mafiacorruption.give5.pl Open in urlscan Pro
213.189.52.246 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mysterscience.com/
Effective URL:
https://mafiacorruption.give5.pl/buzz.html?qid=ali
Submission: On August 25 via manual (August 25th 2021, 4:14:45 pm UTC) from CA

Summary HTTP 123 Redirects Behaviour Indicators

Summary

This website contacted 29 IPs in 6 countries across 28 domains to perform 123 HTTP transactions. The main IP is 213.189.52.246, located in Poland and belongs to ECO-ATMAN-PL ECO-ATMAN-, PL. The main domain is mafiacorruption.give5.pl.
TLS certificate: Issued by R3 on August 11th 2021. Valid for: 3 months.

This is the only time mafiacorruption.give5.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	173.239.8.164 173.239.8.164	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
2 2	173.192.101.24 173.192.101.24	36351 (SOFTLAYER) (SOFTLAYER)
2	2606:4700:303... 2606:4700:3036::ac43:9acc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	213.189.52.246 213.189.52.246	57367 (ECO-ATMAN...) (ECO-ATMAN-PL ECO-ATMAN-)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2606:4700:303... 2606:4700:3031::ac43:81ea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a04:4e42:3::485 2a04:4e42:3::485	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:801::2008	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
14	104.19.133.78 104.19.133.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
2 3	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
12	104.19.132.78 104.19.132.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	13.224.96.37 13.224.96.37	16509 (AMAZON-02) (AMAZON-02)
1	2a0c:5c81:513... 2a0c:5c81:5139::2	55081 (24SHELLS) (24SHELLS)
1 3	23.37.42.132 23.37.42.132	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2 2	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	104.16.221.74 104.16.221.74	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	35.156.90.40 35.156.90.40	16509 (AMAZON-02) (AMAZON-02)
1	8.2.110.24 8.2.110.24	46636 (NATCOWEB) (NATCOWEB)
2 2	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
1 1	109.206.188.82 109.206.188.82	50245 (SERVEREL-AS) (SERVEREL-AS)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	104.19.217.61 104.19.217.61	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	62.149.0.72 62.149.0.72	15497 (COLOCALL ...) (COLOCALL Internet Data Center ColoCALL)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
123	29

2 173.239.8.164 (United States)

ASN27257 (WEBAIR-INTERNET, US)
PTR: icsvm3.webair.com

mysterscience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.192.101.24 (Dallas, United States) 2 redirects

ASN36351 (SOFTLAYER, US)
PTR: 18.65.c0ad.ip4.static.sl-reverse.com

mybetterdl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p226681.mybetterdl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3036::ac43:9acc (United States)

ASN13335 (CLOUDFLARENET, US)

654.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.189.52.246 (Poland)

ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL)
PTR: web37.mydevil.net

mafiacorruption.give5.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:3031::ac43:81ea (United States)

ASN13335 (CLOUDFLARENET, US)

buzz.give5.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 104.19.133.78 (United States)

ASN13335 (CLOUDFLARENET, US)

jsc.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
servicer.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.19.132.78 (United States)

ASN13335 (CLOUDFLARENET, US)

s-img.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.96.37 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-37.zrh50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0c:5c81:5139::2 (London, United Kingdom)

ASN55081 (24SHELLS, US)

s.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.37.42.132 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.65 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.221.74 (United States)

ASN13335 (CLOUDFLARENET, US)

cm.idealmedia.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.90.40 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-90-40.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.2.110.24 (United States)

ASN46636 (NATCOWEB, US)

sync.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.242.197 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.206.188.82 (Netherlands) 1 redirects

ASN50245 (SERVEREL-AS, NL)
PTR: 109.206.188.82.serverel.net

sync.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.217.61 (United States)

ASN13335 (CLOUDFLARENET, US)

cm.lentainform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.149.0.72 (Ukraine) 1 redirects

ASN15497 (COLOCALL Internet Data Center ColoCALL, UA)
PTR: 0-72.cc86365-03-tmp.cc.colocall.com

sync.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	479 KB
26	mgid.com jsc.mgid.com c.mgid.com cdn.mgid.com servicer.mgid.com s-img.mgid.com cm.mgid.com	320 KB
13	doubleclick.net 1 redirects googleads.g.doubleclick.net cm.g.doubleclick.net	74 KB
13	give5.pl mafiacorruption.give5.pl buzz.give5.pl	220 KB
7	ampproject.org cdn.ampproject.org	125 KB
5	rubiconproject.com 1 redirects secure-assets.rubiconproject.com eus.rubiconproject.com pixel.rubiconproject.com token.rubiconproject.com	11 KB
4	google.com 2 redirects adservice.google.com www.google.com	1 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	2 KB
3	googletagservices.com www.googletagservices.com	102 KB
2	adsrvr.org 2 redirects match.adsrvr.org	904 B
2	bidswitch.net 2 redirects x.bidswitch.net	857 B
2	creativecdn.com 2 redirects creativecdn.com	687 B
2	adtelligent.com 1 redirects s.adtelligent.com sync.adtelligent.com	1 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com	41 KB
2	654.pl 654.pl	2 KB
2	mybetterdl.com 2 redirects mybetterdl.com p226681.mybetterdl.com	1 KB
2	mysterscience.com mysterscience.com	2 KB
1	lentainform.com cm.lentainform.com	496 B
1	e-volution.ai 1 redirects sync.e-volution.ai	463 B
1	admanmedia.com sync.admanmedia.com	103 B
1	idealmedia.io cm.idealmedia.io	414 B
1	google.de adservice.google.de	853 B
1	googleadservices.com partner.googleadservices.com	671 B
1	googletagmanager.com www.googletagmanager.com	40 KB
1	jsdelivr.net cdn.jsdelivr.net	8 KB
1	jquery.com code.jquery.com	30 KB
0	clientgear.com Failed event.clientgear.com Failed
123	28

	Domain	Requested by
26	tpc.googlesyndication.com	googleads.g.doubleclick.net cdn.ampproject.org pagead2.googlesyndication.com tpc.googlesyndication.com
12	s-img.mgid.com	jsc.mgid.com
12	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
12	buzz.give5.pl	mafiacorruption.give5.pl code.jquery.com buzz.give5.pl
10	pagead2.googlesyndication.com	mafiacorruption.give5.pl pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
7	cdn.ampproject.org	googleads.g.doubleclick.net pagead2.googlesyndication.com
6	cm.mgid.com	jsc.mgid.com s.adtelligent.com
4	cdn.mgid.com	mafiacorruption.give5.pl jsc.mgid.com
3	sb.scorecardresearch.com	1 redirects jsc.mgid.com
3	www.google.com	2 redirects tpc.googlesyndication.com
3	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	match.adsrvr.org	2 redirects
2	x.bidswitch.net	2 redirects
2	creativecdn.com	2 redirects
2	eus.rubiconproject.com	cm.mgid.com eus.rubiconproject.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	jsc.mgid.com	code.jquery.com jsc.mgid.com
2	stackpath.bootstrapcdn.com	mafiacorruption.give5.pl
2	654.pl	mysterscience.com
2	mysterscience.com
1	token.rubiconproject.com	eus.rubiconproject.com
1	sync.adtelligent.com	1 redirects
1	cm.lentainform.com
1	pixel.rubiconproject.com
1	sync.e-volution.ai	1 redirects
1	sync.admanmedia.com
1	cm.idealmedia.io
1	cm.g.doubleclick.net	1 redirects
1	secure-assets.rubiconproject.com	1 redirects
1	s.adtelligent.com	cm.mgid.com
1	servicer.mgid.com	jsc.mgid.com
1	c.mgid.com	jsc.mgid.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.googletagmanager.com	buzz.give5.pl
1	cdn.jsdelivr.net	mafiacorruption.give5.pl
1	code.jquery.com	mafiacorruption.give5.pl
1	mafiacorruption.give5.pl	654.pl
1	p226681.mybetterdl.com	1 redirects
1	mybetterdl.com	1 redirects
0	event.clientgear.com Failed
123	42

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-29` - `2022-06-28`	a year	crt.sh
mafiacorruption.give5.pl R3	`2021-08-11` - `2021-11-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-30` - `2022-06-01`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
s.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2021-08-05` - `2021-11-03`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-01` - `2022-04-04`	a year	crt.sh
*.admanmedia.com Go Daddy Secure Certificate Authority - G2	`2021-04-20` - `2022-05-22`	a year	crt.sh

This page contains 16 frames:

Primary Page: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Frame ID: 81580D3FCD4832355B4B5752C16B9C49
Requests: 65 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210819/r20190131/zrt_lookup.html
Frame ID: 335A9A3170178766657C94CB9819AB04
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93
Frame ID: 86EB82FAF482E31F24BAFE34E8C351E7
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=6982997067&adk=3470165435&adf=3678850305&pi=t.ma~as.6982997067&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047983&bpp=1&bdt=164&idt=94&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=409&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=wwyUFNSqS7&p=https%3A//mafiacorruption.give5.pl&dtd=98
Frame ID: 2BD5910C27AE3B3934715ED803668078
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2455198909&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047984&bpp=1&bdt=165&idt=113&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=713&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FK7qomR3oa&p=https%3A//mafiacorruption.give5.pl&dtd=116
Frame ID: 0C335461EA99F50E9FC1D759A82C3828
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&adk=1812271804&adf=3025194257&lmt=1629736217&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047996&bpp=2&bdt=178&idt=109&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C350x280&nras=1&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=115
Frame ID: E773B9E8E5E71B7D350EFA42077E4581
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: A6949F6BF2D1C764839D16EFAF29CF05
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/UDeKqTBFYaEY2ioWtDs_l49rHnl3Z0jd0o7HlKSj4tA.js
Frame ID: 2A0A72BF2027231E0090186D2CE4439A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: DA31DA87C7656566F3736E8BDC73E0FA
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012108100143000/amp4ads-v0.mjs
Frame ID: B5869A00D62FF6E022E8EB2554762539
Requests: 23 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/UDeKqTBFYaEY2ioWtDs_l49rHnl3Z0jd0o7HlKSj4tA.js
Frame ID: FE990D09B952F672C26C8C685FC498C9
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 886103C3B92BE206979FC22C00530C7B
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8029E0E5C61451257A4E391B5CF58849
Requests: 1 HTTP requests in this frame

Frame: https://cm.mgid.com/i-noref.js?cbuster=1629908049159462420445
Frame ID: D02E37A568A560A0CA6B6E99D249434A
Requests: 1 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=658327
Frame ID: 788198E7E1A1CB860027D4264F74CC92
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu
Frame ID: 5CA484FA5F91371EBF4BB3FF6396BC9F
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Buzz news

Page URL History Show full URLs

http://mysterscience.com/ Page URL
http://mysterscience.com/ Page URL
https://mybetterdl.com/aS/feedclick?s=u6geJV4sLGsDkIYfb4a6rY8uDhK_8R6jB7ZE1YLCGEyphOEdB_wU2DZTiQMvA... HTTP 302
https://p226681.mybetterdl.com/adServe/domainClick?ai=tMxzWfm12LrPIBZz0TcdscHzHiS5lzxECK3oDfHcUhx2X__HaM-tx... HTTP 302
https://654.pl/Dff9dW1C?keyword=mysterscience.com+MT+mysteryscience.com+MT+mysteryscience.c... Page URL
https://654.pl/gateway.php?frm=dm&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cmwiOiJodH... Page URL
https://mafiacorruption.give5.pl/buzz.html?qid=ali Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

