$l0$h0
.casalemedia.com/ Name: CMID
Value: aXDCXrmqPSYAKPvIBVX3AQAA
.casalemedia.com/ Name: CMPS
Value: 2217
.casalemedia.com/ Name: CMPRO
Value: 2217
.doubleclick.net/ Name: APC
Value: AfxxVi7QFI68xqWNQIdoaKdajPAUe2eV-5--FrbbJJa_BhWP9Fc1HA
.googlesyndication.com/ Name: __mggpc__
Value: 0
.doubleclick.net/ Name: ar_debug
Value: 1
gtrace.mediago.io/ Name: cst_70
Value: ts=1768997470
.mediago.io/ Name: __mguid_
Value: c615b23cdd2d9c7b2znzlj00mknzf4es
.awin1.com/ Name: awpv11795
Value: 412871|1768997471|464f0f01-f6c2-11f0-8c8c-2264014e280d
.awin1.com/ Name: awpv9145
Value: 412871|1768997471|465613e0-f6c2-11f0-aacb-22312b4a6047
.awin1.com/ Name: AWSESS
Value: 320355:2026324
.captrader-tracking.de/ Name: CT-ZNX-POSTVIEW
Value: 1

4 Console Messages

Source Level URL
Text
rendering warning URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0508F11541B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
other error URL: https://ultrasurf.ru.malavida.com/windows/
Message:
Attestation check for Attribution Reporting on https://ad.doubleclick.net failed.
rendering warning URL: https://ep2.adtrafficquality.google/sodar/Klz6NWr5.html
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0101900541B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

08d943b0759022086cdd7af9ef02c6c5.safeframe.googlesyndication.com
ad.doubleclick.net
ad4m.at
as.ad4m.at
assets.ad4m.at
captrader-tracking.de
cdn.mediago.io
cm.g.doubleclick.net
dsum-sec.casalemedia.com
ep1.adtrafficquality.google
ep2.adtrafficquality.google
googleads.g.doubleclick.net
gtrace.mediago.io
gum.criteo.com
imag.malavida.com
images.mediago.io
mug.criteo.com
pagead2.googlesyndication.com
pv.medialead.de
region1.analytics.google.com
rs.ad4m.at
sdk.privacy-center.org
securepubads.g.doubleclick.net
static.criteo.net
static.malavida.com
stats.g.doubleclick.net
tpc.googlesyndication.com
trace-eu.mediago.io
ultrasurf.ru.malavida.com
www.awin1.com
www.google.ch
www.google.com
www.googletagmanager.com
www.malavida.com
captrader-tracking.de
104.18.27.193
142.250.184.194
142.250.185.194
142.251.141.132
142.251.141.66
142.251.141.97
142.251.208.2
172.217.18.6
172.67.74.129
178.250.1.12
2.17.100.203
2001:4860:4802:34::36
216.58.206.34
216.58.206.65
216.58.206.66
23.197.133.195
2600:9000:28eb:4e00:5:b7cc:d3c0:93a1
2a00:1450:4001:80e::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:81c::2001
2a00:1450:4001:81d::2001
2a00:1450:400c:c0d::9a
2a02:2638:3::28
2a02:2638:3::d
2a02:26f0:ab00::5c7a:d721
2a02:26f0:c900:b::5f65:4a0d
3.174.46.44
34.111.133.51
34.111.60.239
35.214.168.80
91.121.248.44
010a80a91f952f506cdc499728a16703e40ee767968aebb74b03934716375c73
027516bc4cce1fde8f3d9fdd22af985efb202ac84d7ce5631878c3c13cfbb0aa
02dc1979eef04e794fc219c0b2ad305f6a96aad360a0f64fe90887aa592fe972
0372ba8da9f98122575994fca6d871f0181a8e25bed462ec77b0eff3fa6b3f3b
05329290613112ac35da62f2e34aded5a6ad39341f39a9089c99eb79d2a5b904
088791e91745f7dcc007a27e99406c69e335499320815bede2212c4dccbfe9a2
0b3c00ee50a09f431e0b030299d6790fc1a7da6f0f49bec0cbf1319080e259e0
