mlx.su Open in urlscan Pro
2606:4700:3034::ac43:ab1a Public Scan

Go To Rescan
Add Verdict Report

URL:
http://mlx.su/
Submission Tags: l4ing su tld ☭ ru cccp rf h8 m* Search All
Submission: On January 21 via manual (January 21st 2024, 5:18:09 pm UTC) from LU — Scanned from DE

Summary HTTP 194 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 40 IPs in 7 countries across 26 domains to perform 194 HTTP transactions. The main IP is 2606:4700:3034::ac43:ab1a, located in United States and belongs to CLOUDFLARENET, US. The main domain is mlx.su.

This is the only time mlx.su was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	2606:4700:303... 2606:4700:3034::ac43:ab1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
31	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1 2	2.16.184.115 2.16.184.115	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400c:c07::9a	15169 (GOOGLE) (GOOGLE)
3	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
6 8	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
3 7	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	37.252.171.53 37.252.171.53	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	142.250.184.198 142.250.184.198	15169 (GOOGLE) (GOOGLE)
1 9	138.201.63.145 138.201.63.145	24940 (HETZNER-AS) (HETZNER-AS)
7	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
17	2a00:1450:400... 2a00:1450:4001:82b::2006	15169 (GOOGLE) (GOOGLE)
2	91.121.248.44 91.121.248.44	16276 (OVH) (OVH)
1	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
1	18.132.155.94 18.132.155.94	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.184.230 142.250.184.230	15169 (GOOGLE) (GOOGLE)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
1	23.192.250.178 23.192.250.178	16625 (AKAMAI-AS) (AKAMAI-AS)
2	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	18.244.28.99 18.244.28.99	16509 (AMAZON-02) (AMAZON-02)
1	18.155.129.30 18.155.129.30	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2	18.171.41.162 18.171.41.162	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
194	40

11 2606:4700:3034::ac43:ab1a (United States)

ASN13335 (CLOUDFLARENET, US)

mlx.su	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.184.115 (Düsseldorf, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-184-115.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c07::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.162 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.36.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.171.53 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 138.201.63.145 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.145.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hal900010.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.121.248.44 (France)

ASN16276 (OVH, FR)
PTR: ip44.ip-91-121-248.eu

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.132.155.94 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-132-155-94.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.230 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.192.250.178 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-192-250-178.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.244.28.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-28-99.cdg52.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.155.129.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-129-30.cdg52.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.171.41.162 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-171-41-162.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157 ade.googlesyndication.com — Cisco Umbrella Rank: 356	556 KB
28	doubleclick.net 7 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 stats.g.doubleclick.net — Cisco Umbrella Rank: 79 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 ad.doubleclick.net — Cisco Umbrella Rank: 163 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 126874 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 594	153 KB
20	gstatic.com www.gstatic.com fonts.gstatic.com	797 KB
17	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 336	2 MB
15	google.com www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 2616 adservice.google.com — Cisco Umbrella Rank: 98	95 KB
11	mlx.su mlx.su	105 KB
9	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 38309 hal900010.redintelligence.net — Cisco Umbrella Rank: 189872	55 KB
8	criteo.net static.criteo.net — Cisco Umbrella Rank: 657 csm.eu.criteo.net — Cisco Umbrella Rank: 8850	12 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622	4 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 253	5 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	381 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	261 KB
4	google.de www.google.de — Cisco Umbrella Rank: 6518	729 B
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 28599 api.webgains.io — Cisco Umbrella Rank: 69568	19 KB
3	medialead.de 1 redirects pv.medialead.de — Cisco Umbrella Rank: 41332 medialead.de — Cisco Umbrella Rank: 40963	851 B
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	2 KB
2	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 8778 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 10462	53 KB
2	addthis.com 1 redirects s7.addthis.com — Cisco Umbrella Rank: 3470	627 B
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1019	34 KB
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 69384	437 B
1	awin1.com www.awin1.com — Cisco Umbrella Rank: 16092	702 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 55633	2 KB
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 148117	923 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	7 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 760	30 KB
194	26

	Domain	Requested by
31	pagead2.googlesyndication.com	mlx.su pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
20	tpc.googlesyndication.com	googleads.g.doubleclick.net mlx.su tpc.googlesyndication.com s0.2mdn.net pagead2.googlesyndication.com
17	s0.2mdn.net	mlx.su s0.2mdn.net
13	www.gstatic.com	www.google.com www.gstatic.com googleads.g.doubleclick.net
11	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net mlx.su
11	www.google.com	mlx.su www.gstatic.com www.google.com tpc.googlesyndication.com
11	mlx.su	mlx.su
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
7	static.criteo.net	ads.eu.criteo.com
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
7	fonts.gstatic.com	www.google.com mlx.su fonts.googleapis.com
5	hal900010.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900010.redintelligence.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	www.googletagmanager.com	mlx.su www.googletagmanager.com www.google-analytics.com adv.office-partner.de
4	hal9000.redintelligence.net	googleads.g.doubleclick.net hal900010.redintelligence.net
4	www.googletagservices.com	googleads.g.doubleclick.net mlx.su
4	www.google.de	mlx.su
4	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
4	www.google-analytics.com	mlx.su www.google-analytics.com
3	fonts.googleapis.com	googleads.g.doubleclick.net hal900010.redintelligence.net
3	region1.analytics.google.com	www.googletagmanager.com
2	api.webgains.io	analytics.webgains.io
2	googleads4.g.doubleclick.net	mlx.su
2	5994599.fls.doubleclick.net	1 redirects mlx.su
2	pv.medialead.de	hal900010.redintelligence.net googleads.g.doubleclick.net
2	s7.addthis.com	1 redirects mlx.su
2	maxcdn.bootstrapcdn.com	mlx.su
1	adservice.google.com	5994599.fls.doubleclick.net
1	ade.googlesyndication.com	mlx.su
1	cdn.track.production.webgains.team	googleads.g.doubleclick.net
1	analytics.webgains.io	track.webgains.com
1	www.awin1.com	googleads.g.doubleclick.net
1	medialead.de	1 redirects
1	track.webgains.com	mlx.su
1	adv.office-partner.de	hal900010.redintelligence.net
1	csm.eu.criteo.net	ads.eu.criteo.com
1	cat.nl3.eu.criteo.com	ads.eu.criteo.com
1	ad.doubleclick.net	googleads.g.doubleclick.net
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	cdnjs.cloudflare.com	mlx.su
1	code.jquery.com	mlx.su
194	41

This site contains links to these domains. Also see Links.

Domain
bill.mlx.su

Subject Issuer	Validity	Valid
bootstrapcdn.com GTS CA 1P5	`2023-11-30` - `2024-02-28`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
redintelligence.net R3	`2023-12-13` - `2024-03-12`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-15` - `2024-03-10`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-03` - `2024-02-28`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-27` - `2024-03-21`	3 months	crt.sh
pv.medialead.de R3	`2023-12-04` - `2024-03-03`	3 months	crt.sh
adv.office-partner.de R3	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-10` - `2025-01-10`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh

This page contains 26 frames:

Primary Page: http://mlx.su/
Frame ID: 79817526C261B462E91878AB54E82E56
Requests: 47 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20190131/zrt_lookup_fy2021.html
Frame ID: 08F5BAACDF59AFEA5046BCBB6ED7E4DE
Requests: 1 HTTP requests in this frame

Frame: http://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE&co=aHR0cDovL21seC5zdTo4MA..&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=nsg7lum0t4a0
Frame ID: 74834EF005BB2617B84155F76D11709B
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4796195822037540&output=html&adk=1812271804&adf=3025194257&lmt=1705857484&plat=1%3A16777216%2C2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x540_l%7C212x810_r&format=0x0&url=http%3A%2F%2Fmlx.su%2F&pra=5&wgl=1&easpi=1&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&dt=1705857484300&bpp=3&bdt=349&idt=267&shv=r20240118&mjsv=m202401160101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1273574755516&frm=20&pv=2&ga_vid=2130617466.1705857484&ga_sid=1705857485&ga_hid=1541986788&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326&oid=2&pvsid=118611438461066&tmod=642202981&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=283
Frame ID: A713E2785994F70DE228A0E087AEAACB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4796195822037540&output=html&h=60&slotname=4337623515&adk=2112336116&adf=3017137674&pi=t.ma~as.4337623515&w=468&lmt=1705857484&format=468x60&url=http%3A%2F%2Fmlx.su%2F&wgl=1&dt=1705857484303&bpp=1&bdt=353&idt=283&shv=r20240118&mjsv=m202401160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1273574755516&frm=20&pv=1&ga_vid=2130617466.1705857484&ga_sid=1705857485&ga_hid=1541986788&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=566&ady=142&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326&oid=2&pvsid=118611438461066&tmod=642202981&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=287
Frame ID: D7DB504624A313E9B7FCC685FF98060F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4796195822037540&output=html&h=250&slotname=3369457514&adk=1395306997&adf=2772626519&pi=t.ma~as.3369457514&w=300&lmt=1705857484&format=300x250&url=http%3A%2F%2Fmlx.su%2F&wgl=1&dt=1705857484304&bpp=1&bdt=354&idt=288&shv=r20240118&mjsv=m202401160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C468x60&nras=1&correlator=1273574755516&frm=20&pv=1&ga_vid=2130617466.1705857484&ga_sid=1705857485&ga_hid=1541986788&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=815&ady=248&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326&oid=2&pvsid=118611438461066&tmod=642202981&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=291
Frame ID: 94FF744E6B39F377F11488FB8715812F
Requests: 22 HTTP requests in this frame

Frame: http://www.google.com/recaptcha/api2/bframe?hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE
Frame ID: 5DA0517772C4C3B7402A5C204E4B6FBB
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVrEGJ4nol3n1EuphiBcnngnNJXatVmgAAyQe4fSr5FByjXIbN8daum3nFz3QRq9G5LzgVR-djahiYvbI3SSooiKhW8NfIEidK6LZuXAIbRLlr53z1TOwWOnwBm2PJiPcB8VmUKle5brNE930nBSWfVTNc5I3KCRp6pauba1Zop8JF158U
Frame ID: EC6508F9C90575CC6C1A123A31A94295
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 039F287434A942843B5A9C173D154230
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 84A637500F10F93BFD0B54C983FF7987
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 685B4AF31AEFEC42A2E79BF9DD95F8DA
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYmL35xgEwAQ&v=APEucNVHXXRFYOt5xCw9MUfYm5Z4jAQZfA_9bbOY5B-lutBedeWpiqle-GJaSKADvIBrQLPazAkxPcYC3Wo6V12hl2gs_aXBN_p8LpiW3itqLFpiKPX0iGn51f1X4aA7BUDzvp8ZestNEyy8tB0dVE6qgdipwgFq0QPqYH5pPqsWT32bICNNQaE
Frame ID: 56FFA13E8F1B90CCE1F3808A19A6594A
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 5EDC0106E990F651F818E59F02EF75C7
Requests: 18 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Za1RzAAK3noKZNHBAAP_kZQLhs_Ggtw2U93C-A&u=%7CCemNmF7xb6tVFVV0LKnfgQXwEqWIXjCIR39fT7xf5q8%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUETQtbu7-RuG02-JTbIw6iQcfCEIzTmgNg2xIeFvE2zvdEtfqOhKsalW4vSEeM5_U19pF1tXqS7BlfptUmvmJgVOkubhOLtiHX3HyJE6OcHcjAdAqo-24kaXvsuLYajYzyUDjeyKuXSuDNeF0wFdTfPrLiW59sOraaFTYxzevVgQswyWitOOpJOFFWBg2lCOu1Ukc0NNqXfbWS0zDbOZuQnaCq2kMTEgehoAiBKBh_AkCQVhM-Muy2W8LNP1s1ZkdIaQXrJbMqh2uBXg8rlfw-vTD1XHUn1Se3RGW3k7U8XzqOGPYsiWI1Oe1EmskPPy4R5thGtvpm8V3hc8iyj79PiNAIoX-A5HxiDXBOGEVi1d0pDFFAStTFy_FRKs7irknQfpIrc4-jgnFsDweEc2v0S69sai8TndHSnrLHV-iPRvhBGlyNKEKtAgA1lRbVig91EBGf5h_y4FwQ9ie4gWDDz4-WB8d6oIhwrWu1c6ChQ0ph_RDIclF6lQXQAK6c4SCVTdhqiabHS5OzC9ZGKftRcWiG9_FLULu4YTWjrBaBR4RWYnSFhrxfbPAXsE3ZmSFuwQNqsx-izn-WlADpMdi8m7Tmzzww-uoJC4je1NF2T7tr1Zx9UysknuaEb3DGaIs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmPw-zFGtZfq8K8GjkwOR_4-gA8me0rFchf6X93DAjbcBEAEgAGCVgoCAoAeCARdjYS1wdWItNDc5NjE5NTgyMjAzNzU0MMgBCakCnYpr6GVIsj6oAwHIAwKqBKwBT9B16Axn6G45TWYfGMX5_tYkya_LFxtWcVnJSTqVCTSuzHXAu53AYXXrLm82ootS8ZumVwUu8TOhmhjaH7jbvDDi0z8EvDMvpIqeBpZ3M9TkW2vK9L3gcO_TWzsFKBwERycVX3-S5cu0iZH79r8smBVxNK_g5baolFCe51df4e48bEyRIZmDWUoKomMvZSAI4UucaMkupLWzJQPTWF5MUTq768fR8nRlTDYS24AG9aedkJiV_rhwoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WKznoqv-7oMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_00-f30ualMK8O9PvERowawJjyGRQ%26client%3Dca-pub-4796195822037540%26adurl%3D
Frame ID: 5F8AD091E2EA2D0572B32038EBB81CC8
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 41ADC8F712E4C810619DD67DC08FB7BC
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Poppins%3A400%2C600
Frame ID: 8BED90CC57DC943047E33F6B657678F5
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 42022A095F7ACA8C72A3F5791FC3BC0C
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js
Frame ID: 3FD684B819AF9C3652432C430E16B5CE
Requests: 1 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=22136800089563704444554012576010&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 62AC20487B266B953826FE5A49FB9F83
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: E8BB306CA0F47B1E2A3479255A279DF5
Requests: 3 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIud6Kv-7oMDFaQKigMdYG4KWg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=901719249174.1244
Frame ID: 3CAB86F0767CACCC4C7173C43AB8E75A
Requests: 2 HTTP requests in this frame

Frame: https://hal900010.redintelligence.net/request_content.php?s=22136800089563704444554012576010&a=5770fe66
Frame ID: 58628297A8D71B936A47BBC349FAFFC5
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250
Frame ID: 6681A125783FEE1D3C7551CA6B31017B
Requests: 18 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Frame ID: C75C5CEC20A7DFFFBC398C04F844E960
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 228965A5767B2BBEC706440F9579CF3A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6A906C5FBE058FF0AE2709A8B9FF76F6
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MLX Tools - Useful tools for you