123
Requests

98 %
HTTPS

46 %
IPv6

28
Domains

42
Subdomains

29
IPs

6
Countries

1481 kB
Transfer

3110 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mysterscience.com/ Page URL
http://mysterscience.com/ Page URL
https://mybetterdl.com/aS/feedclick?s=u6geJV4sLGsDkIYfb4a6rY8uDhK_8R6jB7ZE1YLCGEyphOEdB_wU2DZTiQMvAXg5dnQ3qd4H7z-pbTnNK1c9Rxz0pbUsp-ySBb2PgmyDCWvel9ZKy3l8rBk62mhAGgs4gS41QDYTbhAEysjXg8JANJjEIILW_3V7XWOpnxryNlwrjG0nSZQzsoeidaNKpjGDJR7_JELd7avBVelG8k6tnTRq7ZIJm8HCA6EaObuU7qSyQVedo_84DOS3Y-7tCNhinyJfbBPMI-hKBLjaR3l6gvT3bpm1s3kqs-zrFPWZix5JCGbdw5UAkE5guQ9iUwBMkAZx_nuCC_6hOOrKoQQVibGwFv_owHxsVXiI7wwEqsf1PKNOf0HYDitAxAaEISJ6t6VuUI4CwRT-V3bM_Uzc5TKMkNxfLYE2pFwJ-ULpbEMSSVGMvDPTDJLAOPMtHJSiw-PLtYP3Abda6de_AXdohJ7pkkdbVYh6usMSWMd9mfRy6aPvutXXxvk_JRSuAxTQM5mKHOgpsGybVMXhWodYncg3H0kZcIEia9YBA4IZr2v-j8Ge7IXrvHcNQb0OMYBFOIe_EWD1vlTourgX2pQqNB0jJ0etoC4yEYw7bQwDcSIkKhfkmWU8J4JO9VOv1v9ONwAW7gnKSFRr4Ut7QCoIZMRy4fNoltjRX0ouuZ0_OdSwWD2SF2bvZfA731xoHf83-nNIvtlI32DtXzpARJhPG3KQtqoqsg0UR96ebgxjaLZMG8_Yz5r5RzX0dO8qTDU0bPaw8iRsE7dVYr3j3vtw-Ie_qnC1rm6viBg9MNGD-op8164cKxdtP4HX2aynQCXpWQaKdcFI_NlJ-BkxWpMTAcP9aln8IeHH0SOnUKtzaCzW1gZT1Nm_okdX_RaW-NWRxnN7Q4_Ii-qhDtHGD1oEGhCaNn9cLhelycyoDxtry4ApFKsfwiAeYqeFrX5dG43aQqh09FZzRYfl_Wr8Qec6Q595VlVggkqKKf74OfYOtzA7KLQ-kKC1Wbt8k9-mum5-SrMsOVSOrFIeiwedU8j0yY4VM-NxvJ79a0Ol6tzyiboSOrbjEbq5e_vwAiKSDnfErETOH-laycf0xRsQekXACrbaOt94Qi8a7mYdKiWU3z9H-3uz5Zt3HaJbzIrK5N9EmlDaB7tSj71nxBZbuPpufgYxIEoB2FTxDZW6g141J0FUMOCtRPh07PhXmretIozc1AbS0PSXZp0Vx7N5t9vxBGk_cvFOjY7Csy3CjqQFwkjn-RAf2xO4PsqDVVGBMf9Vi2L-4COsWdTlIP5ptT_pYnjnfmaIj6xSWjM3po8KmAxpb_vUK1ucLY-asnlABCZhN9VBRATXLr7PM0F2rwckh9lkHwWCDioM35slfsf6hHPecsQb-r_Idv1dOK5C73zKKZMktY8_yal0kWC4G8QmFPzIQuVABN-sZLtav_XzPJQISeKi9pqoZVA2g4h7BzO9jbK3gER77miAfhXwmr_DcTmMMKiT1gyswfMeJLmXPEQIregN8dxSHG1NYJhrG_A2p17aLAAD7XCTyZMpWYbPsnn9a2tSmx6169_1GtiyOSQFwedbak_fsk93dYuzSiH90w3FJ9J-gAjdAM6fo_EBoQ HTTP 302
https://p226681.mybetterdl.com/adServe/domainClick?ai=tMxzWfm12LrPIBZz0TcdscHzHiS5lzxECK3oDfHcUhx2X__HaM-txP_gepuoZTwbCEniovaaqGUZnRdceqXj9GIMmYv0vieLgyEVuSK5KMoTbi1lAk9tcnUXj34qybWDAqM8rzIb-Pi5VPoQapVd8GzO00fgOqNi56xvBNQ30PVQnPqWujOPYtzK91aCpLTlJDJhNuBy4LvtRr7O-Ik-Mglt7BALO2dZnKBFjok_pd-TyZMpWYbPsmtnEwOV8dIovitaEXZPV_Aga-MIWJ4vCTKoRN0TG3UDYNC11bVpup6OF0SokHo2PZeYO9hdbD2Gn6oVmfmCmc-q0T2xsmJwnBfZ8RtWPEH2SnZADPOdLz_p-OGBQW3exAhKJncPyYXssKbYd4jRL3fz-AbClJeve1IAxxj8fbHTscWi84ZIOk0qJeEuaLJ-WEdDYOEm2_ns-Cm35MG9zEITCssQBo5b-FFF6p9gGAEnBgVswf0zP-9WMt11ucqtjA&ui=u6geJV4sLGsDkIYfb4a6rfbWwvziNp_1xLgNeF8Zj-gyqETdExt1A_IehnzhlyJJ29QvSYnqqW3T57gjuPIOot3C66LQysprZ_tpV1v-t2zZW_vKYEpS6w&si=1&oref=ab5b555771d4259c5d3a206dc2a8838d&optunit=ZLtav_XzPJQISeKi9pqoZXnSiUDV5iGD&rb=KnnqXN8ucBg&rr=1&abtg=0 HTTP 302
https://654.pl/Dff9dW1C?keyword=mysterscience.com+MT+mysteryscience.com+MT+mysteryscience.com&cost=0.0007&external_id=86887052397&creative_id=@@CREATIVE-ID@@&ad_campaign_id=AdSense+MGID&source=83468255 Page URL
https://654.pl/gateway.php?frm=dm&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cmwiOiJodHRwczpcL1wvbWFmaWFjb3JydXB0aW9uLmdpdmU1LnBsXC9idXp6Lmh0bWw_cWlkPWFsaSJ9.MbEBhpRhYnoEeVL1J715MX03FhQfLXEJ-SitVD91JBo Page URL
https://mafiacorruption.give5.pl/buzz.html?qid=ali Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://mybetterdl.com/aS/feedclick?s=u6geJV4sLGsDkIYfb4a6rY8uDhK_8R6jB7ZE1YLCGEyphOEdB_wU2DZTiQMvAXg5dnQ3qd4H7z-pbTnNK1c9Rxz0pbUsp-ySBb2PgmyDCWvel9ZKy3l8rBk62mhAGgs4gS41QDYTbhAEysjXg8JANJjEIILW_3V7XWOpnxryNlwrjG0nSZQzsoeidaNKpjGDJR7_JELd7avBVelG8k6tnTRq7ZIJm8HCA6EaObuU7qSyQVedo_84DOS3Y-7tCNhinyJfbBPMI-hKBLjaR3l6gvT3bpm1s3kqs-zrFPWZix5JCGbdw5UAkE5guQ9iUwBMkAZx_nuCC_6hOOrKoQQVibGwFv_owHxsVXiI7wwEqsf1PKNOf0HYDitAxAaEISJ6t6VuUI4CwRT-V3bM_Uzc5TKMkNxfLYE2pFwJ-ULpbEMSSVGMvDPTDJLAOPMtHJSiw-PLtYP3Abda6de_AXdohJ7pkkdbVYh6usMSWMd9mfRy6aPvutXXxvk_JRSuAxTQM5mKHOgpsGybVMXhWodYncg3H0kZcIEia9YBA4IZr2v-j8Ge7IXrvHcNQb0OMYBFOIe_EWD1vlTourgX2pQqNB0jJ0etoC4yEYw7bQwDcSIkKhfkmWU8J4JO9VOv1v9ONwAW7gnKSFRr4Ut7QCoIZMRy4fNoltjRX0ouuZ0_OdSwWD2SF2bvZfA731xoHf83-nNIvtlI32DtXzpARJhPG3KQtqoqsg0UR96ebgxjaLZMG8_Yz5r5RzX0dO8qTDU0bPaw8iRsE7dVYr3j3vtw-Ie_qnC1rm6viBg9MNGD-op8164cKxdtP4HX2aynQCXpWQaKdcFI_NlJ-BkxWpMTAcP9aln8IeHH0SOnUKtzaCzW1gZT1Nm_okdX_RaW-NWRxnN7Q4_Ii-qhDtHGD1oEGhCaNn9cLhelycyoDxtry4ApFKsfwiAeYqeFrX5dG43aQqh09FZzRYfl_Wr8Qec6Q595VlVggkqKKf74OfYOtzA7KLQ-kKC1Wbt8k9-mum5-SrMsOVSOrFIeiwedU8j0yY4VM-NxvJ79a0Ol6tzyiboSOrbjEbq5e_vwAiKSDnfErETOH-laycf0xRsQekXACrbaOt94Qi8a7mYdKiWU3z9H-3uz5Zt3HaJbzIrK5N9EmlDaB7tSj71nxBZbuPpufgYxIEoB2FTxDZW6g141J0FUMOCtRPh07PhXmretIozc1AbS0PSXZp0Vx7N5t9vxBGk_cvFOjY7Csy3CjqQFwkjn-RAf2xO4PsqDVVGBMf9Vi2L-4COsWdTlIP5ptT_pYnjnfmaIj6xSWjM3po8KmAxpb_vUK1ucLY-asnlABCZhN9VBRATXLr7PM0F2rwckh9lkHwWCDioM35slfsf6hHPecsQb-r_Idv1dOK5C73zKKZMktY8_yal0kWC4G8QmFPzIQuVABN-sZLtav_XzPJQISeKi9pqoZVA2g4h7BzO9jbK3gER77miAfhXwmr_DcTmMMKiT1gyswfMeJLmXPEQIregN8dxSHG1NYJhrG_A2p17aLAAD7XCTyZMpWYbPsnn9a2tSmx6169_1GtiyOSQFwedbak_fsk93dYuzSiH90w3FJ9J-gAjdAM6fo_EBoQ HTTP 302
https://p226681.mybetterdl.com/adServe/domainClick?ai=tMxzWfm12LrPIBZz0TcdscHzHiS5lzxECK3oDfHcUhx2X__HaM-txP_gepuoZTwbCEniovaaqGUZnRdceqXj9GIMmYv0vieLgyEVuSK5KMoTbi1lAk9tcnUXj34qybWDAqM8rzIb-Pi5VPoQapVd8GzO00fgOqNi56xvBNQ30PVQnPqWujOPYtzK91aCpLTlJDJhNuBy4LvtRr7O-Ik-Mglt7BALO2dZnKBFjok_pd-TyZMpWYbPsmtnEwOV8dIovitaEXZPV_Aga-MIWJ4vCTKoRN0TG3UDYNC11bVpup6OF0SokHo2PZeYO9hdbD2Gn6oVmfmCmc-q0T2xsmJwnBfZ8RtWPEH2SnZADPOdLz_p-OGBQW3exAhKJncPyYXssKbYd4jRL3fz-AbClJeve1IAxxj8fbHTscWi84ZIOk0qJeEuaLJ-WEdDYOEm2_ns-Cm35MG9zEITCssQBo5b-FFF6p9gGAEnBgVswf0zP-9WMt11ucqtjA&ui=u6geJV4sLGsDkIYfb4a6rfbWwvziNp_1xLgNeF8Zj-gyqETdExt1A_IehnzhlyJJ29QvSYnqqW3T57gjuPIOot3C66LQysprZ_tpV1v-t2zZW_vKYEpS6w&si=1&oref=ab5b555771d4259c5d3a206dc2a8838d&optunit=ZLtav_XzPJQISeKi9pqoZXnSiUDV5iGD&rb=KnnqXN8ucBg&rr=1&abtg=0 HTTP 302
https://654.pl/Dff9dW1C?keyword=mysterscience.com+MT+mysteryscience.com+MT+mysteryscience.com&cost=0.0007&external_id=86887052397&creative_id=@@CREATIVE-ID@@&ad_campaign_id=AdSense+MGID&source=83468255

Request Chain 47

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 74

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 109

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=mgid&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu

Request Chain 110

https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bDdwOHl4SEN4Q2U5&muidn=l7p8yxHCxCe9 HTTP 302
https://cm.mgid.com/google?muidn=l7p8yxHCxCe9&google_ula={guid},5&google_gid=CAESEK9vvxwU-HD-ymrp_pVrTmM&google_cver=1

Request Chain 111

https://x.bidswitch.net/sync?ssp=mgid HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=mgid HTTP 302
https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=mgid&bsw_custom_parameter=f79f9367-d378-48f8-b508-ee0d05b4f4ad

Request Chain 112

https://creativecdn.com/cm-notify?pi=mgid HTTP 302
https://creativecdn.com/cm-notify?pi=mgid&tc=1 HTTP 302
https://cm.mgid.com/m?cdsp=501037&c=Lf9OSdO350TqAfnH5sIx&pi=mgid&tc=1

Request Chain 114

https://x.bidswitch.net/sync?dsp_id=303&user_id=l7p8yxHCxCe9 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=303&user_id=l7p8yxHCxCe9 HTTP 302
https://sync.admanmedia.com/bidswitch.gif?puid=f79f9367-d378-48f8-b508-ee0d05b4f4ad&redir=[RED]

Request Chain 115

https://match.adsrvr.org/track/cmf/generic?ttd_pid=omn67hl&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=omn67hl&ttd_tpi=1 HTTP 302
https://cm.mgid.com/m?cdsp=371158&c=2ccdabd0-dcaa-4143-a62a-f20ee9d1fd2c&ttl=1632500049

Request Chain 116

https://sync.e-volution.ai/34b9aae5baa016b251b9fc488f4a97cd.gif?puid=l7p8yxHCxCe9 HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=&gdpr_consent=&us_privacy=

Request Chain 118

https://sb.scorecardresearch.com/b?c1=7&c2=15208452&c3=110&ns__t=1629908049299&ns_c=UTF-8&cv=3.5&c8=Buzz%20news&c7=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&c9=https%3A%2F%2F654.pl%2F HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=15208452&c3=110&ns__t=1629908049299&ns_c=UTF-8&cv=3.5&c8=Buzz%20news&c7=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&c9=https%3A%2F%2F654.pl%2F

Request Chain 119

https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D617666%26c%3D%7Buid%7D HTTP 302
https://cm.mgid.com/m?cdsp=617666&c=215a9ab83b2b3e48

123 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK /
mysterscience.com/ 362 B
452 B 276ms
170ms Document
text/html 173.239.8.164
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: http://mysterscience.com/
Protocol: HTTP/1.1
Server: 173.239.8.164 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS: icsvm3.webair.com
Software: nginx/1.18.0 /
Resource Hash

Request headers

Host: mysterscience.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server: nginx/1.18.0
Date: Wed, 25 Aug 2021 16:14:05 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

POST
H/1.1 200
OK Cookie set /
mysterscience.com/ 2 KB
2 KB 552ms
552ms Document
text/html 173.239.8.164
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: http://mysterscience.com/
Protocol: HTTP/1.1
Server: 173.239.8.164 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS: icsvm3.webair.com
Software: nginx/1.18.0 /
Resource Hash

Request headers

Host: mysterscience.com
Connection: keep-alive
Content-Length: 12
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Origin: http://mysterscience.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://mysterscience.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
Origin: http://mysterscience.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: http://mysterscience.com/

Response headers

Server: nginx/1.18.0
Date: Wed, 25 Aug 2021 16:14:05 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: ipc=eyJ2ZXJzaW9uIjoxLCJzdWJJZCI6MywiZm9sZGVySWQiOjEsImZlZWRJZCI6MjEsInRzIjoxNjI5OTA4MDQ1LCJoYXNoIjoiNmUyOWMxNjcifQ==;Expires=Wed, 25-Aug-2021 17:14:05 GMT;Max-Age=3600
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip

GET
H2

200

Dff9dW1C
654.pl/
Redirect Chain

https://mybetterdl.com/aS/feedclick?s=u6geJV4sLGsDkIYfb4a6rY8uDhK_8R6jB7ZE1YLCGEyphOEdB_wU2DZTiQMvAXg5dnQ3qd4H7z-pbTnNK1c9Rxz0pbUsp-ySBb2PgmyDCWvel9ZKy3l8rBk62mhAGgs4gS41QDYTbhAEysjXg8JANJjEIILW_3V...
https://p226681.mybetterdl.com/adServe/domainClick?ai=tMxzWfm12LrPIBZz0TcdscHzHiS5lzxECK3oDfHcUhx2X__HaM-txP_gepuoZTwbCEniovaaqGUZnRdceqXj9GIMmYv0vieLgyEVuSK5KMoTbi1lAk9tcnUXj34qybWDAqM8rzIb-Pi5VPo...
https://654.pl/Dff9dW1C?keyword=mysterscience.com+MT+mysteryscience.com+MT+mysteryscience.com&cost=0.0007&external_id=86887052397&creative_id=@@CREATIVE-ID@@&ad_campaign_id=AdSense+MGID&source=8346...