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e1216ce6e663b5f558e19ec43a9575b45d9b4073c9482263676859f0bc3885f
14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966
15facb0e9eeabb8d1160057069dee2641fe4d5ddcf900a3186ada9ff516c36b5
16ccb6885c57ade9c1d9d78c594d2fe38dc6ee9ee734f3e6e7e794780d904064
174ae973f0db984de5db88208b2da2c4d005d97a3fb19a6870fa157f497294a6
175ab4db36c48421fb1868cf5d9af547f757560d2b04402658eec706fd9a4f10
18e834cc219d24f39e74a56d70342b12b371dfef33b850f34f26d0fd6e747411
1b124e97a4cbc503a6c842ebf9a518eab5ea19e118f67810fd307d2582c762fa
2530bbed403adfcece0e7e27031cc424e74e461aef7b771db98eb161b702d143
2a5cfa356af90e4dc14d89477463deb2c098c826ebc6d74c1577eb3d5973cac9
2a92ee45268ed11ec62c796691b219f26003e5df558fb7fdefcdbc447a68f806
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
30c9cbedbadcbf5e0730c35bb27c6bcddcb47757f94bc6872c8d043da4c6fe10
33b5dd65f0c9078562183fb6981d3cc473e1b83bbe35a68e5740c9e56bfcb599
33f2d8dbaf0d45811ce7854506bdec22ff1f4d5d3304f7de96ac7ec42b41daac
34a98604b4b7a00a71a261980cf629591174f8e717fd078577b1fb04ed357d8b
35732258dd77b93ba2a526f953f112f6bdfd3a54104c6cab6e5585082200de23
37c1eab56ef3e39c2b424ede5fcb062777e5439058278f9bc71be67c341a7122
39393f0cbc55d34a840ef42c3ffc3db25f71bd87b717f79a30a4aefccaec23dc
3949935c038b8bd0f86cb54461c44c1b13bc840cba1770fd663fd37fd3298b94
3d15b8cf878d31b6deef7216e09874c9d612e3940831ff5d236af10f5397908c
3f2bbad96cc72e8481aaeffab83d88a169f74023e8b86340888e1959261a9bf3
42db8f8af00180e3e012a2f2d86cd50413b1fc53eaacc38f2e625429a243ff49
44ed96f6dbe27d5722a25600fedee3ee0dd2203faf27f6ebb6152fd2212584d1
4614be8a1ce5f76283844f9d433584183b4939e5544f9cfbb723f4ab5e53ad73
4b736f78ad00a312a79339feb5dd33c12a683fb01f9c4ca2c561bd8e81a6043f
4c95e84767aed248594e7d485707c7ed904fd2fe4ec3ea98687fc2de59ddf231
544a7c9a6a95f0e47a5828704b5fa937e705995b676b16ed6f65f75f2e75d88c
54573654901c495ecf67cc8ffd30108dd6f3a3c7332fd4dba41ab13877b75b8d
55dddc6e66f277fadab3653c8b92e0d97446f713bf116c024c34f57f59ea4bc2
58105cd67fb85ddad6a4a6a6b26fe86371e8d3c85bd4a36dd7e21325ce29c5ab
5b73d1f909925a4f2258b46d5ad53ada2d749d3905f3a8f95adbec741f678b6b
5ee2a16d4f8f9629ae75e0f94473f8601a4e0bf9527ba4467a094926e0947505
60ab8cea2718c7c468e087adeb56ef9242b8b0692134ccd90d44e36a34b65ba0
60ac96ebaeea612414283d9efad61fb01673133de7f9bb7c21a5314477a98938
612b10fc1032d1e36bb340306d562007b9bf47d6b856e713afa9184d45fa4766
634c3052c0b5a2f0bc1054d2f2916081be03b5c6186142c1aca04b10ba886ab2
65e308187351398e32580e3c7a416cd281216d02ca28b4cdef13ca884f1c2663
705a15586e0a0604a603c44585dfe8464e6709e4b1bdf1d1f665ecb10830de43
7120fd9ed57bb7adcc067011568bceadee1c5c0dcde3a47f58c5900bd9dd29e2
7151e0c3cbcb15872e0dcadf549d2dd11fdeb49d8273061f9e2664ede11536ff
7380f53ddeccd51acf15a6899f7bed4adb09af9851e3646a050980dffd12de1f
73b6bc92bb30d26ac26c7f3eccc350f2694260c064cdaf588cdd945a642b16f8
781e05d01b508e51712f84bb69bd36ef55513d6ec0a856208553706bff81b393
7948bdf84fb9c477f4d145f2a0a2fd3b841a43f5fd35091e0a333e1ac2833982
7af42833fe72920ddc9c589dfe92b48ffe7dca437f22d49b841a4c9354910b85
7c2a319af282b5ae2ed151a1daf4ace7f5d041af58157b8fd7c27974bf40187c
7f15ca4de76e3b2dd630ee703a3beaf25c76d54e65007d6573a15ecb3b6be3cf