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

194
Requests

81 %
HTTPS

57 %
IPv6

26
Domains

41
Subdomains

40
IPs

7
Countries

4989 kB
Transfer

9339 kB
Size

20
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://bill.mlx.su/
Title: HOSTING

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

http://s7.addthis.com/js/300/addthis_widget.js HTTP 308
https://s7.addthis.com/js/300/addthis_widget.js

Request Chain 90

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1

Request Chain 91

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Za1RzWdYqIMDcuv3jMtFPQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1

Request Chain 92

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEG8Q3UdMpxSQiKgPz1YUlio&google_cver=1

Request Chain 93

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkxMDE5MDQ1ODk2NjI0NTA0Mg%3D%3D

Request Chain 109

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1

Request Chain 110

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Za1RzWdYqIMDcuv3jMtFPQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1

Request Chain 111

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEG8Q3UdMpxSQiKgPz1YUlio&google_cver=1

Request Chain 112

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkxMDE5MDQ1ODk2NjI0NTA0Mg%3D%3D

Request Chain 113

https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f49655b3e5&subid=&uid=853ca7bb12e769ad&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUvi_zFGtZY3JL5mvs8IPsemPoAym5b2gaa2VnKfJD_AuEAEgzt_EKWCVgoCAoAfIAQmpAp2Ka-hlSLI-qAMByAObBKoE9AFP0MeksTlisbvEpyfsqhR6E8bq2aHvtb6HN6Hk92U8c0Jv2gX0akBT6TRkij3fF9OpQ75uimXJl6eMd-8TTaExruAL33ka65QNnkimqH3iLmT8G9w5JugMQy77wXOmJsru6BUWLdnFIvbkmxb7dB_jCZed4cLMsPco9utN132sU_YkH7-e2TOy3FKdfaf_rI1Dz5D7l2JED97qxydZk2mfGMO50hwSJBta8-Ihiytcqr-crh-iDcqUJbY744SyQqYnYwG2lpruZy2ZzeuJM6iUuBQEdKL4FtgkDgcRvEkCEFSt7cmmd4USLA_QwdOWu-x5TgzCwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WKXwoqv-7oMDgAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_lz2a-NnlShXOeUU0elKN698RRKbKDDJUhWzfeX4WMHvxqdrp4cGwSmCwHwz2QJ4uzPt6Vawl0u9NLFZewhjFpFKR_Ue06CT3ux0YAQ%26sig%3DAOD64_1uuj4_gy2iAbM2dwkbQGXUJNVrug%26client%3Dca-pub-4796195822037540%26dbm_c%3DAKAmf-CJtzBwdMjsv5tHVlanq8IzMNHBEHyg3uhsq5ng2DKNfWlCDCQ879nsAffFb1rEcqrjcVqEdoVYI5iSgWuPmplzWOxg7IobZiP59QWBQi-wIISFdrbSoiFxaJfQMPoEva-ygXHmiS2oUdUladrWcqXtaoO0i0uKB_ZFQ5Hz01j9Yo6Z8dQ%26cry%3D1%26dbm_d%3DAKAmf-DnrB9kCo-S2dSFtGb_K3Vqp8ZNN2GBsparOSYB4yxMF83WreeS7QBR8t1wXEt2qEJH5ofGNDs81pjliG14LPxuCABy2ZPvS-AbKyeQ6hgdfuRvzmFtG9QFPqigu7liGE-6HIqLjH2Z5Ji2ECCsjw9M4WerMeCwOuVT-7A5IKk0bRjp6xQQpuUr0x9V_YD0Ybn8xjqm3Slhi7HpXKtreiAVrF-OjNcqCpBJmKszRH8VOgW_L2uXxT9kaRY-R3ld_MYJ1eWeO0HyYdZanL26cB8H9LmCoMp-d-GvCvAfUVQ1j21anCCxEckfF2tj8SKl13f_PqvbXS4Qgw2Dmn17ANTXyuHwnrHDLH-VJcN7lF4vbx5L5tK-M2wKGeJ5CHCxQ7pg0sCZnWWRIihDlworDLIj4vTjN7o3kdJ6MrjJB-PEXM1aSZEXR8s2SrVs9p7njUE9wyIJY5zBAaKD_2z0zHLbpj85PAMEOus77dwSwAFXTm3Po0BNsZ2X85u_KgcpupT3ySFj9LLPuI3CuyeqdOBlaxOsevTyLP8cZk9v0lYHpuDZfwM%26adurl%3D&documentReferer=http%3A%2F%2Fmlx.su%2F&ancestorOrigins=http%3A%2F%2Fmlx.su&random=2466316537734&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f49655b3e5&subid=&uid=853ca7bb12e769ad&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUvi_zFGtZY3JL5mvs8IPsemPoAym5b2gaa2VnKfJD_AuEAEgzt_EKWCVgoCAoAfIAQmpAp2Ka-hlSLI-qAMByAObBKoE9AFP0MeksTlisbvEpyfsqhR6E8bq2aHvtb6HN6Hk92U8c0Jv2gX0akBT6TRkij3fF9OpQ75uimXJl6eMd-8TTaExruAL33ka65QNnkimqH3iLmT8G9w5JugMQy77wXOmJsru6BUWLdnFIvbkmxb7dB_jCZed4cLMsPco9utN132sU_YkH7-e2TOy3FKdfaf_rI1Dz5D7l2JED97qxydZk2mfGMO50hwSJBta8-Ihiytcqr-crh-iDcqUJbY744SyQqYnYwG2lpruZy2ZzeuJM6iUuBQEdKL4FtgkDgcRvEkCEFSt7cmmd4USLA_QwdOWu-x5TgzCwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WKXwoqv-7oMDgAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_lz2a-NnlShXOeUU0elKN698RRKbKDDJUhWzfeX4WMHvxqdrp4cGwSmCwHwz2QJ4uzPt6Vawl0u9NLFZewhjFpFKR_Ue06CT3ux0YAQ%26sig%3DAOD64_1uuj4_gy2iAbM2dwkbQGXUJNVrug%26client%3Dca-pub-4796195822037540%26dbm_c%3DAKAmf-CJtzBwdMjsv5tHVlanq8IzMNHBEHyg3uhsq5ng2DKNfWlCDCQ879nsAffFb1rEcqrjcVqEdoVYI5iSgWuPmplzWOxg7IobZiP59QWBQi-wIISFdrbSoiFxaJfQMPoEva-ygXHmiS2oUdUladrWcqXtaoO0i0uKB_ZFQ5Hz01j9Yo6Z8dQ%26cry%3D1%26dbm_d%3DAKAmf-DnrB9kCo-S2dSFtGb_K3Vqp8ZNN2GBsparOSYB4yxMF83WreeS7QBR8t1wXEt2qEJH5ofGNDs81pjliG14LPxuCABy2ZPvS-AbKyeQ6hgdfuRvzmFtG9QFPqigu7liGE-6HIqLjH2Z5Ji2ECCsjw9M4WerMeCwOuVT-7A5IKk0bRjp6xQQpuUr0x9V_YD0Ybn8xjqm3Slhi7HpXKtreiAVrF-OjNcqCpBJmKszRH8VOgW_L2uXxT9kaRY-R3ld_MYJ1eWeO0HyYdZanL26cB8H9LmCoMp-d-GvCvAfUVQ1j21anCCxEckfF2tj8SKl13f_PqvbXS4Qgw2Dmn17ANTXyuHwnrHDLH-VJcN7lF4vbx5L5tK-M2wKGeJ5CHCxQ7pg0sCZnWWRIihDlworDLIj4vTjN7o3kdJ6MrjJB-PEXM1aSZEXR8s2SrVs9p7njUE9wyIJY5zBAaKD_2z0zHLbpj85PAMEOus77dwSwAFXTm3Po0BNsZ2X85u_KgcpupT3ySFj9LLPuI3CuyeqdOBlaxOsevTyLP8cZk9v0lYHpuDZfwM%26adurl%3D&documentReferer=http%3A%2F%2Fmlx.su%2F&ancestorOrigins=http%3A%2F%2Fmlx.su&random=2466316537734&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 138

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=901719249174.1244 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIud6Kv-7oMDFaQKigMdYG4KWg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=901719249174.1244

Request Chain 140

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=22136800089563704444554012576010&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=22136800089563704444554012576010&t=htlp&gdpr=1&consent=1&gdpr_consent=

194 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
mlx.su/ 9 KB
4 KB 258ms
149ms Document
text/html 2606:4700:3034::ac43:ab1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://mlx.su/
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:ab1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: edae388813eb1624d43fcd1fd86ef7930238ff87dd6d2bf2692d0e8d2c790908

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 849136d9cb7c7030-CDG
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sun, 21 Jan 2024 17:18:03 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2zaNxYn6Oto8w9%2Bck0D9BGl%2BEYZngXHCzh1o%2FRTGKm8L7KX7Zl5hYGk2W0dli3j1Rd4w39KqX2VkcOeHXBWoZ16BS3Miv%2BbrB8PqvNldsPtJpt9ZamjaK9biHR6Hkit%2F5tAW3Vk%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK KQoXNQfIUMr1GJoiF4GLQwgZw88.js Show response
mlx.su/cdn-cgi/apps/head/ 5 KB
2 KB 29ms
28ms Script
application/javascript 2606:4700:3034::ac43:ab1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://mlx.su/cdn-cgi/apps/head/KQoXNQfIUMr1GJoiF4GLQwgZw88.js
Requested by: Host: mlx.su
URL: http://mlx.su/
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:ab1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d05b5c409c699263dbe63602c31ec16e76e2e21a4a3cd9eeedee12167a4fc87

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:03 GMT
Content-Encoding: gzip
x-amz-version-id: KKalrwmZa136X1wN71c82LYWqpR.IfgQ
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-Cache-Status: HIT
x-amz-request-id: CG9ZJ1Z48QHAH82Z
Age: 5684267
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 1563
x-amz-id-2: Ep0WBmT72hWFswrBk2fEQoWsL6WbwTV/RLwK0xmBa09Ps9J+tEB0eG58MAaOyWvLE2+AtgHBCqE=
Last-Modified: Fri, 18 Sep 2020 08:46:58 GMT
Server: cloudflare
ETag: "eee9827040f86ed7ea624dfbc32064ea"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VZIa12WVeSedcaqLfZCGy6M96ax%2BQJLQWKe%2Farrd64suWZZly47gzIfF9A0NgJKBILFlEPUjfqeIXnHfwCQT3EXE0emHrDPiKXruOx0szodmMnPrJhFPH%2BCVsWVK%2FaHyaMXzg6Y%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 849136dabcf37030-CDG

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/css/ 147 KB
21 KB 52ms
33ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/css/bootstrap.min.css

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aebf611c1438dc7ec748e9a6364c734066b34bf2a1c7e2fc6511ed784635b50e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://mlx.su/
Origin: http://mlx.su
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
cdn-edgestorageid: 1048
cdn-cachedat: 10/31/2023 18:58:37
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:02 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"7e923ad223e9f33e54d22e50cf2bcce5"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: f726ddf3280b4efdfa53ff6ab52d038c
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 849136dad8162bbc-FRA
cdn-requestpullsuccess: True

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
54 KB 84ms
57ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

HTTP/1.1

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6bf2f6cd332cabaa2a5781823d9c2a9b3ea677d57f123de9a30c96fa59d4831e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:04 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Length: 54409
X-XSS-Protection: 0
Server: cafe
ETag: 12688640651203951047
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=3600, stale-while-revalidate=3600
Timing-Allow-Origin: *
Link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
Expires: Sun, 21 Jan 2024 17:18:04 GMT

GET
H2 200 jquery-3.2.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 46ms
9ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: mlx.su
URL: http://mlx.su/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Referer: http://mlx.su/
Origin: http://mlx.su
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:03 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 406049
x-cache: HIT, HIT
content-length: 30125
x-served-by: cache-lga21971-LGA, cache-fra-eddf8230025-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1705857484.993933,VS0,VE0
etag: W/"28feccc0-15283"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 18, 85813

GET
H2 200 tether.min.js Show response
cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/ 24 KB
7 KB 31ms
15ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://mlx.su/
Origin: http://mlx.su
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 4527811
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6714
last-modified: Mon, 04 May 2020 16:17:00 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ffc-619d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jj5SS3QdsJTcjcL5emm8oJQ%2B%2BQiXrbrWp40qclqH630J0tdNGcCtdmRKUi0uxieGIX1wNbzWtzHEqaGG3%2BXjur1VZOJKRsgyTMX%2Fg0WP6Rhtus1CHKrvflujHx60P7vva4j9QHC79yT7KahXlDjYMofl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 849136dadda819a0-FRA
expires: Fri, 10 Jan 2025 17:18:03 GMT

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/ 46 KB
13 KB 48ms
30ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://mlx.su/
Origin: http://mlx.su
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
cdn-edgestorageid: 1078
cdn-cachedat: 01/04/2023 11:36:10
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:02 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"0827a0bdcd9a917990eee461a77dd33e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: a97abab1db09b68aa1a2ad1c733d8592
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 849136dad8172bbc-FRA
cdn-requestpullsuccess: True

GET
H/1.1 200
OK pace.min.js Show response
mlx.su/js/ 12 KB
5 KB 155ms
154ms Script
application/javascript 2606:4700:3034::ac43:ab1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://mlx.su/js/pace.min.js
Requested by: Host: mlx.su
URL: http://mlx.su/
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:ab1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 579a10a2485055e988338be054f866cbe713c8510442130cbda0ce11ced6c49f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:04 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Tue, 31 Mar 2015 02:38:45 GMT
Server: cloudflare
ETag: W/"551a08b5-304b"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yCLNrcKFffCur%2BAqaO3Wn8VS8fCmJ7yqHpvxo4tooQ8tnBZJExvAhwvIJz78HAYl17eUGFZ4zZU5aPZGV7SrwncAMgKGW52Q19%2FyLvGIpD0rlRC5WKBXCYhZGwBb3KXxRuBa%2BT4%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=259200
CF-RAY: 849136dc299d4d6d-FRA
Expires: Wed, 24 Jan 2024 17:18:04 GMT

GET
H/1.1 200
OK api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 43ms
24ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.google.com/recaptcha/api.js

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

HTTP/1.1

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4402418fc5cd77aa922d7e94a2d49cc7923f5b577801be59c2f82e3233455b86

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:04 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Server: GSE
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=utf-8
Cache-Control: private, max-age=300
Cross-Origin-Resource-Policy: cross-origin
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jan 2024 17:18:04 GMT