320 B
1 KB

141ms
115ms

Document
text/html

2606:4700:3036::ac43:9acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://654.pl/Dff9dW1C?keyword=mysterscience.com+MT+mysteryscience.com+MT+mysteryscience.com&cost=0.0007&external_id=86887052397&creative_id=@@CREATIVE-ID@@&ad_campaign_id=AdSense+MGID&source=83468255

Requested by

Host: mysterscience.com
URL: http://mysterscience.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::ac43:9acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: 654.pl
:scheme: https
:path: /Dff9dW1C?keyword=mysterscience.com+MT+mysteryscience.com+MT+mysteryscience.com&cost=0.0007&external_id=86887052397&creative_id=@@CREATIVE-ID@@&ad_campaign_id=AdSense+MGID&source=83468255
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: http://mysterscience.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: http://mysterscience.com/

Response headers

date: Wed, 25 Aug 2021 16:14:06 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
expires: 0
last-modified: Wed, 25 Aug 2021 16:13:21 GMT
pragma: no-cache
set-cookie: _subid=1unr3k161266c21c8ec2;Expires=Saturday, 25-Sep-2021 16:13:21 GMT;Max-Age=2678400;Path=/ _token=uuid_1unr3k161266c21c8ec2_1unr3k161266c21c8ec261266c21c9a4e8.77677479;Expires=Saturday, 25-Sep-2021 16:13:21 GMT;Max-Age=2678400;Path=/ ec87d=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEyN1wiOjE2Mjk5MDgwMDF9LFwiY2FtcGFpZ25zXCI6e1wiOTlcIjoxNjI5OTA4MDAxfSxcInRpbWVcIjoxNjI5OTA4MDAxfSJ9.sRQ4NECJm6cDMfduy1ZLwTn6SH11_MNaLBfFFjNIDZM;Expires=Thursday, 20-Apr-2073 08:26:42 GMT;Max-Age=1629994401;Path=/
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pTh9G3oi6qSKG50SDINny%2B4VGSnYrvKmcoXq8G5SccTNorWp6XLH0r2aKSnvb3xeExpZ8IQiFfoxa4Qxwksbj13saLmx%2BajJ7KNIjV9NMTu%2F5vykCTcutqMedcG%2B%2FAvI8mzpNIs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68461c8a1d495373-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

server: nginx
date: Wed, 25 Aug 2021 16:14:06 GMT
content-length: 0
set-cookie: rhid=79461643225; Max-Age=15552000; Expires=Mon, 21-Feb-2022 16:14:06 GMT; Domain=mybetterdl.com; Path=/; SameSite=None; secure; loi=ad_1119079_off_564072_aff_90013_cid_226681-MYSTERSCIENCE.COM_ts_1629908046; Max-Age=3600; Expires=Wed, 25-Aug-2021 17:14:06 GMT; Domain=mybetterdl.com; Path=/; SameSite=None; secure;
location: https://654.pl/Dff9dW1C?keyword=mysterscience.com+MT+mysteryscience.com+MT+mysteryscience.com&cost=0.0007&external_id=86887052397&creative_id=@@CREATIVE-ID@@&ad_campaign_id=AdSense+MGID&source=83468255

GET
H3-29 200 gateway.php
654.pl/ 314 B
827 B 145ms
134ms Document
text/html 2606:4700:3036::ac43:9acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://654.pl/gateway.php?frm=dm&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cmwiOiJodHRwczpcL1wvbWFmaWFjb3JydXB0aW9uLmdpdmU1LnBsXC9idXp6Lmh0bWw_cWlkPWFsaSJ9.MbEBhpRhYnoEeVL1J715MX03FhQfLXEJ-SitVD91JBo

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::ac43:9acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.3.15

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: 654.pl
:scheme: https
:path: /gateway.php?frm=dm&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cmwiOiJodHRwczpcL1wvbWFmaWFjb3JydXB0aW9uLmdpdmU1LnBsXC9idXp6Lmh0bWw_cWlkPWFsaSJ9.MbEBhpRhYnoEeVL1J715MX03FhQfLXEJ-SitVD91JBo
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://654.pl/Dff9dW1C?keyword=mysterscience.com+MT+mysteryscience.com+MT+mysteryscience.com&cost=0.0007&external_id=86887052397&creative_id=@@CREATIVE-ID@@&ad_campaign_id=AdSense+MGID&source=83468255
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _subid=1unr3k161266c21c8ec2; _token=uuid_1unr3k161266c21c8ec2_1unr3k161266c21c8ec261266c21c9a4e8.77677479; ec87d=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEyN1wiOjE2Mjk5MDgwMDF9LFwiY2FtcGFpZ25zXCI6e1wiOTlcIjoxNjI5OTA4MDAxfSxcInRpbWVcIjoxNjI5OTA4MDAxfSJ9.sRQ4NECJm6cDMfduy1ZLwTn6SH11_MNaLBfFFjNIDZM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://654.pl/Dff9dW1C?keyword=mysterscience.com+MT+mysteryscience.com+MT+mysteryscience.com&cost=0.0007&external_id=86887052397&creative_id=@@CREATIVE-ID@@&ad_campaign_id=AdSense+MGID&source=83468255

Response headers

date: Wed, 25 Aug 2021 16:14:07 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.15
last-modified: Wed, 25 Aug 2021 16:13:22 GMT
cache-control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
pragma: no-cache
expires: 0
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YoKuIHn92dLHaxKT%2FhlaT%2FoOJCxf6BRRivZhelP4W%2FsROlsB1iEi3SeNm6gCSZnkFEBsViA%2F%2FU2gT2mi70ReVZFa0rVymrpLeiVcR6RQmYAYER50cVvvVQ5hbSSx9kUIgNmgmBw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68461c913e4c5c02-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 Primary Request buzz.html Show response
mafiacorruption.give5.pl/ 7 KB
2 KB 120ms
37ms Document
text/html 213.189.52.246
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Requested by: Host: 654.pl
URL: https://654.pl/gateway.php?frm=dm&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cmwiOiJodHRwczpcL1wvbWFmaWFjb3JydXB0aW9uLmdpdmU1LnBsXC9idXp6Lmh0bWw_cWlkPWFsaSJ9.MbEBhpRhYnoEeVL1J715MX03FhQfLXEJ-SitVD91JBo
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.189.52.246 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web37.mydevil.net
Software: nginx /
Resource Hash: 20e710297e7b5612ef924477653bd97f9a437e3ebaefd4d49efd78c1768cf383

Request headers

:method: GET
:authority: mafiacorruption.give5.pl
:scheme: https
:path: /buzz.html?qid=ali
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://654.pl/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://654.pl/

Response headers

server: nginx
date: Wed, 25 Aug 2021 16:14:07 GMT
content-type: text/html
accept-ranges: bytes
last-modified: Mon, 23 Aug 2021 16:30:17 GMT
etag: W/"6123cd19-1b47"
content-encoding: gzip

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ 156 KB
25 KB 41ms
24ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css

Requested by

Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601
age: 185905
cdn-cachedat: 08/03/2021 15:16:56
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cdn-proxyver: 1.0
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:09 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: b5d5130d81b0e7b5ebd02af82050a068
cf-ray: 68461c92f8e35b26-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 core.js Show response
buzz.give5.pl/js/ 178 B
794 B 52ms
22ms Script
application/javascript 2606:4700:3031::ac43:81ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://buzz.give5.pl/js/core.js
Requested by: Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:81ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f66d6d09c6d53dbbe999a017d272955497783df2171eed16f9824bd4cd6cbac

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3631
cf-polished: origSize=468
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sat, 26 Dec 2020 15:22:32 GMT
server: cloudflare
etag: W/"5fe75538-1d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=viWe8rTyNwbxJuI0ySsbk%2Bd9aLQSh%2FnMIUoTIpo4wkAoUgd%2BN%2B9E6aCTH5vX2EQq0jimTRBp3L90%2FLEjtcMpixkKjvC5VhkJwaYJfMufKOuJoQlzl4e4AYOeurwq5txRyQqcT8TWmaTRHywz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 68461c9318702bdd-FRA
cf-bgj: minify

GET
H2 200 a1.jpg
buzz.give5.pl/img/ 31 KB
32 KB 68ms
39ms Image
image/jpeg 2606:4700:3031::ac43:81ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buzz.give5.pl/img/a1.jpg
Requested by: Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:81ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e97d196c37c1bd5825cd9396829015633198f120ad647b9a6f5789306118770f

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3630
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 32013
last-modified: Sat, 28 Mar 2020 09:17:41 GMT
server: cloudflare
etag: "5e7f1635-7d0d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jJmkEVIlzmJJ237dCX3p6C%2Bko%2FsNIEE4N6vKmN%2FqkLybUEa0zDlN13t3GIX879Ciz2jlOyeTFDijVDJohD5WKCquzJzPrN900bgHoK1vgdJC2Z6Kn4eD1ffQdvq7qPjcmQPUYDhOdo6bHXwa"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 68461c9318722bdd-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
49 KB 62ms
40ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e2c209b00657e89495ee8755079de3a860057eaedeb9fd85b6255794c765dda2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49955
x-xss-protection: 0
server: cafe
etag: 327034990176352042
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 16:14:07 GMT

GET
H2 200 a2.jpg
buzz.give5.pl/img/ 45 KB
45 KB 57ms
28ms Image
image/jpeg 2606:4700:3031::ac43:81ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buzz.give5.pl/img/a2.jpg
Requested by: Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:81ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7885d40f3264fc1c0d85a9174dee55aeb78a8ebe1a4cfc454b7f65126499f9e

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3630
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45736
last-modified: Tue, 29 Dec 2020 14:51:45 GMT
server: cloudflare
etag: "5feb4281-b2a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2F23uCmdGjOm9o7%2FUv1%2FJPGY2ltyBfs1nmiieMKPhhdxYPP0xlLn7SjlGLaHw1IIYspTyg8jVHCgwdXaw%2Fw7%2BrQGOSGIWPgmJpqJiIfIraseOPcdD35rRgjKPpJTJ0zHavxozHUoKX3b%2FZ%2FO"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 68461c9318742bdd-FRA

GET
H2 200 a3.jpg
buzz.give5.pl/img/ 58 KB
58 KB 63ms
35ms Image
image/jpeg 2606:4700:3031::ac43:81ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buzz.give5.pl/img/a3.jpg
Requested by: Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:81ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dde24cb7904b96f77b5cd22744fb531ef188aeb1d46034d12a05abb17b4fe91e

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3630
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 59391
last-modified: Thu, 26 Mar 2020 10:03:35 GMT
server: cloudflare
etag: "5e7c7df7-e7ff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=caRh9CklYeIoLkJlJl9uvCD2a5qQR2JG3RWCGeUnhqTZ6JRt2TcP%2BbpoZFHOd0t0HkItXFKZI0mliU%2BFLkRHpInq%2Bb%2B%2BG%2BHFA78ot9B%2FI1FiyH2gd563Wwc1gpUqY2mEka7vf7%2BZMp1qiqud"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 68461c9318752bdd-FRA

GET
H2 200 jquery-3.4.1.min.js Show response
code.jquery.com/ 86 KB
30 KB 26ms
10ms Script
application/javascript 2001:4de0:ac18::1:a:3a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.min.js
Requested by: Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:07 GMT
content-encoding: gzip
last-modified: Wed, 01 May 2019 21:14:27 GMT
server: nginx
etag: W/"5cca0c33-15851"
vary: Accept-Encoding
x-hw: 1629908047.dop005.fr8.t,1629908047.cds272.fr8.hc,1629908047.cds236.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30638

GET
H2 200 popper.min.js Show response
cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/ 21 KB
8 KB 22ms
6ms Script
application/javascript 2a04:4e42:3::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js

Requested by

Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:3::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 6707046
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 7510
etag: W/"5309-YvI45zNIx3656GVCan0bfeI8uy0"
x-served-by: cache-fra19145-FRA
date: Wed, 25 Aug 2021 16:14:07 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/ 59 KB
16 KB 45ms
30ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js

Requested by

Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 185905
cdn-cachedat: 2021-08-02 20:41:18
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:09 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 768175ac69b9b8f6eda8e21ca2409db5
cf-ray: 68461c92f8eb5b26-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 ads.js Show response
buzz.give5.pl/js/ 108 B
406 B 56ms
28ms Script
application/javascript 2606:4700:3031::ac43:81ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://buzz.give5.pl/js/ads.js
Requested by: Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:81ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17580c0d86278594ab917e09006107e451ce37c1aa8c3cbccbc095d3a96bc367

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3630
cf-polished: origSize=111
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 24 Mar 2020 09:22:53 GMT
server: cloudflare
etag: W/"5e79d16d-6f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=07FkZMxwZCqEmxkMQEu0joW%2BvVBkKjImMJ%2FIaOlSlLsWWXBbBp9126iYuCaay6DERQo7%2FgvtNM%2Bg0AsmLTiFFOaXA0wzo3vrz5yUVs%2BMQsedouDZxWm2X%2F22Z7fVgqVWHywc8O6yslgOI3b%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 68461c9318772bdd-FRA
cf-bgj: minify