816003bdda801ce731619821a41c01cff207fa53ade03fc51251b8388cdd5311
8263d975082ced2d2166dbe86443ebc6bf3842a5543e68cfb1b66a907a249a9d
838c7db1a0e584544bb0b2bee63b503935fbf565156a2d55f57386f48e40fa64
85823cba4758cfa73c31b34b0ce554e098faea58cd04198fe5603aabb35fca60
915b03c72aa710d3ad578d0899d81200b357f685c0dbd680d775b9f65e235818
92b25fe61ad8f0e1bda3b0714abf408a6d06e0ae91264f681ea12ea912e2dbb9
930ec3cf0d87dc0253b5896dde84893138a93fd24aeedb864e8ab825b68e5666
9ab87f3c8dc0f030c795947971f7ee5aabca0389c1beebeef24efd06a1740fe2
9b1f7abf40a474a2f37af56ef970deda9b302d20df41fd43fce91e912aeaa6cc
9cae52c5023b0654db37683c7022bdb768967d0a047b26ee0d6554ab86c3497e
a09179dd962df38a01440ce2e4748c37bd832fe1ac2f65ad974490a89d63d129
a26c333422ea7ccfef07e917fab757bf7fbbff82f2200664aa5537a877888555
a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623
ac717ebd92348428353e1e0166042fa0f0f760717cbd6a82ecbb14eb55dee7f9
af5c498573363202188dde45141cb31eba0b6f3a8333ef55ad78d712ac1ce88d
b00a240dce96a9bfba04da7cc2ba03075f133bed46fd2fcba544cff966f9897e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1c17de4951938d0ef7d99131d2feced071c694c3bec690e3917583543d0686b
b323aef985ed419145e834e6b857cf4fdadf3cb51b1adf116e82e20a1ef1a093
b56e0f67fd7cc1e3bdc28d2b8e9354c549bbe3461d8922e7bcbc025b1e972f17
b57ec7cac5e50ba68be1ddc356ab6791681f07e0672f41e71c02f67a5748ba25
b5be31e4aa7df6849f50ddbb28aa3be26fbfe3a6e49a5e56f1938b3c1ddd48da
b63acf295d63d201639bf7171cfe1d6e52f81677de78a735442cb94a705cc0ab
b6c566e7e15cd7f1bfd157b5fe67f3a4f6d3767fd339bc52892a106eb4d5d31a
b73c8db9bd6fc0562c0d8cad131ca8eab44ea6e508a6bc644564259ba258bbff
b820c8792c3c4660141a46a9186eba88b0e2acd588314690883c4652e52ad33c
b8e43178e9e861c298b0fdd4adc992abb3171fcee35d64e4aaafe56fae768147
ba41f6ce1e0a774e4f5227e4c3d385d92d58ba4705d6b046b35e9805569c4c54
c3d3161d771605cc743772a3ccc849afb69adee68aa0b4a8e5904a4ea4537198
c48df7eabc67d1aa32d81b35c80e9af38a60a09fa6ae80772b161fec4d6fc147
c4e9be1d0ee744cd18a0ac440cbc385ecad4ff27a60f2a7ca3160de280264ca2
c9f15254b4c4d69bb19ae40865eac4cb7f3648afa3dc38430a75fc16693f1fae
ce5666de657b488a077bcb5da6707273520dd952c8c655ddb13ced7148683c58
d4e361036ecce0cfdc797a986c58868852551b578d54e8655abb79ff31711bc0
d8c4a52433105df7c7c19f549be4679a045df1190715d2767fb69340f8faaa95
da4c854d593f264e7ac22708ce005b9c42070a8d37b1c3f6dbda55f53a3170b5
e002f5c614e8a08afcffb7b25be6a11316dfe75b7ab60b309664f8f9245d167b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46a71b2896a426d6f658a1749560de4de5dddb0af9f8416a733374e5d32dedd
e605914cb21bbf30ac8f93827c386cfb3c2c63f434c8315dbeac1048116615e2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f058bd26e983ec155b9a1b45d1679401a7ea0c01735bc4fedc75f9bc220a9794
f1695017f435e12919bad7772cb669d49836f08d4a6339d42dee40727412fb8e
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
f7eb2e945f83424dfa06ebf3e81f5f7280be4747035b9d6cb2904db7924bca62
fe909f859770570cd3560104a668729d8fa2e90e88c83c0f791fec6778859ad2
fec5a361dec923efe92848ca27b02b158b164380a9eaf6cc1625e08e0d9c101e
ff0052a7ad0afe1b6718d0b89256596e783d0bb3116ae98392b455bf27d99701