GET
H/1.1 200
OK dwnldr.css
mlx.su/css/ 859 B
1 KB 219ms
212ms Stylesheet
text/css 2606:4700:3034::ac43:ab1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://mlx.su/css/dwnldr.css
Requested by: Host: mlx.su
URL: http://mlx.su/
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:ab1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7dd05dd8d5b14a6b2ac0e2cb569cf341be47deaee54b6a074394828e13c72e0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:04 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sun, 28 May 2017 22:26:56 GMT
Server: cloudflare
ETag: W/"592b4eb0-35b"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XA4%2B7HGbKUplIvoXYpC0kGjmSt1ZO7NOTOmg%2F3BNaxoqJroYgSt6Rnb7YHS5%2Frb4iGJOKPSpZmGwjKacxh5nszdqPw5eJEismpAhl3XnFP%2F%2F7G9HdldYegB96IfP5b1yqQzKK9k%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=259200
CF-RAY: 849136dacfa54d6d-FRA
Expires: Wed, 24 Jan 2024 17:18:03 GMT

GET
H/1.1 200
OK font-awesome.min.css
mlx.su/css/ 30 KB
8 KB 188ms
182ms Stylesheet
text/css 2606:4700:3034::ac43:ab1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://mlx.su/css/font-awesome.min.css
Requested by: Host: mlx.su
URL: http://mlx.su/
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:ab1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:04 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Thu, 22 Dec 2016 12:50:34 GMT
Server: cloudflare
ETag: W/"585bcc1a-7918"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C3y%2FbmDb1BfpH%2FpxSYMxGtMBifmrjmSp1iGhqU7BiL06c3jH%2Bib%2FFVQ3J0nQLyGSME0%2FZtZkmUzeiuOyfFCO4Twj9Y5MKJpcCJ4VwC2MPl%2BS6nvVTLepScTCYSTC9HTd61QAYcw%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=259200
CF-RAY: 849136dac91965d4-FRA
Expires: Wed, 24 Jan 2024 17:18:03 GMT

GET
H/1.1 200
OK font-awesome-animation.min.css
mlx.su/css/ 18 KB
3 KB 42ms
28ms Stylesheet
text/css 2606:4700:3034::ac43:ab1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://mlx.su/css/font-awesome-animation.min.css
Requested by: Host: mlx.su
URL: http://mlx.su/
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:ab1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b827a356de86e7ede120744088d83d693014ef7b8d4915642cd144dba094938

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:03 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 252459
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 13 May 2017 14:19:16 GMT
Server: cloudflare
ETag: W/"591715e4-47fd"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2B0f0DGphqOrpql7OuGVKh1I0ESWyC5PD5AZQP30qom%2BxA9dIoAvDCECLtcRWbM%2Fu0BBLHL%2BFV8j3vphjNHrjbbE1%2F%2BpjT1rCEFxidrJZxA2YeFhrXsPHRBofSDse%2BbC21%2BB7lk%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=259200
CF-RAY: 849136dadcefb8a3-AMS
Expires: Sun, 21 Jan 2024 19:10:18 GMT

GET
H/1.1 200
OK pace.css
mlx.su/css/ 319 B
948 B 217ms
202ms Stylesheet
text/css 2606:4700:3034::ac43:ab1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://mlx.su/css/pace.css
Requested by: Host: mlx.su
URL: http://mlx.su/
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:ab1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32e0174550fcf17b9fb41ba5918e6d322c45b4ecb0a6e1862d724d7b583509b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:04 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Fri, 26 May 2017 14:26:25 GMT
Server: cloudflare
ETag: W/"59283b11-13f"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9A1zJGujWVEiGsqoqes0W1J2Q3cnAKmm4ZlDXEU1XR%2FrJGxXSC0r%2F4GY7rum4nd1p38TSrqiZOMu5kk7KpUlnC8R6EupSXnuQUrNKLsV7kMYjR7OmiL9rdJMNyUjFCD%2B4EGyhN8%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=259200
CF-RAY: 849136dad8002292-CDG
Expires: Wed, 24 Jan 2024 17:18:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 188 KB
68 KB 116ms
28ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-1293902-20

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fb3a2ca25c916b02b4cc9871f9ab332435437d01fb5031fe3e962b91b0360acd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69402
x-xss-protection: 0
last-modified: Sun, 21 Jan 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 21 Jan 2024 17:18:04 GMT

GET
H/1.1 200
OK ie10-viewport-bug-workaround.js Show response
mlx.su/js/ 697 B
1 KB 223ms
194ms Script
application/javascript 2606:4700:3034::ac43:ab1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://mlx.su/js/ie10-viewport-bug-workaround.js
Requested by: Host: mlx.su
URL: http://mlx.su/
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:ab1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ea441241f5e96cc6e9a2f61a10d681a4513afed985a8517790e5cfecf3ba417

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:04 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Tue, 14 Apr 2015 10:35:46 GMT
Server: cloudflare
ETag: W/"552ced82-2b9"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V0CBtI7wEa4VfE9ZZXT0WBnf1n2PfIAw8mRPXu43uW9XG9c20mn8Ue23n%2F9xpXeyEpSF6BZ254WJ5u023J%2Bvnkfey%2BaX9AAKzLy22LSjFQ9P8agWT1oC5hk5p2kKqjsUbz%2BwLwo%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=259200
CF-RAY: 849136daed497030-CDG
Expires: Wed, 24 Jan 2024 17:18:04 GMT

GET
H2

200

addthis_widget.js Show response
s7.addthis.com/js/300/
Redirect Chain

http://s7.addthis.com/js/300/addthis_widget.js
https://s7.addthis.com/js/300/addthis_widget.js

56 B
360 B

192ms
54ms

Script
text/javascript

2.16.184.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Server

2.16.184.115 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-16-184-115.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 21 Jan 2024 17:18:04 GMT
server: Oracle API Gateway
opc-request-id: /1139F11551C160E248E38F62F2C03565/34C8C249371CB3D12974CA649FEF6EC4
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

Redirect headers

Date: Sun, 21 Jan 2024 17:18:04 GMT
Server: nginx/1.15.8
X-Distribution: 99
Content-Type: text/html
Location: https://s7.addthis.com/js/300/addthis_widget.js
X-Host: s7.addthis.com
Connection: keep-alive
Content-Length: 171

GET
H/1.1 200
OK dwnldr.js Show response
mlx.su/js/ 1 KB
1 KB 72ms
29ms Script
application/javascript 2606:4700:3034::ac43:ab1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://mlx.su/js/dwnldr.js
Requested by: Host: mlx.su
URL: http://mlx.su/
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:ab1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe491bd2842d5bd39f983ff81431e710df2d3f80862cc02cda481400d04a511b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:04 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 252466
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 13 May 2017 11:37:51 GMT
Server: cloudflare
ETag: W/"5916f00f-5d6"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A2fa9ba0k1pgBr7C2JMYiASIpzNjE8FZzpG5BWW5fH7fDYHAMSk6DDIO4bxtVcsQvk4GIHrTIwAru3s0YILq%2Fl3ba6g2UyoaPZD0sz1wrAS8BortP290%2FX20cwjZGY%2F4aNM%2BYrA%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=259200
CF-RAY: 849136db0d36b8a3-AMS
Expires: Thu, 18 Jan 2024 20:33:09 GMT

GET
H/1.1 200
OK 4fOdPTIXwD5jqTJyRotqxsmFSbM.js Show response
mlx.su/cdn-cgi/apps/body/ 4 KB
2 KB 29ms
29ms Script
application/javascript 2606:4700:3034::ac43:ab1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://mlx.su/cdn-cgi/apps/body/4fOdPTIXwD5jqTJyRotqxsmFSbM.js
Requested by: Host: mlx.su
URL: http://mlx.su/cdn-cgi/apps/head/KQoXNQfIUMr1GJoiF4GLQwgZw88.js
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:ab1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06d24424fe8c15dd335c668f21183ad1445c22328a06403b5e9ec176194a9b8f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:04 GMT
Content-Encoding: gzip
x-amz-version-id: DaJQt774v23G2XHPkNB0CMXx8j5yl6SH
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-Cache-Status: HIT
x-amz-request-id: E8JQ4HSWK1SABPMW
Age: 530152
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 1275
x-amz-id-2: ZOzsJtsGGfGTAe7axPXKQfTh3NiSyQSYIERJxkTnXAQUe7VQldFcGFmWWp7a+df6alrg8sRZmlI=
Last-Modified: Fri, 18 Sep 2020 08:46:58 GMT
Server: cloudflare
ETag: "c082817c1f07cbe33242d1459cbb59a8"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MP%2FAiHfNbfD8SxA4AjUPVr9hJG8uZPGNlqSygFAmGFR29E94PQtmWbtNP5%2BH24HqvRLnIgeWwlV87TeXqbXtIunT8NLAu2o0fSkEYLIvVgTQl2Sgz4VfKPceWQfCQ6jXkbpr%2FQE%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 849136dc29fc2292-CDG

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 113ms
25ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 21 Jan 2024 15:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 5395
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 21 Jan 2024 17:48:09 GMT

GET
H/1.1 200
OK fontawesome-webfont.woff2
mlx.su/fonts/ 75 KB
76 KB 271ms
271ms Font
font/woff2 2606:4700:3034::ac43:ab1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://mlx.su/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: mlx.su
URL: http://mlx.su/css/font-awesome.min.css
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:ab1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: http://mlx.su/css/font-awesome.min.css
Origin: http://mlx.su
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:04 GMT
CF-Cache-Status: MISS
Last-Modified: Thu, 22 Dec 2016 12:50:34 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
ETag: "585bcc1a-12d68"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d6SLO%2BFKluKsMD6e1d%2F%2B%2BglzAhG9giGmSUDtfGsLbNBroIaYkqKpux%2Bx760O9pKDyOrA%2F4P6ybgqv7q9Q%2BkQJ%2BCumyf5r5DwYYSX9ImiiS4vlcZ6xd%2FWf7ifCF6B4LgAYenJQtQ%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: font/woff2
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 849136dc2f577030-CDG
alt-svc: h3=":443"; ma=86400
Content-Length: 77160

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/ 506 KB
204 KB 53ms
14ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__de.js

Requested by

Host: www.google.com
URL: http://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91088a015cd36dabb6639d0b6d08fadc57be7f1b85011f5f882d4e7a8611df31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://mlx.su/
Origin: http://mlx.su
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 01:17:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57622
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 207845
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 05:00:33 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 20 Jan 2025 01:17:42 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401160101/ 402 KB
137 KB 131ms
97ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4796195822037540&plah=mlx.su

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

307003b8521a972055b9b3eeaf396f1d99b0877a0ee4f022fc996d7fb8c01c5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139624
x-xss-protection: 0
server: cafe
etag: 10760857480192934297
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 17:18:04 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240118/r20190131/ Frame 08F5 9 KB
4 KB 49ms
14ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240118/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://mlx.su/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1430
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 16:54:14 GMT
etag: 9219409622527106327
expires: Sun, 04 Feb 2024 16:54:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
153 B 33ms
32ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1541986788&t=pageview&_s=1&dl=http%3A%2F%2Fmlx.su%2F&ul=en-us&de=UTF-8&dt=MLX%20Tools%20-%20Useful%20tools%20for%20you&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1562067379&gjid=1330311827&cid=2130617466.1705857484&tid=UA-1293902-13&_gid=1460153446.1705857484&_r=1&_slc=1&z=185194454

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f753043c9ccd4002880163506e7d7b5643af80bab3f36dba3bd3bd926d4e4f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://mlx.su/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://mlx.su
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 25ms
25ms Image
image/gif 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1541986788&t=pageview&_s=2&dl=http%3A%2F%2Fmlx.su%2F&ul=en-us&de=UTF-8&dt=MLX%20Tools%20-%20Useful%20tools%20for%20you&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=2130617466.1705857484&tid=UA-1293902-13&_gid=1460153446.1705857484&z=126795218

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 02:56:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 51666
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
78 KB 28ms
28ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XSN8X7N395&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1293902-20

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0bf966569adeba9c13afd6182d2faf0054b08889626ea01cd45ea8c27da2207e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79751
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 21 Jan 2024 17:18:04 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
69 B 32ms
31ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1541986788&t=pageview&_s=1&dl=http%3A%2F%2Fmlx.su%2F&ul=en-us&de=UTF-8&dt=MLX%20Tools%20-%20Useful%20tools%20for%20you&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAUABAAAAACAAI~&jid=331373348&gjid=686071296&cid=2130617466.1705857484&tid=UA-1293902-20&_gid=1460153446.1705857484&_r=1&gtm=457e41h0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=1373471594

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://mlx.su/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://mlx.su
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
342 B 276ms
21ms XHR
text/plain 2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1293902-13&cid=2130617466.1705857484&jid=1562067379&gjid=1330311827&_gid=1460153446.1705857484&_u=IEBAAEAAAAAAACAAI~&z=2126750168

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://mlx.su/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 21 Jan 2024 17:18:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://mlx.su
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
80 KB 30ms
30ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0ZVBMKGN8Y&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

637b48080f08742cbdd4ffd5874582e86f894bdbf4de37521a70988ad0245846

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81509
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 21 Jan 2024 17:18:04 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 259ms
22ms XHR
text/plain 2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1293902-20&cid=2130617466.1705857484&jid=331373348&gjid=686071296&_gid=1460153446.1705857484&_u=aEDAAUABAAAAACAAI~&z=1074644214

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://mlx.su/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 21 Jan 2024 17:18:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://mlx.su
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK anchor Show response
www.google.com/recaptcha/api2/ Frame 7483 44 KB
28 KB 40ms
40ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE&co=aHR0cDovL21seC5zdTo4MA..&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=nsg7lum0t4a0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__de.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

46894f8af00c2de2a7b68d5af0d2b8b148a811bdc8deab9f306c2f4bd6425a46

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rrT2xAPdDHwpcZ862lNwtw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://mlx.su/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Encoding: gzip
Content-Security-Policy: script-src 'report-sample' 'nonce-rrT2xAPdDHwpcZ862lNwtw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
Content-Type: text/html; charset=utf-8
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 21 Jan 2024 17:18:04 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
Server: GSE
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

POST
H2 204 collect
region1.analytics.google.com/g/ 0
238 B 200ms
18ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-XSN8X7N395&gtm=45je41h0v9108914121&_p=1705857484176&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=2130617466.1705857484&ul=en-us&sr=1600x1200&ir=1&_eu=EAAI&_s=1&sid=1705857484&sct=1&seg=0&dl=http%3A%2F%2Fmlx.su%2F&dt=MLX%20Tools%20-%20Useful%20tools%20for%20you&en=page_view&_fv=1&_ss=1&tfd=744
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XSN8X7N395&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://mlx.su
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 202ms
23ms Ping
text/plain 2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-XSN8X7N395&cid=2130617466.1705857484&gtm=45je41h0v9108914121&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XSN8X7N395&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://mlx.su
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 229ms
47ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-XSN8X7N395&cid=2130617466.1705857484&gtm=45je41h0v9108914121&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=452489637