GET
H2 200 buzzcore.js Show response
buzz.give5.pl/js/ 6 KB
2 KB 53ms
25ms Script
application/javascript 2606:4700:3031::ac43:81ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://buzz.give5.pl/js/buzzcore.js
Requested by: Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:81ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64e2dba31f78b874b8954afc77c62e12eec615835861d10d42592e2745bd8d72

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3630
cf-polished: origSize=9397
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sat, 02 Jan 2021 10:48:04 GMT
server: cloudflare
etag: W/"5ff04f64-24b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NdH99gc3Sul%2BZR2TKhm8yej3sXKTzNIChJ6tXbrtrcExVH9%2BvOc9%2FIz1en9Fdc0i0sxPHAHeO6O3kLJdnVEpdB4t%2FP5uPLfdF79U2rh4y6iOuUVDqvQjTNc8ZsNAsGQtBEs4ZLz1yshVpvl8"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 68461c9318782bdd-FRA
cf-bgj: minify

GET
H3-29 200 buzz_ali.js Show response
buzz.give5.pl/js/ 47 KB
11 KB 159ms
144ms Script
application/javascript 2606:4700:3031::ac43:81ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://buzz.give5.pl/js/buzz_ali.js?_=1629908047922
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.4.1.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:81ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ef6d55b70dbb8831f081f2b1501c3765f4ac5eac3b17a6beec56ab3fdbcec9c

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 23 Aug 2021 16:27:49 GMT
server: cloudflare
etag: W/"6123cc85-ba98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=88%2FscKbFDanCptzdQAC%2BdrlpKGfYcGaAkbDaBUlBd3V66KYJPzDFDlwUYektugQ3GBi02V2KV%2BL6iYQk8B22rpSBh9L8uhqyfw0bdSNX4BUd3hxm4AI5%2BBUKyygm3WlT%2Fmf87Fy39Q6lZhHM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68461c93d8a6bea6-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 mafiacorruption.give5.pl.js Show response
buzz.give5.pl/js/domain/ 298 B
801 B 29ms
15ms Script
application/javascript 2606:4700:3031::ac43:81ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://buzz.give5.pl/js/domain/mafiacorruption.give5.pl.js
Requested by: Host: buzz.give5.pl
URL: https://buzz.give5.pl/js/buzzcore.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:81ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e070e656e40406177347b878179c4814ff3879184eb180d8c7d498e7212396b

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3630
cf-polished: origSize=320
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 30 Mar 2020 16:28:26 GMT
server: cloudflare
etag: W/"5e821e2a-140"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2BmDzVq0fGawCJQf2pKAsTLtqfRiY5FNeFwwN%2FLNIuNDYiKiY%2BiejDlqMsHkEs5uZaK4eB9C25SPHjl95LcU3%2BE5LajIB6b6PdRvEwbgZeuZ0xls5phPHs07%2F3ki7%2BCrxk0CxcUj0ZyufpUt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 68461c93d8a7bea6-FRA
cf-bgj: minify

GET
H3-29 200 adsbygoogle.js Show response
buzz.give5.pl/js/ 117 B
661 B 107ms
93ms Script
application/javascript 2606:4700:3031::ac43:81ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://buzz.give5.pl/js/adsbygoogle.js?_=1629908047923
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.4.1.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:81ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26113d04732be9552fe52b6e082b686f3e49f25a513f4c5add3daab5bb514a4a

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 14 Jul 2020 09:16:38 GMT
server: cloudflare
etag: W/"5f0d77f6-75"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sAck9Fzu7Dx05MsOeUeFYfK%2FrlYPQ%2FBwWIasQiOCdohEFsOtVf%2BWYkej%2FfupBk9ztYk8gYSdRX%2F%2Fe%2FXUy6ZUjHZEKNnXa7vVDyb2KSSvy0SxHk0m%2BCQLaUhEYCggvGMtkkZCLkRvMBQ04uCd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68461c93d8a5bea6-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 34ms
20ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-161423566-1

Requested by

Host: buzz.give5.pl
URL: https://buzz.give5.pl/js/buzzcore.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5aa663f8458f01ab15616d92c2bdee48560c240a0d0c5fd9c7cecc63111f203b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:07 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41123
x-xss-protection: 0
last-modified: Wed, 25 Aug 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 25 Aug 2021 16:14:07 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108240101/ 252 KB
93 KB 49ms
34ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108240101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2152692467987994&plah=mafiacorruption.give5.pl

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa9cdf9e3f9d95bc258c6aad323775e7d53770eead4c23191a4a2ef5ad66bfa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95604
x-xss-protection: 0
server: cafe
etag: 190350966155053234
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 16:14:08 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210819/r20190131/ Frame 335A 10 KB
5 KB 25ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210819/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210819/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mafiacorruption.give5.pl/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://mafiacorruption.give5.pl/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 25 Aug 2021 04:52:14 GMT
expires: Wed, 08 Sep 2021 04:52:14 GMT
content-type: text/html; charset=UTF-8
etag: 13836150016441684253
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4591
x-xss-protection: 0
age: 40914
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 mafiacorruption.give5.pl.853142.js Show response
jsc.mgid.com/m/a/ 2 KB
1 KB 107ms
65ms Script
text/javascript 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.js?_=1629908047924
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.4.1.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b70b802dad5dd23e53d9cc781b7ecb387050437d787b5b5e0d97dc241ecc5dc

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: br
cf-cache-status: HIT
age: 2048
last-modified: Wed, 11 Aug 2021 13:27:45 GMT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: CAWY6DNE9XFF4CE5
x-amz-id-2: LnuAvKcxgXYPUCo/oCtsfzHNxlykbHGttLPnCnTIFrvT7tQKAqgoBzlYlkL8sRbMXShLYMPZ4fU=
cf-bgj: minify
server: cloudflare
etag: W/"6b522fe3658ed68994bf7d9763b30aae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
cf-ray: 68461c94980000b2-AMS
expires: Wed, 25 Aug 2021 19:14:08 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-161423566-1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 2256
date: Wed, 25 Aug 2021 15:36:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Wed, 25 Aug 2021 17:36:32 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 246 B
671 B 103ms
46ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=mafiacorruption.give5.pl&callback=_gfp_s_&client=ca-pub-2152692467987994&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108240101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2152692467987994&plah=mafiacorruption.give5.pl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

2749b5144ed7b364f84d1d5876b1274859fff55570f757a7627ebf8573b3706a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 206
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 34ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=mafiacorruption.give5.pl

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 36ms
16ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mafiacorruption.give5.pl

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 86EB 70 KB
25 KB 536ms
535ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b5755f0a5dd96cb7b48d559a03bab03844e8796cd3f97a3d356a27f874864949

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mafiacorruption.give5.pl/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://mafiacorruption.give5.pl/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 25 Aug 2021 16:14:08 GMT
server: cafe
content-length: 25924
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 25-Aug-2021 16:29:08 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 25 Aug 2021 16:14:08 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 53ms
33ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99f6048e026a358bcd25087b08a35840836764c0c3a97cd18569a0dab3263b7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629718286636491"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27620
x-xss-protection: 0
expires: Wed, 25 Aug 2021 16:14:08 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2BD5 68 KB
13 KB 649ms
648ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=6982997067&adk=3470165435&adf=3678850305&pi=t.ma~as.6982997067&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047983&bpp=1&bdt=164&idt=94&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=409&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=wwyUFNSqS7&p=https%3A//mafiacorruption.give5.pl&dtd=98

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7bc4215ac23be91247bd930b366f7ec7618bb06fe7b9c61080b783e278c07769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=6982997067&adk=3470165435&adf=3678850305&pi=t.ma~as.6982997067&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047983&bpp=1&bdt=164&idt=94&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=409&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=wwyUFNSqS7&p=https%3A//mafiacorruption.give5.pl&dtd=98
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mafiacorruption.give5.pl/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://mafiacorruption.give5.pl/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-expose-headers: x-google-amp-ad-validated-version
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 25 Aug 2021 16:14:08 GMT
server: cafe
content-length: 13057
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 25-Aug-2021 16:29:08 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 25 Aug 2021 16:14:08 GMT
cache-control: private

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 14ms
13ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=318661384&t=pageview&_s=1&dl=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&dr=https%3A%2F%2F654.pl%2F&ul=en-us&de=UTF-8&dt=Buzz%20news&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=813195735&gjid=2082184155&cid=2127091300.1629908048&tid=UA-161423566-1&_gid=801740094.1629908048&_r=1&gtm=2ou8n0&z=1758623623

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mafiacorruption.give5.pl
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0C33 70 KB
25 KB 337ms
337ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2455198909&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047984&bpp=1&bdt=165&idt=113&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=713&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FK7qomR3oa&p=https%3A//mafiacorruption.give5.pl&dtd=116

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90ad41e20b950444c987679ae77189f237f9b78ec2503bd1fbdbe79cd4de7dd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2455198909&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047984&bpp=1&bdt=165&idt=113&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=713&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FK7qomR3oa&p=https%3A//mafiacorruption.give5.pl&dtd=116
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mafiacorruption.give5.pl/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://mafiacorruption.give5.pl/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 25 Aug 2021 16:14:08 GMT
server: cafe
content-length: 25913
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 25-Aug-2021 16:29:08 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 25 Aug 2021 16:14:08 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E773 11 KB
5 KB 481ms
481ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&adk=1812271804&adf=3025194257&lmt=1629736217&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047996&bpp=2&bdt=178&idt=109&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C350x280&nras=1&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=115

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9459a44caf3b500368768250994727ff30f7fc5e14715b2df996aa0d1b80e4a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-2152692467987994&output=html&adk=1812271804&adf=3025194257&lmt=1629736217&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047996&bpp=2&bdt=178&idt=109&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C350x280&nras=1&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=115
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mafiacorruption.give5.pl/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://mafiacorruption.give5.pl/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 25 Aug 2021 16:14:08 GMT
server: cafe
content-length: 4623
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 25-Aug-2021 16:29:08 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 25 Aug 2021 16:14:08 GMT
cache-control: private

GET
H3-29 200 mafiacorruption.give5.pl.853142.es6.js Show response
jsc.mgid.com/m/a/ 230 KB
65 KB 125ms
102ms Script
text/javascript 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.js?_=1629908047924
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1572aa8681bd55ad45761b32225431e257f7040bdba813e640923ed86983e47e

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: br
cf-cache-status: HIT
age: 1059
last-modified: Wed, 11 Aug 2021 13:27:46 GMT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: CAWS8V21PAP6GGWN
x-amz-id-2: PkiMmrkXEe+etL9PtCa3GZtoi7rJhi7JqAgByZMs0jcwyRKxM70xyYAM4GpMW+6MGo0Z6tO0ewE=
cf-bgj: minify
server: cloudflare
etag: W/"e5a7a233d06e24d1a44c649a79ac5c79"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
cf-ray: 68461c954ea30c11-AMS
expires: Wed, 25 Aug 2021 19:14:08 GMT

GET
H3-29 200 nordvpn.jpg
buzz.give5.pl/img/ 33 KB
33 KB 20ms
20ms Image
image/jpeg 2606:4700:3031::ac43:81ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buzz.give5.pl/img/nordvpn.jpg
Requested by: Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:81ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86ab251908c708f9554bea7d86a239bc5767582dd54349b65d546c03ce278c60

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3630
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 33692
last-modified: Sun, 03 Jan 2021 11:50:08 GMT
server: cloudflare
etag: "5ff1af70-839c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sgkRnJ6xX8sLiytMeKE9Exsb2czKzx%2BiZtFGNxOolfn2HjA7QyLdzMZV%2BuRas7%2FsE6VE%2F2O2YGDqKxhJqva7YtQJJpeRD4AiH6KDBZTwk1KZgzWDjGOBUcntH1O2iJLo6ZMTv%2BJI%2B8oVad0L"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 68461c94c8f8bea6-FRA

GET
H3-29 200 rusvpnlogo.webp
buzz.give5.pl/img/ 21 KB
21 KB 27ms
26ms Image
image/webp 2606:4700:3031::ac43:81ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buzz.give5.pl/img/rusvpnlogo.webp
Requested by: Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:81ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 891b8a6960eb7823a2a952f71c0946adb44548b169616f7c846355f767218a4b

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3630
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 21100
last-modified: Sat, 02 Jan 2021 12:08:59 GMT
server: cloudflare
etag: "5ff0625b-526c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JpZb63k3J2k4r72ZTiB1vvybgx6aq0mZkO5oepBvbKUiXefzLub2XQduSSFyw%2BpDxH6DiXCA7ogebjPlGTm%2BJ7AxwA7zGRZwtIS%2F%2Bt7rmjtXT0DSvVArw5CMtleuLATMpjkOJcEHB8smA41s"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 68461c94c8fabea6-FRA

GET
H3-29 200 nordpass.png
buzz.give5.pl/img/ 12 KB
13 KB 32ms
32ms Image
image/png 2606:4700:3031::ac43:81ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buzz.give5.pl/img/nordpass.png
Requested by: Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:81ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d4150eb301ce09dde890f20a68175f547dccfc5a71daff184cb2f180b89fd98

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3630
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 12251
last-modified: Sun, 03 Jan 2021 12:10:57 GMT
server: cloudflare
etag: "5ff1b451-2fdb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7XxP%2BIGXwsBLk%2F8sGCIXqLUbBiKFpUZ44PsPPBor9V4ZGK0%2FT1AZ2d5FlAMMzus4ivvWK4shTHskRIE4DilWUTfJ3%2FeOJoPmrjtP6QAeWW%2F4%2F%2BPObA8PdsfK7TT1oMXX2ldFsGzbPkFbHxqq"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 68461c94c8fbbea6-FRA

GET
H2 200 / Show response
c.mgid.com/pv/ 0
281 B 155ms
154ms Script
text/plain 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.mgid.com/pv/?pv=5&cbuster=1629908048425322512780&uniqId=02cf8&niet=4g&nisd=false&jsv=es6&ref=https%3A%2F%2F654.pl%2F&cxurl=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&pr=654.pl&lu=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&sessionId=61266c50-047a6&pageView=1&pvid=17b7e171a2ab3dea4d1&site=555901&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:08 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 68461c96bb2600b2-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 MGID_plus.svg
cdn.mgid.com/images/logos/ 2 KB
1 KB 26ms
24ms Image
image/svg+xml 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/MGID_plus.svg
Requested by: Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 741932350156677164b36a1506347cfd558bc502310bd1d50e246d454c4c1131