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 185ms
19ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-0ZVBMKGN8Y&gtm=45je41h0v9111752233&_p=1705857484176&_gaz=1&gcd=11l1l1l1l2&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=2130617466.1705857484&ir=1&_eu=EBAI&_s=1&dl=http%3A%2F%2Fmlx.su%2F&dt=MLX%20Tools%20-%20Useful%20tools%20for%20you&sid=1705857484&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=759
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0ZVBMKGN8Y&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://mlx.su
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
45 B 187ms
23ms Ping
text/plain 2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-0ZVBMKGN8Y&cid=2130617466.1705857484&gtm=45je41h0v9111752233&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0ZVBMKGN8Y&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://mlx.su
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 214ms
49ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-0ZVBMKGN8Y&cid=2130617466.1705857484&gtm=45je41h0v9111752233&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l2&z=981595422

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A713 330 KB
68 KB 522ms
522ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4796195822037540&output=html&adk=1812271804&adf=3025194257&lmt=1705857484&plat=1%3A16777216%2C2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x540_l%7C212x810_r&format=0x0&url=http%3A%2F%2Fmlx.su%2F&pra=5&wgl=1&easpi=1&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&dt=1705857484300&bpp=3&bdt=349&idt=267&shv=r20240118&mjsv=m202401160101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1273574755516&frm=20&pv=2&ga_vid=2130617466.1705857484&ga_sid=1705857485&ga_hid=1541986788&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326&oid=2&pvsid=118611438461066&tmod=642202981&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=283

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4796195822037540&plah=mlx.su

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5db9f8abcb1e4da240266eaa7e1e8fb5028e33fcebf620ec9c8697442eba542e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://mlx.su/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 69603
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 17:18:05 GMT
expires: Sun, 21 Jan 2024 17:18:05 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
121 B 165ms
164ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=grecaptcha-badge&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
56 B 165ms
164ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=NAV&cls=navbar%20navbar-toggleable-md%20navbar-light%20bg-faded%20fixed-top&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D7DB 708 B
571 B 444ms
443ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4796195822037540&output=html&h=60&slotname=4337623515&adk=2112336116&adf=3017137674&pi=t.ma~as.4337623515&w=468&lmt=1705857484&format=468x60&url=http%3A%2F%2Fmlx.su%2F&wgl=1&dt=1705857484303&bpp=1&bdt=353&idt=283&shv=r20240118&mjsv=m202401160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1273574755516&frm=20&pv=1&ga_vid=2130617466.1705857484&ga_sid=1705857485&ga_hid=1541986788&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=566&ady=142&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326&oid=2&pvsid=118611438461066&tmod=642202981&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=287

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45009a243d571ef5211356c6f18f81da12766f57142eb8c483906558f033f74f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://mlx.su/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 350
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 17:18:05 GMT
expires: Sun, 21 Jan 2024 17:18:05 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 94FF 24 KB
11 KB 544ms
542ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4796195822037540&output=html&h=250&slotname=3369457514&adk=1395306997&adf=2772626519&pi=t.ma~as.3369457514&w=300&lmt=1705857484&format=300x250&url=http%3A%2F%2Fmlx.su%2F&wgl=1&dt=1705857484304&bpp=1&bdt=354&idt=288&shv=r20240118&mjsv=m202401160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C468x60&nras=1&correlator=1273574755516&frm=20&pv=1&ga_vid=2130617466.1705857484&ga_sid=1705857485&ga_hid=1541986788&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=815&ady=248&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326&oid=2&pvsid=118611438461066&tmod=642202981&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=291

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7eac36e5fa43812e97a6ed35d766ff5cc815cd3d5831fb3f762bd6df4f6523b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://mlx.su/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 11049
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 17:18:05 GMT
expires: Sun, 21 Jan 2024 17:18:05 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 86ms
51ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1293902-13&cid=2130617466.1705857484&jid=1562067379&_u=IEBAAEAAAAAAACAAI~&z=2022459793

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 49ms
49ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1293902-13&cid=2130617466.1705857484&jid=1562067379&_u=IEBAAEAAAAAAACAAI~&z=2022459793

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 83ms
49ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1293902-20&cid=2130617466.1705857484&jid=331373348&_u=aEDAAUABAAAAACAAI~&z=794459791

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 199ms
199ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1293902-20&cid=2130617466.1705857484&jid=331373348&_u=aEDAAUABAAAAACAAI~&z=794459791

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/ Frame 7483 55 KB
24 KB 46ms
15ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css

Requested by

Host: www.google.com
URL: http://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE&co=aHR0cDovL21seC5zdTo4MA..&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=nsg7lum0t4a0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 08:49:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30488
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 05:00:33 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 20 Jan 2025 08:49:56 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/ Frame 7483 506 KB
203 KB 54ms
23ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91088a015cd36dabb6639d0b6d08fadc57be7f1b85011f5f882d4e7a8611df31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 01:17:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57622
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 207845
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 05:00:33 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 20 Jan 2025 01:17:42 GMT

GET
H/1.1 200
OK W6ySMI_EbF4NJqhzNc9p1_hu4s5xL3ZDxE1cNPsDaUQ.js Show response
www.google.com/js/bg/ Frame 7483 17 KB
8 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.google.com/js/bg/W6ySMI_EbF4NJqhzNc9p1_hu4s5xL3ZDxE1cNPsDaUQ.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__de.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bac92308fc46c5e0d26a87335cf69d7f86ee2ce712f7643c44d5c34fb036944

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE&co=aHR0cDovL21seC5zdTo4MA..&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=nsg7lum0t4a0
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Wed, 17 Jan 2024 02:24:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 399244
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 7649
X-XSS-Protection: 0
Last-Modified: Wed, 03 Jan 2024 11:00:00 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs"
Vary: Accept-Encoding
Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
Content-Type: text/javascript
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Expires: Thu, 16 Jan 2025 02:24:00 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 7483 2 KB
2 KB 14ms
14ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 19:56:54 GMT
x-content-type-options: nosniff
age: 508870
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 22 Jan 2024 19:56:54 GMT

GET
H/1.1 200
OK KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7483 15 KB
16 KB 26ms
13ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.google.com/
Origin: http://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 13:02:51 GMT
X-Content-Type-Options: nosniff
Age: 447313
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 15344
X-XSS-Protection: 0
Last-Modified: Mon, 16 Oct 2017 17:32:55 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Wed, 15 Jan 2025 13:02:51 GMT

GET
H/1.1 200
OK KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7483 15 KB
16 KB 27ms
14ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.google.com/
Origin: http://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Wed, 17 Jan 2024 00:27:28 GMT
X-Content-Type-Options: nosniff
Age: 406236
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 15552
X-XSS-Protection: 0
Last-Modified: Mon, 16 Oct 2017 17:33:02 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Thu, 16 Jan 2025 00:27:28 GMT

GET
H/1.1 200
OK webworker.js
www.google.com/recaptcha/api2/ Frame 7483 102 B
687 B 23ms
23ms Other
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.google.com/recaptcha/api2/webworker.js?hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f187dc8de7fe50f1f8825c3500b64080cc78ac39df7efd31a4b1bc562be9ca3d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE&co=aHR0cDovL21seC5zdTo4MA..&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=nsg7lum0t4a0
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:04 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Server: GSE
Cross-Origin-Embedder-Policy: require-corp
Transfer-Encoding: chunked
Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
Content-Type: text/javascript; charset=utf-8
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=300
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jan 2024 17:18:04 GMT

GET
H/1.1 200
OK bframe Show response
www.google.com/recaptcha/api2/ Frame 5DA0 7 KB
2 KB 28ms
27ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.google.com/recaptcha/api2/bframe?hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__de.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1d9fa332f592dfbe54205676cac4d1311768af479cdb60787721a5b11c4bc1f1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UOzN_d9IzzuNPsiwJCNLpA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://mlx.su/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Encoding: gzip
Content-Security-Policy: script-src 'report-sample' 'nonce-UOzN_d9IzzuNPsiwJCNLpA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
Content-Type: text/html; charset=utf-8
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 21 Jan 2024 17:18:05 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
Server: GSE
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/ Frame 5DA0 55 KB
24 KB 13ms
13ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css

Requested by

Host: www.google.com
URL: http://www.google.com/recaptcha/api2/bframe?hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 08:49:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30489
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 05:00:33 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 20 Jan 2025 08:49:56 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/ Frame 5DA0 506 KB
203 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__de.js

Requested by

Host: www.google.com
URL: http://www.google.com/recaptcha/api2/bframe?hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91088a015cd36dabb6639d0b6d08fadc57be7f1b85011f5f882d4e7a8611df31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 01:17:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57623
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 207845
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 05:00:33 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 20 Jan 2025 01:17:42 GMT

POST
H/1.1 200
OK reload Show response
www.google.com/recaptcha/api2/ Frame 5DA0 19 KB
15 KB 52ms
51ms XHR
application/json 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.google.com/recaptcha/api2/reload?k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__de.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

17881e4f695f51467cea3870acb51f1612c0d5f4f1a5810324f9041c8ef2f834

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.google.com/recaptcha/api2/bframe?hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

Date: Sun, 21 Jan 2024 17:18:05 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Server: GSE
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Cache-Control: private, max-age=0
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 94FF 42 B
63 B 160ms
159ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DFQ73F45ynd87kClK813bA70RcWZtSQS4V37xPs2gGvSm3kIkWOk0lPbmIocBLNhPzX6geyG6BRnr-Fl3z3O0bnl6FLS6qFKiDKszC2gJL72y1tPE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4796195822037540&output=html&h=250&slotname=3369457514&adk=1395306997&adf=2772626519&pi=t.ma~as.3369457514&w=300&lmt=1705857484&format=300x250&url=http%3A%2F%2Fmlx.su%2F&wgl=1&dt=1705857484304&bpp=1&bdt=354&idt=288&shv=r20240118&mjsv=m202401160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C468x60&nras=1&correlator=1273574755516&frm=20&pv=1&ga_vid=2130617466.1705857484&ga_sid=1705857485&ga_hid=1541986788&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=815&ady=248&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326&oid=2&pvsid=118611438461066&tmod=642202981&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=291

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 94FF 89 KB
31 KB 81ms
80ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 94FF 3 KB
1 KB 104ms
16ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:05:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 730
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 04 Feb 2024 17:05:55 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 94FF 20 KB
9 KB 120ms
15ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 18:28:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82146
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Feb 2024 18:28:59 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 94FF 206 KB
66 KB 188ms
99ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401160101/ 162 KB
55 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401160101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aade75d409ef95edca2a02c0a60c8263c656e955244ed0b67dfcd37e23cfd9a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56377
x-xss-protection: 0
server: cafe
etag: 6020631722995868178
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H3 200 canonical_car.png
www.gstatic.com/recaptcha/api2/ Frame 5DA0 11 KB
11 KB 17ms
17ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/canonical_car.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 21:16:51 GMT
x-content-type-options: nosniff
age: 504074
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11174
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 22 Jan 2024 21:16:51 GMT

GET
H3 200 refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame 5DA0 600 B
624 B 18ms
17ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/refresh_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 10:50:23 GMT
x-content-type-options: nosniff
age: 368862
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 600
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Wed, 24 Jan 2024 10:50:23 GMT

GET
H3 200 audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame 5DA0 530 B
554 B 19ms
18ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/audio_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 13:43:45 GMT
x-content-type-options: nosniff
age: 12860
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 530
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Sun, 28 Jan 2024 13:43:45 GMT

GET
H3 200 info_2x.png
www.gstatic.com/recaptcha/api2/ Frame 5DA0 665 B
689 B 21ms
20ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/info_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 10:50:23 GMT
x-content-type-options: nosniff
age: 368862
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 665
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Wed, 24 Jan 2024 10:50:23 GMT

GET
H/1.1 200
OK KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 5DA0 15 KB
16 KB 14ms
13ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

HTTP/1.1

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.google.com/
Origin: http://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 13:02:51 GMT
X-Content-Type-Options: nosniff
Age: 447314
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 15344
X-XSS-Protection: 0
Last-Modified: Mon, 16 Oct 2017 17:32:55 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Wed, 15 Jan 2025 13:02:51 GMT

GET
H/1.1 200
OK KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 5DA0 15 KB
16 KB 15ms
14ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

HTTP/1.1

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.google.com/
Origin: http://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sat, 20 Jan 2024 00:17:59 GMT
X-Content-Type-Options: nosniff
Age: 147606
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 15340
X-XSS-Protection: 0
Last-Modified: Mon, 16 Oct 2017 17:33:16 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sun, 19 Jan 2025 00:17:59 GMT

GET
H/1.1 200
OK KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 5DA0 15 KB
16 KB 26ms
13ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

HTTP/1.1

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.google.com/
Origin: http://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Wed, 17 Jan 2024 00:27:28 GMT
X-Content-Type-Options: nosniff
Age: 406237
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 15552
X-XSS-Protection: 0
Last-Modified: Mon, 16 Oct 2017 17:33:02 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Thu, 16 Jan 2025 00:27:28 GMT

GET
H/1.1 200
OK W6ySMI_EbF4NJqhzNc9p1_hu4s5xL3ZDxE1cNPsDaUQ.js Show response
www.google.com/js/bg/ Frame 5DA0 17 KB
8 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.google.com/js/bg/W6ySMI_EbF4NJqhzNc9p1_hu4s5xL3ZDxE1cNPsDaUQ.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__de.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bac92308fc46c5e0d26a87335cf69d7f86ee2ce712f7643c44d5c34fb036944

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.google.com/recaptcha/api2/bframe?hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Wed, 17 Jan 2024 02:24:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 399245
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 7649
X-XSS-Protection: 0
Last-Modified: Wed, 03 Jan 2024 11:00:00 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs"
Vary: Accept-Encoding
Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
Content-Type: text/javascript
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Expires: Thu, 16 Jan 2025 02:24:00 GMT

GET
H/1.1 200
OK payload
www.google.com/recaptcha/api2/ Frame 5DA0 29 KB
29 KB 38ms
22ms Image
image/jpeg 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.google.com/recaptcha/api2/payload?p=06AFcWeA7NAHiQK77Z1udne8H57Mgp-R3t0cVrTlFGdHkhKI9HG_qs38xzhyyygMS-fkZPYa99-Xe9S_N6kX6QDmZch0fWn5q6iiaVFUglhqxiDbUMGuWf2pG2i9GJj4zNAYoca5LliztJIL2wdx0lnUXEBXvBc9bm6EaPHqW66eRDdiO_1-Z6rxo0t2TH40GEWFdxXDdzwswO1D21ECdF39y1HiviKbyhCw&k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