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: br
cf-cache-status: HIT
age: 431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 26D5PESFJ3W3C6DA
x-amz-id-2: eutjixPqny2kLtVDkSPgrFz3u2lxc4FXrDErS9xMhTrXgSAmhHeBctWPt+h98HIq6AOxJRjeSOM=
last-modified: Tue, 23 Feb 2021 16:22:15 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1614097325/ctime:1614097325/gid:0/gname:root/md5:f7525f3a5f32c6f4a8e9867e9f57ab45/mode:33206/mtime:1614097325/uid:0/uname:root
etag: W/"f7525f3a5f32c6f4a8e9867e9f57ab45"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 68461c96db4800b2-AMS
expires: Thu, 26 Aug 2021 16:14:08 GMT

GET
H2 200 Adchoices.svg
cdn.mgid.com/images/logos/ 836 B
813 B 28ms
27ms Image
image/svg+xml 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by: Host: mafiacorruption.give5.pl
URL: https://mafiacorruption.give5.pl/buzz.html?qid=ali
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: br
cf-cache-status: HIT
age: 2115
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 50VWJQBT5W4QYKJG
x-amz-id-2: xhXkWrQ90G/ebA55GK4VP5V6mncDrGDeipe5cahYa8kJ+JMUWbxTCzXMUo5ci9AAJm/Ct0tTCXE=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 68461c96db4b00b2-AMS
expires: Thu, 26 Aug 2021 16:14:08 GMT

GET
H2 200 8107714642862708433
tpc.googlesyndication.com/simgad/ Frame 0C33 33 KB
33 KB 33ms
12ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8107714642862708433?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlMM4TxbSU-4z5TmHVsMt7ES7ki8Q

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2455198909&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047984&bpp=1&bdt=165&idt=113&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=713&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FK7qomR3oa&p=https%3A//mafiacorruption.give5.pl&dtd=116

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aeefeaabef6721f20d248c2e1476aa942d9318ea58bf8abffda509f5c7af812e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 03:31:00 GMT
x-content-type-options: nosniff
last-modified: Mon, 23 Aug 2021 21:40:03 GMT
server: sffe
age: 132188
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33588
x-xss-protection: 0
expires: Wed, 24 Aug 2022 03:31:00 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210819/r20110914/ Frame 0C33 18 KB
8 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210819/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38cae7aa633433ce04ad15167696536fa0dfc233ea2f68d39cacfb288f5316c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:13:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7637
x-xss-protection: 0
server: cafe
etag: 2853818853078434854
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Sep 2021 16:13:29 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210819/r20110914/client/ Frame 0C33 2 KB
1 KB 28ms
11ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210819/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:13:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Sep 2021 16:13:14 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0C33 124 KB
37 KB 49ms
34ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dc00e6c10812518e5f101fdeef7624851e0431b4931d80e64470b576800f041

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629718280506303"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38186
x-xss-protection: 0
expires: Wed, 25 Aug 2021 16:14:08 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210819/r20110914/client/ Frame 0C33 14 KB
6 KB 25ms
7ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210819/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 165
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Sep 2021 16:11:23 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210819/r20110914/client/ Frame 0C33 26 KB
11 KB 33ms
16ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210819/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e70daf1f8bcfd0ed744b5f86ac162bda58f2d2db0e5b4ba93c3adec87ad09fe3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 15:14:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10771
x-xss-protection: 0
server: cafe
etag: 12253238251956766473
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Sep 2021 15:14:07 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0C33 0
0 30ms
30ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CALyoUGwmYb6EB7mv7_UP08Gm-A6uqrS5ZNuasOe1DtzZHhABINfO6CNglQKgAZuI0Z8DyAECqQJompBcRK-zPqgDAcgDyQSqBNkBT9D_CNVdqJxCgdPXRb1kGwdvd_l3sY4YbUtrFoKP8qVZb_g_QUsV4TVeBN9arExYcDJSYHPuQE7eLrG7lnrjxyjrLjC6acCuZMn38ba0pNsWRTAKet9WioWQcobBGlblgMuSpFdrudJdcgRO3Amf2FxwhEhdPVwbtV0_oEVzEW3UkrukLwkXbxKrGfA40RzhHI1VOpWeRrcZONxGxz9kn6RX3RoF9omEhV9DiUTZeF4M4D-zJlVO8zhpQHoZgXQ7sTpSFxFQ3Tibo2OdsNJL7qAiz8fTZ90X8sAE35vM_60DkgUECAQYAZIFBAgFGASgBgKAB833rmCoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQ0cdj0ggJCIDhgBAQARgfgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTIxNTI2OTI0Njc5ODc5OTQYAA&sigh=Xx5L-nBcGk0

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2455198909&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047984&bpp=1&bdt=165&idt=113&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=713&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FK7qomR3oa&p=https%3A//mafiacorruption.give5.pl&dtd=116
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 25 Aug 2021 16:14:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 25 Aug 2021 16:14:08 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A694 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2455198909&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047984&bpp=1&bdt=165&idt=113&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=713&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FK7qomR3oa&p=https%3A//mafiacorruption.give5.pl&dtd=116
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkSUvvPSxmOJ2es8Q0Lw2v4oA9Vv7fF7LoALn-3w3RCoNFyWHkaPZHJLw2r2AA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2455198909&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047984&bpp=1&bdt=165&idt=113&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=713&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FK7qomR3oa&p=https%3A//mafiacorruption.give5.pl&dtd=116

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 25 Aug 2021 15:42:58 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1870
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A694
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkSUvvPSxmOJ2es8Q0Lw2v4oA9Vv7fF7LoALn-3w3RCoNFyWHkaPZHJLw2r2AA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 25 Aug 2021 16:14:08 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 25-Aug-2021 17:14:08 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 25 Aug 2021 16:14:08 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 25 Aug 2021 16:14:08 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0C33 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 03fcbeb3764df91a02a99830797cc541970d30b026d96d285a148f7e9df66d7c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UDeKqTBFYaEY2ioWtDs_l49rHnl3Z0jd0o7HlKSj4tA.js Show response
pagead2.googlesyndication.com/bg/ Frame 2A0A 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/UDeKqTBFYaEY2ioWtDs_l49rHnl3Z0jd0o7HlKSj4tA.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50378aa9304561a118da2a16b43b3f978f6b1e79776748ddd28ec794a4a3e2d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:07:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 426
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13427
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 15:08:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 25 Aug 2022 16:07:02 GMT

GET
H3-29 200 8107714642862708433
tpc.googlesyndication.com/simgad/ Frame 86EB 33 KB
33 KB 25ms
11ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8107714642862708433?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlMM4TxbSU-4z5TmHVsMt7ES7ki8Q

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aeefeaabef6721f20d248c2e1476aa942d9318ea58bf8abffda509f5c7af812e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 03:31:00 GMT
x-content-type-options: nosniff
last-modified: Mon, 23 Aug 2021 21:40:03 GMT
server: sffe
age: 132188
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33588
x-xss-protection: 0
expires: Wed, 24 Aug 2022 03:31:00 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210819/r20110914/ Frame 86EB 18 KB
7 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210819/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38cae7aa633433ce04ad15167696536fa0dfc233ea2f68d39cacfb288f5316c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:13:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7637
x-xss-protection: 0
server: cafe
etag: 2853818853078434854
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Sep 2021 16:13:29 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210819/r20110914/client/ Frame 86EB 2 KB
1 KB 18ms
7ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210819/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:13:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Sep 2021 16:13:14 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 86EB 124 KB
37 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dc00e6c10812518e5f101fdeef7624851e0431b4931d80e64470b576800f041

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629718280506303"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38186
x-xss-protection: 0
expires: Wed, 25 Aug 2021 16:14:08 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210819/r20110914/client/ Frame 86EB 14 KB
6 KB 19ms
7ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210819/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 165
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Sep 2021 16:11:23 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210819/r20110914/client/ Frame 86EB 26 KB
11 KB 20ms
8ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210819/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e70daf1f8bcfd0ed744b5f86ac162bda58f2d2db0e5b4ba93c3adec87ad09fe3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 15:14:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10771
x-xss-protection: 0
server: cafe
etag: 12253238251956766473
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Sep 2021 15:14:07 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 86EB 0
0 30ms
29ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CmDLBUGwmYePkBf2O7_UPleij2A2XmYDJZNuLsOe1DgoQASDXzugjYJUCoAGbiNGfA8gBAqkCCT5OK9Gysz6oAwHIA8kEqgTdAU_QSdHGxZ9J8ZgEFdDsxqkjJq-JFhOLmcVWOIIPeFU_PizyZQXBCwaczl2DPJwB5C7HPnaRco_-6Dg57C3_YoCMUSWrVnREThEA2TYuxAm5cbsqP4AE4W-TdDEYq8fF32OL2TJohW31elCANdrxNO16D06rTE_ZQbxgQxPzfF-w8MDP0Qlt43cxBCqe2eCZq6l0NGfZhQwOrOzScgcrD1rqhLXY7XXKjMekh2MtfaZqrHf6vGJa0uFhC78zTu_AJITkkpCxGJYgd-4hNABAK8gUFRLaLTNtLJAkUSFwwASd7bXdswOSBQQIBBgBkgUECAUYBKAGAoAHzfeuYKgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBCsnD_SCAkIgOGAEBABGB-ACgHICwHYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItMjE1MjY5MjQ2Nzk4Nzk5NBgA&sigh=cJRr_JmZG0g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 25 Aug 2021 16:14:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DA31 143 B
163 B 7ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkSUvvPSxmOJ2es8Q0Lw2v4oA9Vv7fF7LoALn-3w3RCoNFyWHkaPZHJLw2r2AA; DSID=NO_DATA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 25 Aug 2021 15:42:58 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1870
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 86EB 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 73e91bfc2a6744834569442724182238130fb3f697cad72fec7d5944a1005c67

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.mjs
cdn.ampproject.org/rtv/012108100143000/ Frame B586 188 KB
55 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108100143000/amp4ads-v0.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=6982997067&adk=3470165435&adf=3678850305&pi=t.ma~as.6982997067&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047983&bpp=1&bdt=164&idt=94&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=409&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=wwyUFNSqS7&p=https%3A//mafiacorruption.give5.pl&dtd=98

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 30069
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55213
x-xss-protection: 0
server: sffe
date: Wed, 25 Aug 2021 07:52:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "2f5786613d323c5a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Aug 2022 07:52:59 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012108100143000/v0/ Frame B586 13 KB
5 KB 43ms
17ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108100143000/v0/amp-ad-exit-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cce2d9e56822ca13d0bc323ca0d7a4a6205b58a7006eea4ca3256f77da7a6a0c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 30069
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4877
x-xss-protection: 0
server: sffe
date: Wed, 25 Aug 2021 07:52:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0140540fbe581c13"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Aug 2022 07:52:59 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012108100143000/v0/ Frame B586 89 KB
28 KB 43ms
18ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108100143000/v0/amp-analytics-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f5433df727188d43a64cda6f7060bc5117045b2cbcd1492a00183caff5f1ec

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 30069
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28511
x-xss-protection: 0
server: sffe
date: Wed, 25 Aug 2021 07:52:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "07ab47082d8b4bd2"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Aug 2022 07:52:59 GMT

GET
H2 200 amp-animation-0.1.mjs
cdn.ampproject.org/rtv/012108100143000/v0/ Frame B586 71 KB
16 KB 46ms
22ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108100143000/v0/amp-animation-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 30069
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16668
x-xss-protection: 0
server: sffe
date: Wed, 25 Aug 2021 07:52:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "93066ac4a12f382a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Aug 2022 07:52:59 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012108100143000/v0/ Frame B586 4 KB
2 KB 45ms
20ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108100143000/v0/amp-fit-text-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

607fe49372f521f5a6c6c7fcde31ebb07f017c1efea75cbbf167612641e006e7

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 30069
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1660
x-xss-protection: 0
server: sffe
date: Wed, 25 Aug 2021 07:52:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "758b6350805b356b"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Aug 2022 07:52:59 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012108100143000/v0/ Frame B586 40 KB
13 KB 45ms
21ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108100143000/v0/amp-form-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9dd189ef52ea74a10651864dd73d21639d99289fb8ca5be69df4aa29c81afc4d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 30069
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12835
x-xss-protection: 0
server: sffe
date: Wed, 25 Aug 2021 07:52:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e9aa942d03505fee"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Aug 2022 07:52:59 GMT

GET
DATA 200
OK truncated
/ Frame B586 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 820909dff1e6cfe0d0f0fbb79ab8d58bb7c38780100c556718a94b6c5252ed3f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B586 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 25 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 46490
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 26 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B586 295 B
319 B 7ms
7ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 25 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 11187
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 26 Aug 2021 13:07:41 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame B586 0
17 B 30ms
29ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cv7bcUGwmYfzpBbGQlQe3-bW4CZGJwtFkysPt2MoN0uHS4LIBEAEg187oI2CVAqABxeqZuQLIAQmpAmiakFxEr7M-qAMByAMIqgTbAU_QMlB9Rey4-qoylnSXArSq8701T69I9eQSsuZLciBruyP-FZIum8kwJZjvssYh8nldAeNn0HHgMjK06xpwh2YBbF3DL0dwiAcgREBy1q4zVg1ciesCK5Fa0pvKr_QpYUHJPE27K0L14_nGFze4HgmnuvksK5RV5OsYOIKGnfKTQNQHN4bYaBit-aYZ2j6UpsMEsOV5U86giKm2xNmrDzPajr7Xat3nsf1fWlN2hnhsD8Z3VpJrxlOyNpApwAznqMDW8WDqNdhJE7zTfurqCiAmiSvJ7VPeRwgDHMAEl6b_q88DkgUECAQYAZIFBAgFGASgBi6AB6OV5sYBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEENLdMNIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi0yMTUyNjkyNDY3OTg3OTk0GAA&sigh=jGw3ZH8AJCY&template_id=419