HTTP/1.1

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e0948ab26397a3912e2fc7086f64a39872e89e5791720f5610d6a609a69b51bf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.google.com/recaptcha/api2/bframe?hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&k=6LfMmQ8UAAAAAAKtB73g5iI8h6ubkRTUoSrsUUCE
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:05 GMT
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Server: GSE
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: private, max-age=30
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EC65 624 B
246 B 53ms
52ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVrEGJ4nol3n1EuphiBcnngnNJXatVmgAAyQe4fSr5FByjXIbN8daum3nFz3QRq9G5LzgVR-djahiYvbI3SSooiKhW8NfIEidK6LZuXAIbRLlr53z1TOwWOnwBm2PJiPcB8VmUKle5brNE930nBSWfVTNc5I3KCRp6pauba1Zop8JF158U

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4796195822037540&output=html&h=250&slotname=3369457514&adk=1395306997&adf=2772626519&pi=t.ma~as.3369457514&w=300&lmt=1705857484&format=300x250&url=http%3A%2F%2Fmlx.su%2F&wgl=1&dt=1705857484304&bpp=1&bdt=354&idt=288&shv=r20240118&mjsv=m202401160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C468x60&nras=1&correlator=1273574755516&frm=20&pv=1&ga_vid=2130617466.1705857484&ga_sid=1705857485&ga_hid=1541986788&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=815&ady=248&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326&oid=2&pvsid=118611438461066&tmod=642202981&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=291
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 17:18:05 GMT
expires: Sun, 21 Jan 2024 17:18:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 164ms
162ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=0&wpc=ca-pub-4796195822037540&warn=13&w=1600&h=1200&pp=0&ppp=0&eatf=false&eatfAbg=true&reatf=true&a=6%2C1%2C5%2C7&apv=20240116_093501&sat=1705643305440&afm=0&as_count=2&d_count=0&ng_count=0&am_count=0&atf_count=2&mdns=0.523&alldns=0.523&allp=7&fd=(0%2C5%2C0)%2C(1%2C0%2C0)%2C(2%2C0%2C0)&pgh=1200&abl=false&rr=n&su=mlx.su&pvc=118611438461066&r=0.1&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 94FF 0
20 B 165ms
165ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2758958659364&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 94FF 0
20 B 163ms
163ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2758958659364&version=m202309260101&ct=77&x=1&cor=12570625638764892000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 94FF 20 KB
13 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BpjtuJwwyicuD24cQJrTrBi9zXtrfhdHxJBp-NdNjC0SG-iipGiX-vqx5JfycSBff95ORKQKpayMdcUedieIkQ99gmRems2Ic5zIU-AJRYm5rjJwfdnS0Jpzx6Sc1RQ_aQ0vFi0kT5VTm-ifw106YtA6NbptTyx2x1NvNJ6mCtPLhI-Hc&cry=1&dbm_d=AKAmf-CKFhNvjpWoyxalO4kZZc2Nsmt0W3TAQS-pKDGYIapQaLza0PrnpxQxKlfpBeLNNKPlJBhyKEyTvfs7ImPelwuTq0orGpLBzLMf75kecWPAW6MP41R7JBbuy2RL95FNLBbTj2OCCYmpP_5rWLNZ3VoWHPWZfyqf3oybT0kOXEtN2aPNZmt50_NgQYWH2E0JnidfVRbb9AJyqUlVrc-XoVErc41hjmOAGkBZcijcQMuurxF954N4cyrPFpkilpBAjpxaLnK85VL2Rgy8o6NX6s_eRs0ic3Wf2qo-4CX3awu0aEOrnt2MFnyZxGubS1f4DzgCDU3kEGFfxyA13ypgRXjgw1FHjFTS-t3O7YcGh7x6O8mZxEtjXaig9mKKlVNlK3mlornekm2G-Y2NL4uh5dD2X5EQVCXO31utre4AQGt356vX97jCix3wfHxsD1tZk9uY5_OiNvaFXSt8tDrsyKq2kifysD4Q5ifWyrBMw0ZD5e7QF8JW1AD30aR_ROIufFUp2Lc7-5DdxI1UfgVrFad0kSqKW7oEdmorDWnFeUCvauQcdtikrdVBbnRwWrxXwEzNQ9LdKK8wOv5LzgKSA1Q58MEFjcui6d7L3-4YP1pSKHvjTbYaxJl5vzYluTa1_sWtYE4dGUN2eSCkXBbMf9fELwNTRwjgqY5aVcOe6ML3rvSh6tNHhjn3AAxwjbJjPXyLYrmRK5TsliCyEUnMTID08q-wCLh-86ayheibClYqQd8PlQ3WuS545PXXzbS2c0h9ooaKfVaeL4PafT8FFXAKG0QeAisDDWaiK_aRPJIrYXnIFHQvdZsGFetZ94MdzMZD83wDA32Ft_nS_IVoujRSsdJSRLo6flN5VBIuXN6YEJVqW7P_OJkhcqPZ0TzGXesTJGPr5xDbxGsfE_04gNzf4GTV0J9kuTpoK-38ZimkkryuHQWbllTXNgeLggbMLwp3uLfOTEbJqIKFH3QcCs1_6op-Y2dA6S05IkoruB5RqSTfPYZZDIHE7FZE2Cw36CqvkcBFAwIM8IdbK3zbstFGaEZwZhta8uzxXUadhSwxGNHvGC95Ib0yYElIrysq1Pxqv21zJn6R-gWETBooXOOgKF9MCQSUBpbM7l2howTDvPS3RPoQsWVbB9RrMYkMN3CXWnQ9VfnCM3DcfSAQSnkbihnfInQjQo4TiXP95Gp9BDWSXtF12OUQxxALcMeD3C7iLUj3cLTmd2jgWj7fET-IZgaBrUnLMiypmSuYISkO8jVVIgsA8MomV3b9r0jTZWpE_4KgEnaxiLa1IImUGu2F74r58cg5BB3B_ykbt9dQ9X_21EJLwZjY_62_jcttNL1VBJJkKpIdqfQJViGfW42-BbqzQJlYYxYvGnu9tu6Gls2kia3wyru-wud2ZYhs0TNUEUShnEqudQwje69SV64ZCvGedAxHEVn5QqmVR0jjKUQOIyq7v-5_EbTAV5nteerTBa3fWL7k57EamidUFKuF66PXeCPnD-SODBURln9NFhWK327erp0XKcnqKzjhHpw287VP51hNBTgg_Ry6ULWr8nroTXWLGFp5Ih1eCCQcIAw4brVfpsveLky_UpPEi3y1Q9XIKhMqw7P50syqcaTksGc7Vleek7dEUeDV9HW5NgGxR5Wus6GqtM2ctd7arhmr3L0CwwYaujftx3sbmspoxd1GRFRU1W0eX5SAPUvJG9vBvxItH2uqqEznXijVb_BWnqkPwrT7Thux6FzIruLukgvNo_RhvYg9aZDf2TdjZTPn4gDLXye18Cx2d6v0HbFpWODVA0OA6k5BjgD8-AOfZI0mWiiUYFLH54nuAJC3tQ9edHVnmvXi3tR_ZbNDrcMSgEVRYRpocKhjQuj_qbdymfPkK4ZeLd2XaI6kwOD6sw3iNFIAXhWqgvSeYtPebw6cb7gdiOWKK369pZEx0J8E2yVL62cmoa4ipKt9hbYsGT1HDFvJskzcnzHf24Ww0J0wbtuW01PNvUb0F1wwRjVGYxrqwCNpy7nXMS4vJhL4vaIb6VsNL9Ick1B5n1r0VvWAitHDiHdBgJ5cqUS_6oscwnMIUchxNRjBNJfo0t7hTO2_9E1JHhPciOwC54V1cYzqf00zjrXhmpphQ30c-nnSKUb7vqo6b-wZNyBt57BEBkqNDgCxRZ6TqKPowxHtQ2ikpyRe4TrAvz-ohvdTfSRniHLZ1PuZH7ZaTcCEjsSHtVqf3IZJf-XlwYuvr6xzCAyiB2-Bk8Jl1kgAfsqmpc4lKCeMYZG1YsRIIxR9QbpbS_N2URx8w6b01rr-d4mbiXlpDazv5p2KGyy52Cmhc3PJQzyVtwv6CH4jCERMhGpjpyC8gsL1awqPoRd4fCLEBoI2p2L3fHkBiCYnX_cXCygxeV5_NVMVlCxzQLlAE2EU2GflJuEN5lBtsU4O7w_RJnNgyYbnqwyMR2gN8mmSrp1C0DGR9OhkU0gWPLQbmr0pln-uhqRYOCKgHh2vL38Q3VnO3INW58lxs5xBV7cszAM4arhil1PtbKHgc210rnGb2BrOrJHisMmsR9SeIO1tPpcqMNA4Qyx4JyPpW4jKEH2pYkldBPCQoyLG2sQOFkRvv1S9cBIihNbELbN7S13FBI1qQLoGHiJHJPvJhf9PCJnJj8JL_hT3anjz9uYj1G3FqA1LQzxlFuFfadCOHu-plK7U6Mm6ciCsfD4iZ1Esq9mtKM00Rvvqpc2mHPV9ddEW9P-BSk_Sk7PMVheJcjHsLOPhJWoSjq9trF-UQPqGeMrDBcJ3jxiPV9epJedsMz5Qt8FSpQT-TGKPY1q7xET0uxEaIjOCR3SvnXyHTOmG_Sy2GjObNGHjjidzdSlyH53fK1tSQOdZ7tEamTGUhzMIHCNOG9QTn0iN3C7LtM3Ee0y7YGBRv_AflJ2N4LVhyrsZmGX1SV8bHNiqN-Q4gqmYyOYsB2143D9d_bI7BcGKBT4DTL2Ww512nvF1r3bqWFhFRWTvHcUFVC3_xEs67E-rFz_UjDGLYA3l2zQ2PG5E41Un9Xk6yp-2LmXUjwc0nUc0LvOboyp99vBr8eVNxmSAcjoOy_95r1h1ImYP7l1scNPdVVKGMH-ti4s4GXOPFH_zfLDz1IKK21yoZoTNVhQSJbIKZT84UBFASJDOBhhhHtgd3uE_BVyDSoshQgwL47TPXlJsRV7iYCj3aHIj70uJNpwB2ENfFD2-u7i5_3qzSljq_e_G_CRcnePemiZFNqcgFrk5hG6fceFWbkk1PL5Pp28ouQkICKAiIDW2jKiyL8n5SpEJmkvxDZUW1f77wcIzqqRbIf7mI4iX3Zb_3BMof7hxluMpsBwLwe9_jc6iLIxOYKmoiC4VfeeflFf_oO614X2ByXI2WBMSIdXP1rhQLJNxYOyPu7zcslX9aBargq14GfbEY6eP-8wGe8y9MTT6rDSF_xRkfCGR5a7N15jATRnAd-DkDrhZl-F34FDV1__NfEakL96PBGqIJJn7cg251gHrz_ECg8PKV3tLo73-CwCGdN3GPWsvuPUgaLGeBPfFisioH0Xe1aJmjUfPQKd-H_UXggLXWg_VSAX70JNYMIyUWjDHvD1LDGNj7bAud9jGZfhRZRSdnBZxeXxS014LjHd2DofDsEkMDN6TpzJH_9baMeiPF58r2Ofm0LKNf6o9jBckVOAzp4DZ1C_TGzGrCa9TyEySWMYItRl_qqV5qz6ctK_F&cid=CAQSTwAvHhf_lz2a-NnlShXOeUU0elKN698RRKbKDDJUhWzfeX4WMHvxqdrp4cGwSmCwHwz2QJ4uzPt6Vawl0u9NLFZewhjFpFKR_Ue06CT3ux0YAQ&dv3_ver=m202309260101&rfl=http%3A%2F%2Fmlx.su%2F&ds=l&xdt=1&iif=1&cor=12570625638764892000&adk=1964084971&idt=92&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99a6a4c892d66a3c254c7225754a4557920c0fe414fb77d5a66e0ea34be1da04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4796195822037540&output=html&h=250&slotname=3369457514&adk=1395306997&adf=2772626519&pi=t.ma~as.3369457514&w=300&lmt=1705857484&format=300x250&url=http%3A%2F%2Fmlx.su%2F&wgl=1&dt=1705857484304&bpp=1&bdt=354&idt=288&shv=r20240118&mjsv=m202401160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C468x60&nras=1&correlator=1273574755516&frm=20&pv=1&ga_vid=2130617466.1705857484&ga_sid=1705857485&ga_hid=1541986788&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=815&ady=248&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326&oid=2&pvsid=118611438461066&tmod=642202981&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=291
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13658
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/ Frame 039F 9 KB
4 KB 14ms
14ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://mlx.su/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 59553
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 00:45:32 GMT
etag: 9219409622527106327
expires: Sun, 04 Feb 2024 00:45:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/ Frame 84A6 9 KB
4 KB 14ms
13ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://mlx.su/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 59553
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 00:45:32 GMT
etag: 9219409622527106327
expires: Sun, 04 Feb 2024 00:45:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/ Frame 685B 9 KB
4 KB 15ms
15ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://mlx.su/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 59553
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 00:45:32 GMT
etag: 9219409622527106327
expires: Sun, 04 Feb 2024 00:45:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 039F 4 KB
1 KB 90ms
33ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 21 Jan 2024 16:35:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 039F 205 B
229 B 14ms
13ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 09:40:51 GMT
x-content-type-options: nosniff
age: 373034
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 16 Jan 2025 09:40:51 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 039F 604 B
628 B 15ms
15ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 21:39:38 GMT
x-content-type-options: nosniff
age: 243507
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 17 Jan 2025 21:39:38 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/ Frame 039F 16 KB
7 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 20:00:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76632
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6823
x-xss-protection: 0
server: cafe
etag: 11129212757755515379
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Feb 2024 20:00:53 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/ Frame 039F 22 KB
9 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 18:42:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81312
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9422
x-xss-protection: 0
server: cafe
etag: 10624764489894593518
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Feb 2024 18:42:53 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 56FF 624 B
242 B 55ms
54ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYmL35xgEwAQ&v=APEucNVHXXRFYOt5xCw9MUfYm5Z4jAQZfA_9bbOY5B-lutBedeWpiqle-GJaSKADvIBrQLPazAkxPcYC3Wo6V12hl2gs_aXBN_p8LpiW3itqLFpiKPX0iGn51f1X4aA7BUDzvp8ZestNEyy8tB0dVE6qgdipwgFq0QPqYH5pPqsWT32bICNNQaE