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=6982997067&adk=3470165435&adf=3678850305&pi=t.ma~as.6982997067&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047983&bpp=1&bdt=164&idt=94&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=409&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=wwyUFNSqS7&p=https%3A//mafiacorruption.give5.pl&dtd=98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 25 Aug 2021 16:14:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 bg.jpg
tpc.googlesyndication.com/sadbundle/16723386515083617089/img/ Frame B586 40 KB
40 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16723386515083617089/img/bg.jpg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22144e6ac935f379277d3bc566aeb86d406234238a459394517b47e2c0d520aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 17:02:49 GMT
x-content-type-options: nosniff
age: 169879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41421
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 14:28:18 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Aug 2022 17:02:49 GMT

GET
H3-29 200 text1.png
tpc.googlesyndication.com/sadbundle/16723386515083617089/img/ Frame B586 16 KB
16 KB 10ms
9ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16723386515083617089/img/text1.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92acecdc0bbfd1ff4afe814f28e789d7229e226f9eb4ee76e13741e78359e234

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 17:02:49 GMT
x-content-type-options: nosniff
age: 169879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15962
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 14:28:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Aug 2022 17:02:49 GMT

GET
H3-29 200 text2.png
tpc.googlesyndication.com/sadbundle/16723386515083617089/img/ Frame B586 13 KB
13 KB 12ms
11ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16723386515083617089/img/text2.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18712a8b8eb0235e2882dbb7cadabd45b4a21819527cfe21a17d74da1507e0dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 22:32:36 GMT
x-content-type-options: nosniff
age: 63692
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12930
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 14:28:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Aug 2022 22:32:36 GMT

GET
H3-29 200 logo.png
tpc.googlesyndication.com/sadbundle/16723386515083617089/img/ Frame B586 6 KB
6 KB 10ms
9ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16723386515083617089/img/logo.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3ec38817b053a57cc93275cf50b2ef3858a3dfaaf990b4715671b128a9901d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 17:02:49 GMT
x-content-type-options: nosniff
age: 169879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5917
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 14:28:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Aug 2022 17:02:49 GMT

GET
H3-29 200 cta.png
tpc.googlesyndication.com/sadbundle/16723386515083617089/img/ Frame B586 3 KB
3 KB 11ms
11ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16723386515083617089/img/cta.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

666f20c3753fdd39a027dbf5db3b637321255678a2f13875822d6681bfac82f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 17:02:49 GMT
x-content-type-options: nosniff
age: 169879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2764
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 14:28:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Aug 2022 17:02:49 GMT

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame DA31
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkSUvvPSxmOJ2es8Q0Lw2v4oA9Vv7fF7LoALn-3w3RCoNFyWHkaPZHJLw2r2AA; DSID=NO_DATA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 25 Aug 2021 16:14:08 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 25-Aug-2021 17:14:08 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 25 Aug 2021 16:14:08 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 25 Aug 2021 16:14:08 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 UDeKqTBFYaEY2ioWtDs_l49rHnl3Z0jd0o7HlKSj4tA.js Show response
pagead2.googlesyndication.com/bg/ Frame FE99 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/UDeKqTBFYaEY2ioWtDs_l49rHnl3Z0jd0o7HlKSj4tA.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=1318854264&adk=2078529032&adf=2772626519&pi=t.ma~as.1318854264&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047978&bpp=5&bdt=160&idt=73&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=3936441343499&frm=20&pv=2&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=930IsEHxAn&p=https%3A//mafiacorruption.give5.pl&dtd=93

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50378aa9304561a118da2a16b43b3f978f6b1e79776748ddd28ec794a4a3e2d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:07:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 426
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13427
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 15:08:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 25 Aug 2022 16:07:02 GMT

GET
H3-29 200 sodar
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 35ms
21ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210819&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8450
x-xss-protection: 0

GET
H3-29 200 amp4ads-host-v0.js
cdn.ampproject.org/rtv/012108100143000/ 20 KB
7 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108100143000/amp4ads-host-v0.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 96695
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: sffe
date: Tue, 24 Aug 2021 13:22:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a074324ef190b333"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Aug 2022 13:22:33 GMT

GET
H2 200 1
servicer.mgid.com/853142/ 5 KB
2 KB 78ms
77ms Script
application/x-javascript 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.mgid.com/853142/1?pv=5&cbuster=162990804892129116508&uniqId=02cf8&niet=4g&nisd=false&jsv=es6&w=730&h=686&cols=3&ref=https%3A%2F%2F654.pl%2F&cxurl=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&pr=654.pl&lu=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&sessionId=61266c50-047a6&pageView=1&pvid=17b7e171a2ab3dea4d1&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 68461c99cf6500b2-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B586 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012108100143000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 25 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 46490
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 26 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B586 295 B
319 B 8ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012108100143000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 25 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 11187
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 26 Aug 2021 13:07:41 GMT

GET
H3-29 200 bg.jpg
tpc.googlesyndication.com/sadbundle/16723386515083617089/img/ Frame B586 40 KB
40 KB 8ms
6ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16723386515083617089/img/bg.jpg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012108100143000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 17:02:49 GMT
x-content-type-options: nosniff
age: 169879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41421
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 14:28:18 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Aug 2022 17:02:49 GMT

GET
H3-29 200 text1.png
tpc.googlesyndication.com/sadbundle/16723386515083617089/img/ Frame B586 16 KB
16 KB 9ms
8ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16723386515083617089/img/text1.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012108100143000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 17:02:49 GMT
x-content-type-options: nosniff
age: 169879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15962
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 14:28:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Aug 2022 17:02:49 GMT

GET
H3-29 200 text2.png
tpc.googlesyndication.com/sadbundle/16723386515083617089/img/ Frame B586 13 KB
13 KB 10ms
9ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16723386515083617089/img/text2.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012108100143000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 22:32:36 GMT
x-content-type-options: nosniff
age: 63692
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12930
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 14:28:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Aug 2022 22:32:36 GMT

GET
H3-29 200 logo.png
tpc.googlesyndication.com/sadbundle/16723386515083617089/img/ Frame B586 6 KB
6 KB 10ms
9ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16723386515083617089/img/logo.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012108100143000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 17:02:49 GMT
x-content-type-options: nosniff
age: 169879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5917
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 14:28:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Aug 2022 17:02:49 GMT

GET
H3-29 200 cta.png
tpc.googlesyndication.com/sadbundle/16723386515083617089/img/ Frame B586 3 KB
3 KB 10ms
10ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/16723386515083617089/img/cta.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012108100143000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 17:02:49 GMT
x-content-type-options: nosniff
age: 169879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2764
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 14:28:18 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Aug 2022 17:02:49 GMT

GET
H3-29 200 sodar2.js
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Wed, 25 Aug 2021 16:14:08 GMT

GET
H3-29 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 8861 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mafiacorruption.give5.pl/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://mafiacorruption.give5.pl/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Wed, 25 Aug 2021 16:13:40 GMT
expires: Thu, 25 Aug 2022 16:13:40 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 28
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe
www.google.com/recaptcha/api2/ Frame 8029 783 B
531 B 16ms
16ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-xh69hHeZHpHR4+maHhbCfg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mafiacorruption.give5.pl/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://mafiacorruption.give5.pl/

Response headers

expires: Wed, 25 Aug 2021 16:14:08 GMT
date: Wed, 25 Aug 2021 16:14:08 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-xh69hHeZHpHR4+maHhbCfg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 UDeKqTBFYaEY2ioWtDs_l49rHnl3Z0jd0o7HlKSj4tA.js
pagead2.googlesyndication.com/bg/ Frame 8861 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/UDeKqTBFYaEY2ioWtDs_l49rHnl3Z0jd0o7HlKSj4tA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:07:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 427
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13427
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 15:08:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 25 Aug 2022 16:07:02 GMT

GET
H3-29 200 MGID_plus.svg
cdn.mgid.com/images/logos/ 2 KB
1 KB 27ms
26ms Image
image/svg+xml 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/MGID_plus.svg
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
content-encoding: br
cf-cache-status: HIT
age: 432
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 26D5PESFJ3W3C6DA
x-amz-id-2: eutjixPqny2kLtVDkSPgrFz3u2lxc4FXrDErS9xMhTrXgSAmhHeBctWPt+h98HIq6AOxJRjeSOM=
last-modified: Tue, 23 Feb 2021 16:22:15 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1614097325/ctime:1614097325/gid:0/gname:root/md5:f7525f3a5f32c6f4a8e9867e9f57ab45/mode:33206/mtime:1614097325/uid:0/uname:root
etag: W/"f7525f3a5f32c6f4a8e9867e9f57ab45"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 68461c9a9db90c11-AMS
expires: Thu, 26 Aug 2021 16:14:09 GMT

GET
H3-29 200 Adchoices.svg
cdn.mgid.com/images/logos/ 836 B
1 KB 27ms
27ms Image
image/svg+xml 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
content-encoding: br
cf-cache-status: HIT
age: 2116
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 50VWJQBT5W4QYKJG
x-amz-id-2: xhXkWrQ90G/ebA55GK4VP5V6mncDrGDeipe5cahYa8kJ+JMUWbxTCzXMUo5ci9AAJm/Ct0tTCXE=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 68461c9a9dbb0c11-AMS
expires: Thu, 26 Aug 2021 16:14:09 GMT

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90Yy8yMDE5LTA2LzEwMTkyNC8zNjMwNThmNGE5ZDNhOTI3ZjczOWIyZWQzNmYzNjkwNi5qcGVn.webp
s-img.mgid.com/g/8193537/492x328/0x168x510x340/ 47 KB
48 KB 81ms
36ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8193537/492x328/0x168x510x340/aHR0cDovL2ltZ2hvc3RzLmNvbS90Yy8yMDE5LTA2LzEwMTkyNC8zNjMwNThmNGE5ZDNhOTI3ZjczOWIyZWQzNmYzNjkwNi5qcGVn.webp?v=1629908048-1PbtODdb73bYcupOdTFHXvlmN-QvhFcyXbyPUJQbjlM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 10:46:54 GMT
x-mg-request-uuid: 00d4c6c6-cba3-485d-9ffd-bc51a6bdfe92
age: 172093
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 68461c9ad9790c19-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 48248
server: cloudflare

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDIvMTAxOTI0L2ZkNzY2MWU0NDcxOTUxMTUxODVlZGNlZjI0MWVjZWRkLnBuZw.webp
s-img.mgid.com/g/8164849/492x328/0x131x607x404/ 18 KB
18 KB 110ms
66ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8164849/492x328/0x131x607x404/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDIvMTAxOTI0L2ZkNzY2MWU0NDcxOTUxMTUxODVlZGNlZjI0MWVjZWRkLnBuZw.webp?v=1629908048-AibWnPOX6io1wZQBZNQ18kQMphVF3vcm6CfuW513CPI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 11:26:37 GMT
x-mg-request-uuid: d733a342-3744-4136-99a8-660a10c9fb59
age: 172069
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 68461c9ae97c0c19-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 18512
server: cloudflare

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDUvMTAxOTI0LzFjMDgwZWRhYWYxOGQwYWFhZmI4NDNjMWJjZTZkZDhkLnBuZw.webp
s-img.mgid.com/g/8193536/492x328/24x0x530x353/ 15 KB
15 KB 114ms
70ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8193536/492x328/24x0x530x353/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDUvMTAxOTI0LzFjMDgwZWRhYWYxOGQwYWFhZmI4NDNjMWJjZTZkZDhkLnBuZw.webp?v=1629908048-g2xJ75zyzq17Pls3m3kR0rA-eVpyrBiwKE1cSpLwiAY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 11:48:10 GMT
x-mg-request-uuid: 8a3d4fab-d51e-42f8-b0b4-d0fe0d43a5df
age: 156410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 68461c9ae97d0c19-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 15088
server: cloudflare

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0L2M0NjQ1ZjgwN2MzMDJlZmNiYzQxZWVhZWRmNGE5MmZjLmpwZw.webp
s-img.mgid.com/g/8193521/492x328/0x168x565x376/ 12 KB
12 KB 105ms
61ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8193521/492x328/0x168x565x376/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0L2M0NjQ1ZjgwN2MzMDJlZmNiYzQxZWVhZWRmNGE5MmZjLmpwZw.webp?v=1629908048-7qMsdqri4eF51Qh5_fdK4DMLcQDsCqZAl0vmf4QD5Gs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 10:57:58 GMT
x-mg-request-uuid: ea6f06a3-b4d5-4aa9-9d32-a515d887c49c
age: 165055
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 68461c9ae97f0c19-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 12298
server: cloudflare

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzcyYTQ1NjNjYzFmY2Y5MjAwOWYzMGZkYThiZjFiMGFhLmpwZWc.webp
s-img.mgid.com/g/8164865/492x328/0x0x900x600/ 21 KB
22 KB 115ms
72ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8164865/492x328/0x0x900x600/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzcyYTQ1NjNjYzFmY2Y5MjAwOWYzMGZkYThiZjFiMGFhLmpwZWc.webp?v=1629908048-EL_t5cbWN_vFK6iOF61Ew18vLyBu1YzuFmr8qdwHiX8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 11:33:59 GMT
x-mg-request-uuid: 8cda0193-9d2a-412d-80b6-6b957f8eabf3
age: 183088
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 68461c9ae9800c19-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 21960
server: cloudflare

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0L2ZkNjNmZDY4NmUwMGVjZTk0NWNkZmI5MzgzOWVkMmEzLmpwZWc.webp
s-img.mgid.com/g/8164911/492x328/32x5x928x618/ 6 KB
7 KB 115ms
72ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8164911/492x328/32x5x928x618/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0L2ZkNjNmZDY4NmUwMGVjZTk0NWNkZmI5MzgzOWVkMmEzLmpwZWc.webp?v=1629908048-YzT2jEO3egegH7L0O-HhsSfLA60NB5jKA-0Szcucqb0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 11:25:56 GMT
x-mg-request-uuid: 4f33f533-eff0-4f3b-b8de-c6d3c1f0c80b
age: 172093
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 68461c9ae9840c19-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6566
server: cloudflare