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 17:18:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5EDC 89 KB
31 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 5EDC 3 KB
1 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:05:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 730
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 04 Feb 2024 17:05:55 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 5EDC 20 KB
8 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 18:28:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82146
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Feb 2024 18:28:59 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5EDC 206 KB
65 KB 73ms
72ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5EDC 42 B
63 B 161ms
160ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AaaJEjU3S2dkIuEWb7AFhVOQrIh9qgDGvMrkoD8bma6_bFSSuEi2-DZKUBXKH8AmGr69C8rfCU_JIUhhfHsqkeBoK8izfUmlOkM-Gy_cI9egHKT7w

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame EC65
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1

43 B
338 B

24ms
23ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVrEGJ4nol3n1EuphiBcnngnNJXatVmgAAyQe4fSr5FByjXIbN8daum3nFz3QRq9G5LzgVR-djahiYvbI3SSooiKhW8NfIEidK6LZuXAIbRLlr53z1TOwWOnwBm2PJiPcB8VmUKle5brNE930nBSWfVTNc5I3KCRp6pauba1Zop8JF158U
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xjo41SBAVA7B%2Fr54%2BPhFFzL34JgxY2VxK4lqlORsylaYIEFRWF86IiQWy2k98sC7ris1JUuQNDB4fOIhQ3PNNltbWgqiDqU7WwMI4n1AD1HLa5Y0p%2BSkg%2BSXN2slCvveAtNv5z2gFgwujA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 849136e3d9964d97-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame EC65
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Za1RzWdYqIMDcuv3jMtFPQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1

43 B
734 B

22ms
22ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVrEGJ4nol3n1EuphiBcnngnNJXatVmgAAyQe4fSr5FByjXIbN8daum3nFz3QRq9G5LzgVR-djahiYvbI3SSooiKhW8NfIEidK6LZuXAIbRLlr53z1TOwWOnwBm2PJiPcB8VmUKle5brNE930nBSWfVTNc5I3KCRp6pauba1Zop8JF158U
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JuxJAZuK3G9MdfMIuCduOqwD03FUCpT%2FLZNNWSGI3JHcRkMF6%2Bv2SRg9D1OEarvZCQi2GnVp00neQeSy%2FoBjjygsmqSvDC7sJ2U2BYsCnFX12b6WSZ13SJZEiOZaqp3rrjGVo3vLe6mMRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 849136e42c163643-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame EC65
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEG8Q3UdMpxSQiKgPz1YUlio&google_cver=1

43 B
1007 B

12ms
12ms

Image
image/gif

37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEG8Q3UdMpxSQiKgPz1YUlio&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVrEGJ4nol3n1EuphiBcnngnNJXatVmgAAyQe4fSr5FByjXIbN8daum3nFz3QRq9G5LzgVR-djahiYvbI3SSooiKhW8NfIEidK6LZuXAIbRLlr53z1TOwWOnwBm2PJiPcB8VmUKle5brNE930nBSWfVTNc5I3KCRp6pauba1Zop8JF158U

Protocol

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
an-x-request-uuid: 68cdda3f-120d-4e38-8f9d-3ea80036e9c4
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 37.58.58.250; 37.58.58.250; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEG8Q3UdMpxSQiKgPz1YUlio&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EC65
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkxMDE5MDQ1ODk2NjI0NTA0Mg%3D%3D

170 B
243 B

24ms
24ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkxMDE5MDQ1ODk2NjI0NTA0Mg%3D%3D

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
an-x-request-uuid: 7620241e-399e-4563-809a-a097c3d9f2c2
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkxMDE5MDQ1ODk2NjI0NTA0Mg%3D%3D
x-proxy-origin: 37.58.58.250; 37.58.58.250; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 5F8A 176 KB
52 KB 119ms
92ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Za1RzAAK3noKZNHBAAP_kZQLhs_Ggtw2U93C-A&u=%7CCemNmF7xb6tVFVV0LKnfgQXwEqWIXjCIR39fT7xf5q8%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUETQtbu7-RuG02-JTbIw6iQcfCEIzTmgNg2xIeFvE2zvdEtfqOhKsalW4vSEeM5_U19pF1tXqS7BlfptUmvmJgVOkubhOLtiHX3HyJE6OcHcjAdAqo-24kaXvsuLYajYzyUDjeyKuXSuDNeF0wFdTfPrLiW59sOraaFTYxzevVgQswyWitOOpJOFFWBg2lCOu1Ukc0NNqXfbWS0zDbOZuQnaCq2kMTEgehoAiBKBh_AkCQVhM-Muy2W8LNP1s1ZkdIaQXrJbMqh2uBXg8rlfw-vTD1XHUn1Se3RGW3k7U8XzqOGPYsiWI1Oe1EmskPPy4R5thGtvpm8V3hc8iyj79PiNAIoX-A5HxiDXBOGEVi1d0pDFFAStTFy_FRKs7irknQfpIrc4-jgnFsDweEc2v0S69sai8TndHSnrLHV-iPRvhBGlyNKEKtAgA1lRbVig91EBGf5h_y4FwQ9ie4gWDDz4-WB8d6oIhwrWu1c6ChQ0ph_RDIclF6lQXQAK6c4SCVTdhqiabHS5OzC9ZGKftRcWiG9_FLULu4YTWjrBaBR4RWYnSFhrxfbPAXsE3ZmSFuwQNqsx-izn-WlADpMdi8m7Tmzzww-uoJC4je1NF2T7tr1Zx9UysknuaEb3DGaIs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmPw-zFGtZfq8K8GjkwOR_4-gA8me0rFchf6X93DAjbcBEAEgAGCVgoCAoAeCARdjYS1wdWItNDc5NjE5NTgyMjAzNzU0MMgBCakCnYpr6GVIsj6oAwHIAwKqBKwBT9B16Axn6G45TWYfGMX5_tYkya_LFxtWcVnJSTqVCTSuzHXAu53AYXXrLm82ootS8ZumVwUu8TOhmhjaH7jbvDDi0z8EvDMvpIqeBpZ3M9TkW2vK9L3gcO_TWzsFKBwERycVX3-S5cu0iZH79r8smBVxNK_g5baolFCe51df4e48bEyRIZmDWUoKomMvZSAI4UucaMkupLWzJQPTWF5MUTq768fR8nRlTDYS24AG9aedkJiV_rhwoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WKznoqv-7oMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_00-f30ualMK8O9PvERowawJjyGRQ%26client%3Dca-pub-4796195822037540%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e86370811b31d2333999248eeb6f6b8e7d719a0679f305fa23b3a737ab18dab8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 17:18:04 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=04fmAkP8JhPDmuZSaj8hn-vxFemOs0AF1Ui7pbUnkq_-IXzolIsa_Z3YKwX1bdJXjU9JIA32bsxdnevwUDCH47_wkRTmOeatBuQkYlEvNFV9Zcxa0gMhafpCnZIJvcEZP0ZF47UuY9UYPCy-ztnUABCpyrtld4b-HutFiWI3fnImXJYBVQHfl0LjhrdtSsJAztleh3igLSyVNXIURDL-PcUCVg4DZOYaidHgzkggAXZImZ0wXEIm8WpDoVBZTz8O0raJoQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 72662930
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 685B 3 KB
1 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:05:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 730
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 04 Feb 2024 17:05:55 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 685B 20 KB
8 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 18:28:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82146
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Feb 2024 18:28:59 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 685B 206 KB
65 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 94FF 41 KB
14 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BpjtuJwwyicuD24cQJrTrBi9zXtrfhdHxJBp-NdNjC0SG-iipGiX-vqx5JfycSBff95ORKQKpayMdcUedieIkQ99gmRems2Ic5zIU-AJRYm5rjJwfdnS0Jpzx6Sc1RQ_aQ0vFi0kT5VTm-ifw106YtA6NbptTyx2x1NvNJ6mCtPLhI-Hc&cry=1&dbm_d=AKAmf-CKFhNvjpWoyxalO4kZZc2Nsmt0W3TAQS-pKDGYIapQaLza0PrnpxQxKlfpBeLNNKPlJBhyKEyTvfs7ImPelwuTq0orGpLBzLMf75kecWPAW6MP41R7JBbuy2RL95FNLBbTj2OCCYmpP_5rWLNZ3VoWHPWZfyqf3oybT0kOXEtN2aPNZmt50_NgQYWH2E0JnidfVRbb9AJyqUlVrc-XoVErc41hjmOAGkBZcijcQMuurxF954N4cyrPFpkilpBAjpxaLnK85VL2Rgy8o6NX6s_eRs0ic3Wf2qo-4CX3awu0aEOrnt2MFnyZxGubS1f4DzgCDU3kEGFfxyA13ypgRXjgw1FHjFTS-t3O7YcGh7x6O8mZxEtjXaig9mKKlVNlK3mlornekm2G-Y2NL4uh5dD2X5EQVCXO31utre4AQGt356vX97jCix3wfHxsD1tZk9uY5_OiNvaFXSt8tDrsyKq2kifysD4Q5ifWyrBMw0ZD5e7QF8JW1AD30aR_ROIufFUp2Lc7-5DdxI1UfgVrFad0kSqKW7oEdmorDWnFeUCvauQcdtikrdVBbnRwWrxXwEzNQ9LdKK8wOv5LzgKSA1Q58MEFjcui6d7L3-4YP1pSKHvjTbYaxJl5vzYluTa1_sWtYE4dGUN2eSCkXBbMf9fELwNTRwjgqY5aVcOe6ML3rvSh6tNHhjn3AAxwjbJjPXyLYrmRK5TsliCyEUnMTID08q-wCLh-86ayheibClYqQd8PlQ3WuS545PXXzbS2c0h9ooaKfVaeL4PafT8FFXAKG0QeAisDDWaiK_aRPJIrYXnIFHQvdZsGFetZ94MdzMZD83wDA32Ft_nS_IVoujRSsdJSRLo6flN5VBIuXN6YEJVqW7P_OJkhcqPZ0TzGXesTJGPr5xDbxGsfE_04gNzf4GTV0J9kuTpoK-38ZimkkryuHQWbllTXNgeLggbMLwp3uLfOTEbJqIKFH3QcCs1_6op-Y2dA6S05IkoruB5RqSTfPYZZDIHE7FZE2Cw36CqvkcBFAwIM8IdbK3zbstFGaEZwZhta8uzxXUadhSwxGNHvGC95Ib0yYElIrysq1Pxqv21zJn6R-gWETBooXOOgKF9MCQSUBpbM7l2howTDvPS3RPoQsWVbB9RrMYkMN3CXWnQ9VfnCM3DcfSAQSnkbihnfInQjQo4TiXP95Gp9BDWSXtF12OUQxxALcMeD3C7iLUj3cLTmd2jgWj7fET-IZgaBrUnLMiypmSuYISkO8jVVIgsA8MomV3b9r0jTZWpE_4KgEnaxiLa1IImUGu2F74r58cg5BB3B_ykbt9dQ9X_21EJLwZjY_62_jcttNL1VBJJkKpIdqfQJViGfW42-BbqzQJlYYxYvGnu9tu6Gls2kia3wyru-wud2ZYhs0TNUEUShnEqudQwje69SV64ZCvGedAxHEVn5QqmVR0jjKUQOIyq7v-5_EbTAV5nteerTBa3fWL7k57EamidUFKuF66PXeCPnD-SODBURln9NFhWK327erp0XKcnqKzjhHpw287VP51hNBTgg_Ry6ULWr8nroTXWLGFp5Ih1eCCQcIAw4brVfpsveLky_UpPEi3y1Q9XIKhMqw7P50syqcaTksGc7Vleek7dEUeDV9HW5NgGxR5Wus6GqtM2ctd7arhmr3L0CwwYaujftx3sbmspoxd1GRFRU1W0eX5SAPUvJG9vBvxItH2uqqEznXijVb_BWnqkPwrT7Thux6FzIruLukgvNo_RhvYg9aZDf2TdjZTPn4gDLXye18Cx2d6v0HbFpWODVA0OA6k5BjgD8-AOfZI0mWiiUYFLH54nuAJC3tQ9edHVnmvXi3tR_ZbNDrcMSgEVRYRpocKhjQuj_qbdymfPkK4ZeLd2XaI6kwOD6sw3iNFIAXhWqgvSeYtPebw6cb7gdiOWKK369pZEx0J8E2yVL62cmoa4ipKt9hbYsGT1HDFvJskzcnzHf24Ww0J0wbtuW01PNvUb0F1wwRjVGYxrqwCNpy7nXMS4vJhL4vaIb6VsNL9Ick1B5n1r0VvWAitHDiHdBgJ5cqUS_6oscwnMIUchxNRjBNJfo0t7hTO2_9E1JHhPciOwC54V1cYzqf00zjrXhmpphQ30c-nnSKUb7vqo6b-wZNyBt57BEBkqNDgCxRZ6TqKPowxHtQ2ikpyRe4TrAvz-ohvdTfSRniHLZ1PuZH7ZaTcCEjsSHtVqf3IZJf-XlwYuvr6xzCAyiB2-Bk8Jl1kgAfsqmpc4lKCeMYZG1YsRIIxR9QbpbS_N2URx8w6b01rr-d4mbiXlpDazv5p2KGyy52Cmhc3PJQzyVtwv6CH4jCERMhGpjpyC8gsL1awqPoRd4fCLEBoI2p2L3fHkBiCYnX_cXCygxeV5_NVMVlCxzQLlAE2EU2GflJuEN5lBtsU4O7w_RJnNgyYbnqwyMR2gN8mmSrp1C0DGR9OhkU0gWPLQbmr0pln-uhqRYOCKgHh2vL38Q3VnO3INW58lxs5xBV7cszAM4arhil1PtbKHgc210rnGb2BrOrJHisMmsR9SeIO1tPpcqMNA4Qyx4JyPpW4jKEH2pYkldBPCQoyLG2sQOFkRvv1S9cBIihNbELbN7S13FBI1qQLoGHiJHJPvJhf9PCJnJj8JL_hT3anjz9uYj1G3FqA1LQzxlFuFfadCOHu-plK7U6Mm6ciCsfD4iZ1Esq9mtKM00Rvvqpc2mHPV9ddEW9P-BSk_Sk7PMVheJcjHsLOPhJWoSjq9trF-UQPqGeMrDBcJ3jxiPV9epJedsMz5Qt8FSpQT-TGKPY1q7xET0uxEaIjOCR3SvnXyHTOmG_Sy2GjObNGHjjidzdSlyH53fK1tSQOdZ7tEamTGUhzMIHCNOG9QTn0iN3C7LtM3Ee0y7YGBRv_AflJ2N4LVhyrsZmGX1SV8bHNiqN-Q4gqmYyOYsB2143D9d_bI7BcGKBT4DTL2Ww512nvF1r3bqWFhFRWTvHcUFVC3_xEs67E-rFz_UjDGLYA3l2zQ2PG5E41Un9Xk6yp-2LmXUjwc0nUc0LvOboyp99vBr8eVNxmSAcjoOy_95r1h1ImYP7l1scNPdVVKGMH-ti4s4GXOPFH_zfLDz1IKK21yoZoTNVhQSJbIKZT84UBFASJDOBhhhHtgd3uE_BVyDSoshQgwL47TPXlJsRV7iYCj3aHIj70uJNpwB2ENfFD2-u7i5_3qzSljq_e_G_CRcnePemiZFNqcgFrk5hG6fceFWbkk1PL5Pp28ouQkICKAiIDW2jKiyL8n5SpEJmkvxDZUW1f77wcIzqqRbIf7mI4iX3Zb_3BMof7hxluMpsBwLwe9_jc6iLIxOYKmoiC4VfeeflFf_oO614X2ByXI2WBMSIdXP1rhQLJNxYOyPu7zcslX9aBargq14GfbEY6eP-8wGe8y9MTT6rDSF_xRkfCGR5a7N15jATRnAd-DkDrhZl-F34FDV1__NfEakL96PBGqIJJn7cg251gHrz_ECg8PKV3tLo73-CwCGdN3GPWsvuPUgaLGeBPfFisioH0Xe1aJmjUfPQKd-H_UXggLXWg_VSAX70JNYMIyUWjDHvD1LDGNj7bAud9jGZfhRZRSdnBZxeXxS014LjHd2DofDsEkMDN6TpzJH_9baMeiPF58r2Ofm0LKNf6o9jBckVOAzp4DZ1C_TGzGrCa9TyEySWMYItRl_qqV5qz6ctK_F&cid=CAQSTwAvHhf_lz2a-NnlShXOeUU0elKN698RRKbKDDJUhWzfeX4WMHvxqdrp4cGwSmCwHwz2QJ4uzPt6Vawl0u9NLFZewhjFpFKR_Ue06CT3ux0YAQ&dv3_ver=m202309260101&rfl=http%3A%2F%2Fmlx.su%2F&ds=l&xdt=1&iif=1&cor=12570625638764892000&adk=1964084971&idt=92&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:28:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 398992
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jan 2025 02:28:13 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTg1NzQ4NTI5MDg0MAogIHNlcnZlcl9pcDogMTQ2NTMzODc4CiAgcHJvY2Vzc19pZDogMzg5MjYwNTQ3MAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 94FF 0
867 B 247ms
179ms Image
image/png 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTg1NzQ4NTI5MDg0MAogIHNlcnZlcl9pcDogMTQ2NTMzODc4CiAgcHJvY2Vzc19pZDogMzg5MjYwNTQ3MAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxMzc4MjM4NTQzMTUzODA0MTEyNQpkZWJ1Z19rZXk6IDEwMDAwNTQ5OTkyNjIxMzQ0Nzc3CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyNC0wMS0yMSIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExODY4OTQzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzMyMTc1ODk5CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA4NzgyNDM2OTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTY2NjAxNDIwNjMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTYyMDcwNjcKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2RlYnVnY29udmVyc2lvbmRvbWFpbjEuY29tIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vZGVidWdjb252ZXJzaW9uZG9tYWluMi5jb20iCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3NTQ5NzQ3MjAK