GET
H2 200 i.js
cm.mgid.com/ 1 KB
854 B 74ms
73ms Script
application/javascript 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i.js?&cbuster=1629908049146617909472
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:09 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-mg-request-uuid: 86d77496-2996-4036-a06e-541ea2ecf586
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 68461c9b394200b2-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare

GET
H2 200 i-noref.js
cm.mgid.com/ Frame D02E 19 B
173 B 72ms
71ms Script
application/javascript 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i-noref.js?cbuster=1629908049159462420445
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:09 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-mg-request-uuid: d6bea5ac-30d5-40c7-b7e4-f9f99d6f5d47
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 68461c9b496c00b2-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare

GET
H3-29 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 97ms
96ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210819&jk=1427629707503814&bg=!f3ylfDjNAAYXVutgF1Y7ACkAdvg8WkEnloi8D0tVAZTOkifE9A7l81sucQzoq7n1qHslyAkQiDWShAIAAAB8UgAAABJoAQcKAPZ-AcMfQnzE4h8yvsWCoQYOSOHjZMthEXVaMftMk0SOQqsLrIDLh1RxFuVBv6CFhG2OdUw9sHnEGr1RMIDnTymu4pQuRb0S8qmv1cKdn9q9lmRuPYQDJhiQ6lLkBh8uTVgt3ZhFdfBpx0fBhynepjwZ1WZ2QDGwFbdSXm585m90awjGZhFlhglraXXL4MmeRl8CDkt0HWArdck7umnY9LIBRBRzuvbdoF3jklFdszxThrt_nXCxWFubl_mFWGRq_r43Y4BGnxM_rucgjr7jp2rbxqr2KmJ5AD89LfyR2JdpmWvbGm2M4BF0sc8kbD3uG6NlK7olaWCZApfY0Ge84wl6KCfyIvDxZsdRmcDNCN6bz4Vc5WRqnmIG2aER_tLHzDfMfpowBzOio3EuLqLs8alGqSuDBsCVrNKaGYeMVh6mi0ZBQJFufICqdP-8CuJVL-9e8GfxxkvvWM4p4A8wzkarGi9xV-GjjKO50oP39tvFw7DKd3bFnDOEI0q2JIvWRVJcad-Ons0CBJnuNXQetQvzOYi3xYJVx1cGnfcMopjyAYovhIAhXDenIYJoBYADHmImSPisNIjz6ngA-xkzuUHbFFAHWR1Qf67wrHdHPAgGyX6UgSzTKOSXR6hnQzkD3PYzluQkd3SyPHLW-AA8C7qm9tfr4d2U297mfkhsdEYzdozSCj45iCoZvAgixiIaZE8lW1FQQBd7HGAC8CARs-BXJzDTKEOhOcHFQm2-n9ALPF09Rm8Yt31E6k8_kSBDSLaSGTtNj91_JpNjVgXMz3jRsMToIcafQbTD2QaQSG5c47D0AtQ0V4hSBT3Qa0U5BA162YAkQUqE9WzW6sKm12bL0z7SdwGobV58mHMSjKchkwWfgSfnakz5S4JPEqwr4--a1aee4EQPcyi_wgLgCwLbWeI7yPW9EF0Zd3_htTmE-v__yTHoEHuN0Zudusmt2taFIoH5IhlxTjbzlNAr0xCC3FeI8MgoUJy_fwXYbIs6U6s7iwQzSKYITTJtsRWlnSSJlp5RjAOyNVfyf9cqxn4aUcjrwRIInpr1Vigv7CVXMfkzsV8NypBdtVsT_OD622NEPuBsvs4yb1R3XT_vKtwr0BmmJAqG8feHOH6FXCDdaWgrLTgiPLmQ9Mllx1WdmYouKG_u29AbXnf0aSLKUO2U6MgnNdjrc1bSUIfmfCFWGA92A5ef9oPI83Ug8rnsGGk
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 beacon.js
sb.scorecardresearch.com/ 1 KB
1 KB 109ms
35ms Script
application/javascript 13.224.96.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-37.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 15:56:02 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 1087
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 7e81b1a3e22ce96cdfb0b6c2db121d58.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: QmLF01L9EYWDqvihPVXTHA2lYPc8zhSVROASOONR9xsr1UADf73kqQ==

GET
H3-29 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90Yy8yMDE5LTA2LzEwMTkyNC8zNjMwNThmNGE5ZDNhOTI3ZjczOWIyZWQzNmYzNjkwNi5qcGVn.webp
s-img.mgid.com/g/8193537/492x328/0x168x510x340/ 47 KB
48 KB 79ms
53ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8193537/492x328/0x168x510x340/aHR0cDovL2ltZ2hvc3RzLmNvbS90Yy8yMDE5LTA2LzEwMTkyNC8zNjMwNThmNGE5ZDNhOTI3ZjczOWIyZWQzNmYzNjkwNi5qcGVn.webp?v=1629908048-1PbtODdb73bYcupOdTFHXvlmN-QvhFcyXbyPUJQbjlM
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 10:46:54 GMT
x-mg-request-uuid: 00d4c6c6-cba3-485d-9ffd-bc51a6bdfe92
age: 172093
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 68461c9bb85e4c97-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 48248
server: cloudflare

GET
H3-29 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDIvMTAxOTI0L2ZkNzY2MWU0NDcxOTUxMTUxODVlZGNlZjI0MWVjZWRkLnBuZw.webp
s-img.mgid.com/g/8164849/492x328/0x131x607x404/ 18 KB
19 KB 97ms
72ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8164849/492x328/0x131x607x404/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDIvMTAxOTI0L2ZkNzY2MWU0NDcxOTUxMTUxODVlZGNlZjI0MWVjZWRkLnBuZw.webp?v=1629908048-AibWnPOX6io1wZQBZNQ18kQMphVF3vcm6CfuW513CPI
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 11:26:37 GMT
x-mg-request-uuid: d733a342-3744-4136-99a8-660a10c9fb59
age: 172069
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 68461c9bb85a4c97-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 18512
server: cloudflare

GET
H3-29 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDUvMTAxOTI0LzFjMDgwZWRhYWYxOGQwYWFhZmI4NDNjMWJjZTZkZDhkLnBuZw.webp
s-img.mgid.com/g/8193536/492x328/24x0x530x353/ 15 KB
15 KB 70ms
45ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8193536/492x328/24x0x530x353/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDUvMTAxOTI0LzFjMDgwZWRhYWYxOGQwYWFhZmI4NDNjMWJjZTZkZDhkLnBuZw.webp?v=1629908048-g2xJ75zyzq17Pls3m3kR0rA-eVpyrBiwKE1cSpLwiAY
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 11:48:10 GMT
x-mg-request-uuid: 8a3d4fab-d51e-42f8-b0b4-d0fe0d43a5df
age: 156410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 68461c9bb8594c97-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 15088
server: cloudflare

GET
H3-29 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0L2M0NjQ1ZjgwN2MzMDJlZmNiYzQxZWVhZWRmNGE5MmZjLmpwZw.webp
s-img.mgid.com/g/8193521/492x328/0x168x565x376/ 12 KB
13 KB 57ms
33ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8193521/492x328/0x168x565x376/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0L2M0NjQ1ZjgwN2MzMDJlZmNiYzQxZWVhZWRmNGE5MmZjLmpwZw.webp?v=1629908048-7qMsdqri4eF51Qh5_fdK4DMLcQDsCqZAl0vmf4QD5Gs
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 10:57:58 GMT
x-mg-request-uuid: ea6f06a3-b4d5-4aa9-9d32-a515d887c49c
age: 165055
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 68461c9bb85c4c97-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 12298
server: cloudflare

GET
H3-29 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzcyYTQ1NjNjYzFmY2Y5MjAwOWYzMGZkYThiZjFiMGFhLmpwZWc.webp
s-img.mgid.com/g/8164865/492x328/0x0x900x600/ 21 KB
22 KB 115ms
91ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8164865/492x328/0x0x900x600/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzcyYTQ1NjNjYzFmY2Y5MjAwOWYzMGZkYThiZjFiMGFhLmpwZWc.webp?v=1629908048-EL_t5cbWN_vFK6iOF61Ew18vLyBu1YzuFmr8qdwHiX8
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 11:33:59 GMT
x-mg-request-uuid: 8cda0193-9d2a-412d-80b6-6b957f8eabf3
age: 183088
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 68461c9bb8604c97-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 21960
server: cloudflare

GET
H3-29 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0L2ZkNjNmZDY4NmUwMGVjZTk0NWNkZmI5MzgzOWVkMmEzLmpwZWc.webp
s-img.mgid.com/g/8164911/492x328/32x5x928x618/ 6 KB
7 KB 96ms
72ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8164911/492x328/32x5x928x618/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0L2ZkNjNmZDY4NmUwMGVjZTk0NWNkZmI5MzgzOWVkMmEzLmpwZWc.webp?v=1629908048-YzT2jEO3egegH7L0O-HhsSfLA60NB5jKA-0Szcucqb0
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Origin: https://mafiacorruption.give5.pl
Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 11:25:56 GMT
x-mg-request-uuid: 4f33f533-eff0-4f3b-b8de-c6d3c1f0c80b
age: 172093
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 68461c9bb85d4c97-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6566
server: cloudflare

GET
H/1.1 200
OK sync.html
s.adtelligent.com/ Frame 7881 1 KB
892 B 78ms
23ms Document
text/html 2a0c:5c81:5139::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=658327
Requested by: Host: cm.mgid.com
URL: https://cm.mgid.com/i.js?&cbuster=1629908049146617909472
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5139::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash

Request headers

Host: s.adtelligent.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://mafiacorruption.give5.pl/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://mafiacorruption.give5.pl/

Response headers

Server: VertaMedia 1.0
Date: Wed, 25 Aug 2021 16:14:09 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 600
Access-Control-Allow-Origin: https://mafiacorruption.give5.pl
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Encoding: gzip

GET
H/1.1

200
OK

usync.html
eus.rubiconproject.com/ Frame 5CA4
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=mgid&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu

281 B
554 B

73ms
24ms

Document
text/html

23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu
Requested by: Host: cm.mgid.com
URL: https://cm.mgid.com/i.js?&cbuster=1629908049146617909472
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://mafiacorruption.give5.pl/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://mafiacorruption.give5.pl/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 25 Aug 2021 16:14:09 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu
Date: Wed, 25 Aug 2021 16:14:09 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H3-29

200

google
cm.mgid.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bDdwOHl4SEN4Q2U5&muidn=l7p8yxHCxCe9
https://cm.mgid.com/google?muidn=l7p8yxHCxCe9&google_ula={guid},5&google_gid=CAESEK9vvxwU-HD-ymrp_pVrTmM&google_cver=1

0
369 B

68ms
68ms

Image
text/plain

104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/google?muidn=l7p8yxHCxCe9&google_ula={guid},5&google_gid=CAESEK9vvxwU-HD-ymrp_pVrTmM&google_cver=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:09 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: text/plain
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 68461c9c48160c11-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.mgid.com/google?muidn=l7p8yxHCxCe9&google_ula={guid},5&google_gid=CAESEK9vvxwU-HD-ymrp_pVrTmM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 327
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

bidswitch
event.clientgear.com/cookie/
Redirect Chain

https://x.bidswitch.net/sync?ssp=mgid
https://x.bidswitch.net/ul_cb/sync?ssp=mgid
https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=mgid&bsw_custom_parameter=f79f9367-d378-48f8-b508-ee0d05b4f4ad

0
0

GET
H3-29

200

m
cm.mgid.com/
Redirect Chain

https://creativecdn.com/cm-notify?pi=mgid
https://creativecdn.com/cm-notify?pi=mgid&tc=1
https://cm.mgid.com/m?cdsp=501037&c=Lf9OSdO350TqAfnH5sIx&pi=mgid&tc=1

43 B
506 B

87ms
87ms

Image
image/gif

104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=501037&c=Lf9OSdO350TqAfnH5sIx&pi=mgid&tc=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 44d24b96-b335-41e9-a5cc-ecf82e0c3457
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 68461c9c3ff60c11-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare

Redirect headers

location: https://cm.mgid.com/m?cdsp=501037&c=Lf9OSdO350TqAfnH5sIx&pi=mgid&tc=1
pragma: no-cache
date: Wed, 25 Aug 2021 16:14:09 GMT, Wed, 25 Aug 2021 16:14:09 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 /
cm.idealmedia.io/setmuidn/ 0
414 B 148ms
93ms Image
image/gif 104.16.221.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.idealmedia.io/setmuidn/?muidf=l7p8yxHCxCe9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.221.74 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 68461c9c184afa20-AMS
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif

GET
H/1.1

204
No Content

bidswitch.gif
sync.admanmedia.com/
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=303&user_id=l7p8yxHCxCe9
https://x.bidswitch.net/ul_cb/sync?dsp_id=303&user_id=l7p8yxHCxCe9
https://sync.admanmedia.com/bidswitch.gif?puid=f79f9367-d378-48f8-b508-ee0d05b4f4ad&redir=[RED]

0
103 B

280ms
90ms

Image
text/plain

8.2.110.24
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.admanmedia.com/bidswitch.gif?puid=f79f9367-d378-48f8-b508-ee0d05b4f4ad&redir=[RED]
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.2.110.24 , United States, ASN46636 (NATCOWEB, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Connection: keep-alive
Date: Wed, 25 Aug 2021 16:14:09 GMT
Server: nginx

Redirect headers

location: //sync.admanmedia.com/bidswitch.gif?puid=f79f9367-d378-48f8-b508-ee0d05b4f4ad&redir=[RED]
date: Wed, 25 Aug 2021 16:14:09 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3-29

200

m
cm.mgid.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=omn67hl&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=omn67hl&ttd_tpi=1
https://cm.mgid.com/m?cdsp=371158&c=2ccdabd0-dcaa-4143-a62a-f20ee9d1fd2c&ttl=1632500049

43 B
506 B

69ms
69ms

Image
image/gif

104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=371158&c=2ccdabd0-dcaa-4143-a62a-f20ee9d1fd2c&ttl=1632500049
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 33d4626a-4d1d-48b0-80f3-687ce2eb3387
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 68461c9ca8b90c11-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare

Redirect headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:09 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.mgid.com/m?cdsp=371158&c=2ccdabd0-dcaa-4143-a62a-f20ee9d1fd2c&ttl=1632500049
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 205

GET
H/1.1

204
No Content

sync.php
pixel.rubiconproject.com/exchange/
Redirect Chain

https://sync.e-volution.ai/34b9aae5baa016b251b9fc488f4a97cd.gif?puid=l7p8yxHCxCe9
https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=&gdpr_consent=&us_privacy=

0
239 B

101ms
26ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=&gdpr_consent=&us_privacy=
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 25 Aug 2021 16:14:09 GMT
Server: nginx
Transfer-Encoding: chunked
Location: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=&gdpr_consent=&us_privacy=
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Expires: 0

GET
H2 200 /
cm.lentainform.com/setmuidn/ 0
496 B 121ms
66ms Image
image/gif 104.19.217.61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.lentainform.com/setmuidn/?muidf=l7p8yxHCxCe9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.217.61 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 68461c9c0b1a00d6-AMS
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2

200

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=15208452&c3=110&ns__t=1629908049299&ns_c=UTF-8&cv=3.5&c8=Buzz%20news&c7=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&c9=https%3A%2F%2F65...
https://sb.scorecardresearch.com/b2?c1=7&c2=15208452&c3=110&ns__t=1629908049299&ns_c=UTF-8&cv=3.5&c8=Buzz%20news&c7=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&c9=https%3A%2F%2F6...

64 B
328 B

43ms
43ms

Image
image/gif

13.224.96.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=15208452&c3=110&ns__t=1629908049299&ns_c=UTF-8&cv=3.5&c8=Buzz%20news&c7=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&c9=https%3A%2F%2F654.pl%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-37.zrh50.r.cloudfront.net
Software: /
Resource Hash

Request headers

Referer: https://mafiacorruption.give5.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 16:14:09 GMT
via: 1.1 7e81b1a3e22ce96cdfb0b6c2db121d58.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: 0_4RWSsR243R33XGxUoVtzme0OzetiF5WqrslT59WwHy9zZpenS6Ig==

Redirect headers

date: Wed, 25 Aug 2021 16:14:09 GMT
via: 1.1 7e81b1a3e22ce96cdfb0b6c2db121d58.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=7&c2=15208452&c3=110&ns__t=1629908049299&ns_c=UTF-8&cv=3.5&c8=Buzz%20news&c7=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&c9=https%3A%2F%2F654.pl%2F
content-length: 227
x-amz-cf-id: meejbh6qRbwexBGRzz3EDNkBkSoBwVcosMWovZyn4oV3f36IvY8rkw==

GET
H3-29

200

m
cm.mgid.com/ Frame 7881
Redirect Chain

https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D617666%26c%3D%7Buid%7D
https://cm.mgid.com/m?cdsp=617666&c=215a9ab83b2b3e48

43 B
522 B

74ms
73ms

Image
image/gif

104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=617666&c=215a9ab83b2b3e48
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=658327
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:09 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: c364c262-feb8-48c3-b168-7c5296f872c6
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 68461c9f3c8d0c11-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare

Redirect headers

Location: https://cm.mgid.com/m?cdsp=617666&c=215a9ab83b2b3e48
Date: Wed, 25 Aug 2021 16:14:09 GMT
Server: VertaMedia 1.0
Etag: 215a9ab83b2b3e48
Content-Length: 0

GET
H/1.1 200
OK usync.js
eus.rubiconproject.com/ Frame 5CA4 31 KB
10 KB 25ms
25ms Script
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Referer: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 25 Aug 2021 16:14:09 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Aug 2021 22:28:41 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=30168
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9355
Expires: Thu, 26 Aug 2021 00:36:57 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 5CA4 284 B
536 B 101ms
26ms Image
image/jpg 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/jpg

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0C33 42 B
64 B 29ms
28ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuBem4WszwMCVX7E6IDuZKI8KtYQMLM-JWCkSqmwwlWsHzaD88A5kMhT0jdRkPvZUPjzvyFlNboH2QB6_k5_Ok20Ugkdoihf-9thNzqko20urAv0P6dMRF51246jw&sai=AMfl-YQUmZ-TYzj0zIOmkbVhG9E3zxIgoeJ-wWm2fzTWWINAb9wwazvFtAD0HJYgVEi42GNchNkpiXt89_Ql&sig=Cg0ArKJSzOLHq6Pj_vzuEAE&id=lidar2&mcvt=1001&p=713,1012,993,1348&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210823&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=2078529032&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1629908048101&rpt=450&msd=0&r=v&speed=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 86EB 42 B
64 B 28ms
28ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstkXUURy2V4Hkk-4Crhr439ww3SugNTpDzavm17Nd1wXBuR4tpMpx8DB5yw5N496qq7L9peScOfNWhKlDchVPHEOYgNlvO4NU15qcSap8Xw__B6APdJBM76Jo1F2g&sai=AMfl-YTXkSMq4f5j5eSBNNnBmVdu8rTjiEX0CwKjZgyep6RFeuTo2h_BbtpXO1irKzbu-UmGt3SaDJwm-KTM&sig=Cg0ArKJSzJ_IvX1o4JAfEAE&id=lidar2&mcvt=1001&p=105,1012,385,1348&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210823&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=2078529032&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1629908048072&dlt=368&rpt=677&msd=0&r=v&speed=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame B586 42 B
64 B 31ms
31ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuP-rGMs84lUkZRmuXblFpdrpTuJfZ5ob5dGUar2rLqT87P3ZG8viJn19M8g0kxwKqxS2esbO_66WTAjSGCfsjy0mEQVbvWieu_ZDMqLBfpx0r1TgZ9T-6YE0GrYw&sai=AMfl-YSPV_19GUgQqjytRzt-zpAVE68-dr8ObEjXqCxp-TKvcoJjvOOk36DsLevL00grS9iUm0iJAv6aymQY&sig=Cg0ArKJSzMWUNI3Vj-_YEAE&id=ampim&o=1005,409&d=336,280&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=110&tls=1110&g=100&h=100&tt=1111&r=v&avms=ampa&adk=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Aug 2021 16:14:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: event.clientgear.com
URL: https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=mgid&bsw_custom_parameter=f79f9367-d378-48f8-b508-ee0d05b4f4ad

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/012108100143000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2108100143000 https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2152692467987994&output=html&h=280&slotname=6982997067&adk=3470165435&adf=3678850305&pi=t.ma~as.6982997067&w=350&fwrn=4&fwrnh=100&lmt=1629736217&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fmafiacorruption.give5.pl%2Fbuzz.html%3Fqid%3Dali&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629908047983&bpp=1&bdt=164&idt=94&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=3936441343499&frm=20&pv=1&ga_vid=2127091300.1629908048&ga_sid=1629908048&ga_hid=318661384&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=409&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062314%2C31062370%2C31062297&oid=3&pvsid=1427629707503814&ref=https%3A%2F%2F654.pl%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=wwyUFNSqS7&p=https%3A//mafiacorruption.give5.pl&dtd=98
console-api	debug	URL: https://jsc.mgid.com/m/a/mafiacorruption.give5.pl.853142.es6.js(Line 1) Message: [object HTMLImageElement]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

654.pl
adservice.google.com
adservice.google.de
buzz.give5.pl
c.mgid.com
cdn.ampproject.org
cdn.jsdelivr.net
cdn.mgid.com
cm.g.doubleclick.net
cm.idealmedia.io
cm.lentainform.com
cm.mgid.com
code.jquery.com
creativecdn.com
eus.rubiconproject.com
event.clientgear.com
googleads.g.doubleclick.net
jsc.mgid.com
mafiacorruption.give5.pl
match.adsrvr.org
mybetterdl.com
mysterscience.com
p226681.mybetterdl.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
s-img.mgid.com
s.adtelligent.com
sb.scorecardresearch.com
secure-assets.rubiconproject.com
servicer.mgid.com
stackpath.bootstrapcdn.com
sync.admanmedia.com
sync.adtelligent.com
sync.e-volution.ai
token.rubiconproject.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
event.clientgear.com
104.16.221.74
104.19.132.78
104.19.133.78
104.19.217.61
109.206.188.82
13.224.96.37
13.248.242.197
142.250.186.162
142.250.186.66
173.192.101.24
173.239.8.164
185.184.8.65
2001:4de0:ac18::1:a:3a
213.189.52.246
23.37.42.132
2606:4700:3031::ac43:81ea
2606:4700:3036::ac43:9acc
2606:4700::6812:acf
2a00:1450:4001:800::2002
2a00:1450:4001:800::200e
2a00:1450:4001:801::2008
2a00:1450:4001:808::2001
2a00:1450:4001:811::2001
2a00:1450:4001:811::2002
2a00:1450:4001:827::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2004
2a00:1450:4001:831::2002
2a04:4e42:3::485
2a0c:5c81:5139::2
35.156.90.40
62.149.0.72
69.173.144.139
69.173.144.165
8.2.110.24
03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0
03fcbeb3764df91a02a99830797cc541970d30b026d96d285a148f7e9df66d7c
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0e070e656e40406177347b878179c4814ff3879184eb180d8c7d498e7212396b
1572aa8681bd55ad45761b32225431e257f7040bdba813e640923ed86983e47e
17580c0d86278594ab917e09006107e451ce37c1aa8c3cbccbc095d3a96bc367
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18712a8b8eb0235e2882dbb7cadabd45b4a21819527cfe21a17d74da1507e0dc
1ef6d55b70dbb8831f081f2b1501c3765f4ac5eac3b17a6beec56ab3fdbcec9c
1f66d6d09c6d53dbbe999a017d272955497783df2171eed16f9824bd4cd6cbac
20e710297e7b5612ef924477653bd97f9a437e3ebaefd4d49efd78c1768cf383
22144e6ac935f379277d3bc566aeb86d406234238a459394517b47e2c0d520aa
26113d04732be9552fe52b6e082b686f3e49f25a513f4c5add3daab5bb514a4a
2749b5144ed7b364f84d1d5876b1274859fff55570f757a7627ebf8573b3706a
2dc00e6c10812518e5f101fdeef7624851e0431b4931d80e64470b576800f041
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
38cae7aa633433ce04ad15167696536fa0dfc233ea2f68d39cacfb288f5316c4
50378aa9304561a118da2a16b43b3f978f6b1e79776748ddd28ec794a4a3e2d0
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
5aa663f8458f01ab15616d92c2bdee48560c240a0d0c5fd9c7cecc63111f203b
5d4150eb301ce09dde890f20a68175f547dccfc5a71daff184cb2f180b89fd98
607fe49372f521f5a6c6c7fcde31ebb07f017c1efea75cbbf167612641e006e7
64e2dba31f78b874b8954afc77c62e12eec615835861d10d42592e2745bd8d72
666f20c3753fdd39a027dbf5db3b637321255678a2f13875822d6681bfac82f0
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
73e91bfc2a6744834569442724182238130fb3f697cad72fec7d5944a1005c67
741932350156677164b36a1506347cfd558bc502310bd1d50e246d454c4c1131
7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5
7b70b802dad5dd23e53d9cc781b7ecb387050437d787b5b5e0d97dc241ecc5dc
7bc4215ac23be91247bd930b366f7ec7618bb06fe7b9c61080b783e278c07769
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80f5433df727188d43a64cda6f7060bc5117045b2cbcd1492a00183caff5f1ec
820909dff1e6cfe0d0f0fbb79ab8d58bb7c38780100c556718a94b6c5252ed3f
86ab251908c708f9554bea7d86a239bc5767582dd54349b65d546c03ce278c60
891b8a6960eb7823a2a952f71c0946adb44548b169616f7c846355f767218a4b
90ad41e20b950444c987679ae77189f237f9b78ec2503bd1fbdbe79cd4de7dd2
92acecdc0bbfd1ff4afe814f28e789d7229e226f9eb4ee76e13741e78359e234
9459a44caf3b500368768250994727ff30f7fc5e14715b2df996aa0d1b80e4a3
99f6048e026a358bcd25087b08a35840836764c0c3a97cd18569a0dab3263b7b
9dd189ef52ea74a10651864dd73d21639d99289fb8ca5be69df4aa29c81afc4d
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
aeefeaabef6721f20d248c2e1476aa942d9318ea58bf8abffda509f5c7af812e
b5755f0a5dd96cb7b48d559a03bab03844e8796cd3f97a3d356a27f874864949
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
cce2d9e56822ca13d0bc323ca0d7a4a6205b58a7006eea4ca3256f77da7a6a0c
dde24cb7904b96f77b5cd22744fb531ef188aeb1d46034d12a05abb17b4fe91e
e2c209b00657e89495ee8755079de3a860057eaedeb9fd85b6255794c765dda2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e70daf1f8bcfd0ed744b5f86ac162bda58f2d2db0e5b4ba93c3adec87ad09fe3
e7885d40f3264fc1c0d85a9174dee55aeb78a8ebe1a4cfc454b7f65126499f9e
e97d196c37c1bd5825cd9396829015633198f120ad647b9a6f5789306118770f
f3ec38817b053a57cc93275cf50b2ef3858a3dfaaf990b4715671b128a9901d2
fa9cdf9e3f9d95bc258c6aad323775e7d53770eead4c23191a4a2ef5ad66bfa1
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

mafiacorruption.give5.pl Open in urlscan Pro 213.189.52.246 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

123 Requests

98 %HTTPS

46 %IPv6

28 Domains

42 Subdomains

29 IPs

6 Countries

1481 kBTransfer

3110 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

123 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

mafiacorruption.give5.pl Open in urlscan Pro
213.189.52.246 Public Scan

Screenshot
Live screenshot

Full Image

123
Requests

98 %
HTTPS

46 %
IPv6

28
Domains

42
Subdomains

29
IPs

6
Countries

1481 kB
Transfer

3110 kB
Size

0
Cookies

123 HTTP transactions
3 data transactions