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xff11a8a4e2b353870000000000000000","13":"0x996c69c6999339a00000000000000000","14":"0x7b2baae6ac589f5a0000000000000000","15":"0x7107c1ca7c1912b80000000000000000"},"debug_key":"10000549992621344777","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"13782385431538041125"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame 94FF 11 KB
4 KB 46ms
13ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=&gdpr_consent=&rnd=1705857484779405&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUvi_zFGtZY3JL5mvs8IPsemPoAym5b2gaa2VnKfJD_AuEAEgzt_EKWCVgoCAoAfIAQmpAp2Ka-hlSLI-qAMByAObBKoE9AFP0MeksTlisbvEpyfsqhR6E8bq2aHvtb6HN6Hk92U8c0Jv2gX0akBT6TRkij3fF9OpQ75uimXJl6eMd-8TTaExruAL33ka65QNnkimqH3iLmT8G9w5JugMQy77wXOmJsru6BUWLdnFIvbkmxb7dB_jCZed4cLMsPco9utN132sU_YkH7-e2TOy3FKdfaf_rI1Dz5D7l2JED97qxydZk2mfGMO50hwSJBta8-Ihiytcqr-crh-iDcqUJbY744SyQqYnYwG2lpruZy2ZzeuJM6iUuBQEdKL4FtgkDgcRvEkCEFSt7cmmd4USLA_QwdOWu-x5TgzCwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WKXwoqv-7oMDgAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_lz2a-NnlShXOeUU0elKN698RRKbKDDJUhWzfeX4WMHvxqdrp4cGwSmCwHwz2QJ4uzPt6Vawl0u9NLFZewhjFpFKR_Ue06CT3ux0YAQ%26sig%3DAOD64_1uuj4_gy2iAbM2dwkbQGXUJNVrug%26client%3Dca-pub-4796195822037540%26dbm_c%3DAKAmf-CJtzBwdMjsv5tHVlanq8IzMNHBEHyg3uhsq5ng2DKNfWlCDCQ879nsAffFb1rEcqrjcVqEdoVYI5iSgWuPmplzWOxg7IobZiP59QWBQi-wIISFdrbSoiFxaJfQMPoEva-ygXHmiS2oUdUladrWcqXtaoO0i0uKB_ZFQ5Hz01j9Yo6Z8dQ%26cry%3D1%26dbm_d%3DAKAmf-DnrB9kCo-S2dSFtGb_K3Vqp8ZNN2GBsparOSYB4yxMF83WreeS7QBR8t1wXEt2qEJH5ofGNDs81pjliG14LPxuCABy2ZPvS-AbKyeQ6hgdfuRvzmFtG9QFPqigu7liGE-6HIqLjH2Z5Ji2ECCsjw9M4WerMeCwOuVT-7A5IKk0bRjp6xQQpuUr0x9V_YD0Ybn8xjqm3Slhi7HpXKtreiAVrF-OjNcqCpBJmKszRH8VOgW_L2uXxT9kaRY-R3ld_MYJ1eWeO0HyYdZanL26cB8H9LmCoMp-d-GvCvAfUVQ1j21anCCxEckfF2tj8SKl13f_PqvbXS4Qgw2Dmn17ANTXyuHwnrHDLH-VJcN7lF4vbx5L5tK-M2wKGeJ5CHCxQ7pg0sCZnWWRIihDlworDLIj4vTjN7o3kdJ6MrjJB-PEXM1aSZEXR8s2SrVs9p7njUE9wyIJY5zBAaKD_2z0zHLbpj85PAMEOus77dwSwAFXTm3Po0BNsZ2X85u_KgcpupT3ySFj9LLPuI3CuyeqdOBlaxOsevTyLP8cZk9v0lYHpuDZfwM%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4796195822037540&output=html&h=250&slotname=3369457514&adk=1395306997&adf=2772626519&pi=t.ma~as.3369457514&w=300&lmt=1705857484&format=300x250&url=http%3A%2F%2Fmlx.su%2F&wgl=1&dt=1705857484304&bpp=1&bdt=354&idt=288&shv=r20240118&mjsv=m202401160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C468x60&nras=1&correlator=1273574755516&frm=20&pv=1&ga_vid=2130617466.1705857484&ga_sid=1705857485&ga_hid=1541986788&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=815&ady=248&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326&oid=2&pvsid=118611438461066&tmod=642202981&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=291
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cdacb012543e54643594e5ea00746269874a1678f49bc91fd7749aa01ae3df0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:05 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4160
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 41AD 38 KB
13 KB 14ms
14ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 419037
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 20:54:08 GMT
expires: Wed, 15 Jan 2025 20:54:08 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 8BED 2 KB
553 B 34ms
33ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A400%2C600

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e537bb0b81601eabcdc6dd4e2eb938917a7c6887765651882ec0ed5081c26c67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 21 Jan 2024 17:13:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 8BED 2 KB
822 B 15ms
15ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 18:28:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82146
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Feb 2024 18:28:59 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame 8BED 23 KB
9 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 18:28:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82146
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Feb 2024 18:28:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 8BED 3 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:05:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 730
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 04 Feb 2024 17:05:55 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 8BED 20 KB
8 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 18:28:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82146
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Feb 2024 18:28:59 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8BED 206 KB
65 KB 106ms
105ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H3 200 4cee352c918c506f58256258d534a665.js Show response
www.gstatic.com/mysidia/ Frame 8BED 37 KB
15 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 346042
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 00:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 17:10:43 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 56FF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1

43 B
773 B

26ms
26ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYmL35xgEwAQ&v=APEucNVHXXRFYOt5xCw9MUfYm5Z4jAQZfA_9bbOY5B-lutBedeWpiqle-GJaSKADvIBrQLPazAkxPcYC3Wo6V12hl2gs_aXBN_p8LpiW3itqLFpiKPX0iGn51f1X4aA7BUDzvp8ZestNEyy8tB0dVE6qgdipwgFq0QPqYH5pPqsWT32bICNNQaE
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jy9Fp6mV3oPQAP2INPo1fwzc7ahSXL%2FOKt%2Fx8DzQ%2BGSyNyB%2FSzpeCJGAhdIrkY1Cw2JEbJu4kbCv1lFsdmlXqlASyggyecytMX1vF%2BRistebPulJHSveWFK5lAMa7muvd%2BHLO2JqddV09Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 849136e3fbd83643-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 56FF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Za1RzWdYqIMDcuv3jMtFPQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1

43 B
732 B

25ms
25ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYmL35xgEwAQ&v=APEucNVHXXRFYOt5xCw9MUfYm5Z4jAQZfA_9bbOY5B-lutBedeWpiqle-GJaSKADvIBrQLPazAkxPcYC3Wo6V12hl2gs_aXBN_p8LpiW3itqLFpiKPX0iGn51f1X4aA7BUDzvp8ZestNEyy8tB0dVE6qgdipwgFq0QPqYH5pPqsWT32bICNNQaE
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2CmJwIMN1O75AiZWcCxOV%2F2aQjJe%2FxhjcBDuiNQGqXjrU1ofFhH4X68DwRldHpNyk7MkGisM3DRUnycbeGAqlmkqqEXFSsllnoGJeJU0esF9MRgn1yXPRkISxt9%2Bbl4Cspf4SxpiA2dRLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 849136e42c183643-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC-RKFPIcDRe68nJuRLF8GQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 56FF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEG8Q3UdMpxSQiKgPz1YUlio&google_cver=1

43 B
1006 B

14ms
14ms

Image
image/gif

37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEG8Q3UdMpxSQiKgPz1YUlio&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYmL35xgEwAQ&v=APEucNVHXXRFYOt5xCw9MUfYm5Z4jAQZfA_9bbOY5B-lutBedeWpiqle-GJaSKADvIBrQLPazAkxPcYC3Wo6V12hl2gs_aXBN_p8LpiW3itqLFpiKPX0iGn51f1X4aA7BUDzvp8ZestNEyy8tB0dVE6qgdipwgFq0QPqYH5pPqsWT32bICNNQaE

Protocol

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
an-x-request-uuid: b045b3ac-2f72-48dd-831b-a23b9b66def6
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 37.58.58.250; 37.58.58.250; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEG8Q3UdMpxSQiKgPz1YUlio&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 56FF
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkxMDE5MDQ1ODk2NjI0NTA0Mg%3D%3D

170 B
232 B

28ms
27ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkxMDE5MDQ1ODk2NjI0NTA0Mg%3D%3D

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
an-x-request-uuid: 84f11097-63ef-4bce-8ffc-07c375c0b4ea
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkxMDE5MDQ1ODk2NjI0NTA0Mg%3D%3D
x-proxy-origin: 37.58.58.250; 37.58.58.250; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

request.php Show response
hal900010.redintelligence.net/ Frame 94FF
Redirect Chain

https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f49655b3e5&subid=&uid=853ca7bb12e769ad&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f49655b3e5&subid=&uid=853ca7bb12e769ad&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

127ms
100ms

Script
application/x-javascript

138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f49655b3e5&subid=&uid=853ca7bb12e769ad&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUvi_zFGtZY3JL5mvs8IPsemPoAym5b2gaa2VnKfJD_AuEAEgzt_EKWCVgoCAoAfIAQmpAp2Ka-hlSLI-qAMByAObBKoE9AFP0MeksTlisbvEpyfsqhR6E8bq2aHvtb6HN6Hk92U8c0Jv2gX0akBT6TRkij3fF9OpQ75uimXJl6eMd-8TTaExruAL33ka65QNnkimqH3iLmT8G9w5JugMQy77wXOmJsru6BUWLdnFIvbkmxb7dB_jCZed4cLMsPco9utN132sU_YkH7-e2TOy3FKdfaf_rI1Dz5D7l2JED97qxydZk2mfGMO50hwSJBta8-Ihiytcqr-crh-iDcqUJbY744SyQqYnYwG2lpruZy2ZzeuJM6iUuBQEdKL4FtgkDgcRvEkCEFSt7cmmd4USLA_QwdOWu-x5TgzCwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WKXwoqv-7oMDgAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_lz2a-NnlShXOeUU0elKN698RRKbKDDJUhWzfeX4WMHvxqdrp4cGwSmCwHwz2QJ4uzPt6Vawl0u9NLFZewhjFpFKR_Ue06CT3ux0YAQ%26sig%3DAOD64_1uuj4_gy2iAbM2dwkbQGXUJNVrug%26client%3Dca-pub-4796195822037540%26dbm_c%3DAKAmf-CJtzBwdMjsv5tHVlanq8IzMNHBEHyg3uhsq5ng2DKNfWlCDCQ879nsAffFb1rEcqrjcVqEdoVYI5iSgWuPmplzWOxg7IobZiP59QWBQi-wIISFdrbSoiFxaJfQMPoEva-ygXHmiS2oUdUladrWcqXtaoO0i0uKB_ZFQ5Hz01j9Yo6Z8dQ%26cry%3D1%26dbm_d%3DAKAmf-DnrB9kCo-S2dSFtGb_K3Vqp8ZNN2GBsparOSYB4yxMF83WreeS7QBR8t1wXEt2qEJH5ofGNDs81pjliG14LPxuCABy2ZPvS-AbKyeQ6hgdfuRvzmFtG9QFPqigu7liGE-6HIqLjH2Z5Ji2ECCsjw9M4WerMeCwOuVT-7A5IKk0bRjp6xQQpuUr0x9V_YD0Ybn8xjqm3Slhi7HpXKtreiAVrF-OjNcqCpBJmKszRH8VOgW_L2uXxT9kaRY-R3ld_MYJ1eWeO0HyYdZanL26cB8H9LmCoMp-d-GvCvAfUVQ1j21anCCxEckfF2tj8SKl13f_PqvbXS4Qgw2Dmn17ANTXyuHwnrHDLH-VJcN7lF4vbx5L5tK-M2wKGeJ5CHCxQ7pg0sCZnWWRIihDlworDLIj4vTjN7o3kdJ6MrjJB-PEXM1aSZEXR8s2SrVs9p7njUE9wyIJY5zBAaKD_2z0zHLbpj85PAMEOus77dwSwAFXTm3Po0BNsZ2X85u_KgcpupT3ySFj9LLPuI3CuyeqdOBlaxOsevTyLP8cZk9v0lYHpuDZfwM%26adurl%3D&documentReferer=http%3A%2F%2Fmlx.su%2F&ancestorOrigins=http%3A%2F%2Fmlx.su&random=2466316537734&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4796195822037540&output=html&h=250&slotname=3369457514&adk=1395306997&adf=2772626519&pi=t.ma~as.3369457514&w=300&lmt=1705857484&format=300x250&url=http%3A%2F%2Fmlx.su%2F&wgl=1&dt=1705857484304&bpp=1&bdt=354&idt=288&shv=r20240118&mjsv=m202401160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C468x60&nras=1&correlator=1273574755516&frm=20&pv=1&ga_vid=2130617466.1705857484&ga_sid=1705857485&ga_hid=1541986788&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=815&ady=248&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326&oid=2&pvsid=118611438461066&tmod=642202981&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=291
Protocol: HTTP/1.1
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 949d09e167c9b01dcc2c1536850e2bd3dc209d9d6dfec750b4f427fda41321b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 21 Jan 2024 17:18:05 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 22136800089563704444554012576010
Connection: close
Content-Length: 1328
Expires: Sun, 21 Jan 2024 17:18:05 +0100

Redirect headers

Pragma: no-cache
Date: Sun, 21 Jan 2024 17:18:05 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f49655b3e5&subid=&uid=853ca7bb12e769ad&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUvi_zFGtZY3JL5mvs8IPsemPoAym5b2gaa2VnKfJD_AuEAEgzt_EKWCVgoCAoAfIAQmpAp2Ka-hlSLI-qAMByAObBKoE9AFP0MeksTlisbvEpyfsqhR6E8bq2aHvtb6HN6Hk92U8c0Jv2gX0akBT6TRkij3fF9OpQ75uimXJl6eMd-8TTaExruAL33ka65QNnkimqH3iLmT8G9w5JugMQy77wXOmJsru6BUWLdnFIvbkmxb7dB_jCZed4cLMsPco9utN132sU_YkH7-e2TOy3FKdfaf_rI1Dz5D7l2JED97qxydZk2mfGMO50hwSJBta8-Ihiytcqr-crh-iDcqUJbY744SyQqYnYwG2lpruZy2ZzeuJM6iUuBQEdKL4FtgkDgcRvEkCEFSt7cmmd4USLA_QwdOWu-x5TgzCwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WKXwoqv-7oMDgAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_lz2a-NnlShXOeUU0elKN698RRKbKDDJUhWzfeX4WMHvxqdrp4cGwSmCwHwz2QJ4uzPt6Vawl0u9NLFZewhjFpFKR_Ue06CT3ux0YAQ%26sig%3DAOD64_1uuj4_gy2iAbM2dwkbQGXUJNVrug%26client%3Dca-pub-4796195822037540%26dbm_c%3DAKAmf-CJtzBwdMjsv5tHVlanq8IzMNHBEHyg3uhsq5ng2DKNfWlCDCQ879nsAffFb1rEcqrjcVqEdoVYI5iSgWuPmplzWOxg7IobZiP59QWBQi-wIISFdrbSoiFxaJfQMPoEva-ygXHmiS2oUdUladrWcqXtaoO0i0uKB_ZFQ5Hz01j9Yo6Z8dQ%26cry%3D1%26dbm_d%3DAKAmf-DnrB9kCo-S2dSFtGb_K3Vqp8ZNN2GBsparOSYB4yxMF83WreeS7QBR8t1wXEt2qEJH5ofGNDs81pjliG14LPxuCABy2ZPvS-AbKyeQ6hgdfuRvzmFtG9QFPqigu7liGE-6HIqLjH2Z5Ji2ECCsjw9M4WerMeCwOuVT-7A5IKk0bRjp6xQQpuUr0x9V_YD0Ybn8xjqm3Slhi7HpXKtreiAVrF-OjNcqCpBJmKszRH8VOgW_L2uXxT9kaRY-R3ld_MYJ1eWeO0HyYdZanL26cB8H9LmCoMp-d-GvCvAfUVQ1j21anCCxEckfF2tj8SKl13f_PqvbXS4Qgw2Dmn17ANTXyuHwnrHDLH-VJcN7lF4vbx5L5tK-M2wKGeJ5CHCxQ7pg0sCZnWWRIihDlworDLIj4vTjN7o3kdJ6MrjJB-PEXM1aSZEXR8s2SrVs9p7njUE9wyIJY5zBAaKD_2z0zHLbpj85PAMEOus77dwSwAFXTm3Po0BNsZ2X85u_KgcpupT3ySFj9LLPuI3CuyeqdOBlaxOsevTyLP8cZk9v0lYHpuDZfwM%26adurl%3D&documentReferer=http%3A%2F%2Fmlx.su%2F&ancestorOrigins=http%3A%2F%2Fmlx.su&random=2466316537734&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Sun, 21 Jan 2024 17:18:05 +0100

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5EDC 0
20 B 160ms
160ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6232747581764&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5EDC 0
20 B 159ms
159ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6232747581764&version=m202309260101&ct=76&x=1&cor=17390372744579009000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5EDC 100 KB
39 KB 64ms
62ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BsuZI4K-a3S1BkUGok_UjMAHr05ZMOZiS8UdL9gsqCVMxD01Wv7wdkvnH4UiIC_P7WKZNrTBKcaiV4mCWyuJoPDWSWuuMugX0SLRF5rEmZEcuLUScenGoFvwm9pDsoOOP2TNR29ySf9yL9l2BKZ94THuSbEySsTMMmnpRR3QIAssC3H98&dbm_d=AKAmf-DS8iFrvGEZcKsBIm4MDIyhhu71CL9JOnVcbsspFip0xfbhDzVh9O5FV1yVWm-SAYU-iiJ2amlr30cHFHXZFjh99PZaulr4eWsYbSsjAPykYArO7y5pf5QEwNPSRrYjOMZp4wl7nbqHY-69l90Bucefx5gSSJJvmBsLMr5YdQD0B63CuvChqbZQtxF5yfMSRgltkHntL4KGkJxZEiEcDah4k4FseVnafV5rjDRHRAfciVZLTKG_T57XPWcgW5xlemYic5ACemh1CYPhHmiIkRF3rdr8QzY8fr1ol4anK7AUMVZ9-2v_LksY5HiMYnydOE1-yPX-Q1hvJTb-IXPbOmgprqTQ8Rf-RRVfpsGLeAa_rQYRAvvAFLmi7Zg8SriXKFEh3015pVBqcXotugeenLltjMQ2UHkfPL2jmUIytyRIX1wKsAJxzD_nNqY06UDodcYm5TbFSYgaOo4_5A7VTwMCku6ZOILJS6ojyMDLhnyJoxLWGYZNxJzx5jDNz2F_oWzUlqIlqmvPOoUxYWWoyIrK7N3TgrliFmM0hX95fehhk89QNd-w4UMfXIYg9H4mDYifaQFBYpuMMdnmoUmTcBDGyWjwjRAzAi7VPMRUlPTNCnTbRwWU7VCfN0iiACx9J-Pr2NqN76Yz4uIHrbWFWxMbtJDD_Lf5u7PwFO9r-v4k0qt0Y7eKeQtEsPIa1LfKGCqM21PIHTLn0Hag4W8sHfEIJELsckOnhPqgEHcEB-94p35a-RYWiz82Mi3NCj38_p01ZUSCD_n6sQUtciU4RQRAWqxGr7u_mNimO3h4rsh7qG1hnDd4-PiUl0YUnP8CHw90Au2JDPaUqetyTkPOpS4q4ryWVTE1M7qg7XNvE0J9emZbUxKxXDL6NEKEzxDDaHRckWmpbrTkaGrbk_2PJjlVSp7iOrAPqzCKJwIr5pDbLE2z6QXmhS6caZBYZ72XZHa7LZGj0GJjoX9JaPwH5dGBGhbeKnL76P2KmfT3mBeb-TDr3c7N2kmPxAwXsNEUDvpHImZQrlSMsAclkb7f16twjapuI9X-EUvEZb0nAYwieO8VwBqw9TxVS1kxiGrEJK7sQgzpLha2GUSO91ayk4POQTmvfnRqObM70WRRd9Kp8q2m7k6IBJd67ZclIUkdSEGfCNSa5wx80WmHTpj3Qtp7Q61RXkzM8sNyF26zaX44Yj_w7lN_MC2bGYGhRZVLoin_3Hs4Dyc6fA1EHPb5eSkvtzvNNwSVGy1cGTosfnp8rnNCDa0cGrw-vuqjyYbj09egbYp5kInFqPi7SnPg7qei8nf1hlO4ytXTvVKiOH8Rb7bC5uUAJ4t_Y858sNBGeeDDa_qHBf6rMhbtweLwzeQXsvxR_gHBd1MVUlDP_oOSY9b_XONYXUxl-Q6Lh5o0l1Sz5-iDLLxUgZvFCelGOYaCvyBfz99lX-LcIWYufWplXoc0uMv4mYHllKVm4u6fwhENgc3nSV0Y9OFPuDxS4zkBbjmPApuHmnLB0Wn1sqvtarAfFK6ebjM7PwKuAp4Xy_2osSKPx_p9B6xF_c6UEm1dQOEtBQldvd23sqpLLmR02PlNtBm-J4tkFu6vzx_G7kQisBIy34t4atYnJVrWClZUi4sunVCX_izjj4EQ9r7HcrDQpUeiMlQtv5xiQ3cjEKY7fcnJTCSjJa04owcgjjxoG0pq4fSi_xmMCiM4pIAhdw-GABFeWyBF1ux4I8DUDzpfhgkqPvuObSuVUYe7zPqCfblQcguMJqk5Zz9yERC4oBY2ycbEbNvV3RqyBt3JmlY2joiDUjj0F2CryiY_GfPsKN3cR6C7bCHljyYSkBZkzI2r0Gnlr5h-f5n7M4fpBlHpQzwiJHtwPvgMwSY-pO9inqooFaI0X5Mjd6vSr0r8Y7A-qqbmIsRtqjf4o66IVhUwMiScPtnd48HMpHoLkHUr-oRHBJkRt3oqKvy3l2si_kb7rykY_YRr5fpbV4xamnZ9R7g8s0rZJnfnvDxDdeyhHC7Fvi1VpiJ9VdDfmLbcC88VvmoI8lbJVU5k6Sh6Bc38JCIyzmxPcubsnmSKb0g73vdjZU2YgiTPZJFvKm00fbnbAi1rChFF1K_lhtB6yA0_yUDZS3xuVsiII4TW1hVajnsHKkFqrJ6mQJuL_gNOhKaTjqqLN1l9NYeqcZNTWQyHCi8kXUQFKS4ybEK8FMkWVRZc2fSo6uf9npeivD5EhhWwW-vT411HWUv9xczJfn48JH_hS1TYBBZaulhQGQfhlMStPZf2Ru3Mc2utsVxF3u1YCnN-eduYkutJiD7aGqp5Jo7nzHK1b8tW0H9zzNFzVnlUV09qLY0MJsZ6Oc7Ss2SaOzASNau4ZZGQdb3jJ7t23UO8BcH_OHztEa52_9wdMixr1tLFKUMMfjftFXqOwK6DWCz9UHDWGuHnjrWWIZcMeMx9jjLjqVg6gfP3sxZQSjb4kXwK8TxpzCcr5RxrFDUZbx0keuLgOrGmkCP1in9LmXL8Gwe3B3vWJxPqbrgX0T9W4CKfQ5E-yCiOtAfcev6HSPYUadqov5JyYWWnsuKhhZJimxVGzPrxR6W3hvcMRQiwymMt0Cp1k8ijldXaSH9Tm-q7VsLue5Aig4GMO0KOxuaCZkW5aux39itDL-wdYgg0PTn3NqgoazMNuktklHzsumAHPHsMTjRCi22tBdDZYTB0vD5H_oZdaRaLekX9-oqxQkC-mAeRRZKdeBNarDPf6cpERWYcVgztGPhwwip1YGBIM8pwvgBR1nQKH0FerTsPH4r_h9_ZxwAizmRVz18RcrCNoHrbl7Y0__k_rlQmvnffA4oxcJpzL5gXM5aPIdAJCwDz22Cc-ofCAmq11GHqTCm7wAVv_iy_axRIZQoKWpIQSh6awjlBA1-lUBv2KkyUcDhseeYIwHogQZrcCrE9tzABGRzyM0M160A04tpv-ieOjGCh9AwE7dKWHPeJJX2Z2rknl-Ia-9KJkaEkGpWjlDDeumAg2hyu2Sj0JGriPgUQzHxnhJJQJcILpvLWi9qQUcW1RCBHXVyC_RWyy_RexzhP_CBFOWfKVAV279FcWEbX8XwbZOBU6FcQU07uUvYuoyLVvDrAP5AKs7vYmoYHWnlDim4Wsw1Sk4qBVceX6tV0G-VfxZDTRfvPOAg-Dv5vJMjXnK34jJkWN8s-YDImuY_GSQt2NPEaQiVXisQGRy0tT9EU7uWQ7FcMXgum28uXpsQ0SAsrzN83bgNVqw7kEavPzFZklU-yWU4dZpehFtniji8OYbNCuR4boA8GJSI6lnw2RtmTQUsnl7XvQFAJp88Vc6ztEvvzlDnVnSS-7xQT3xJn8QhCEAN7WuPAy8w-fr0uXEBU-CMsMON274rrXaWv_ak2VC_NganZcC0AXa2LijdjJaiArH24d7RIqYEEr5MR8Mg71TPHKjFZz_6OKJ0Z79oz5ra880eak_9w1WfXeMGpqAUocCYWkC0jpWSr0wmnu7OBNEVlhL0VQIyRih8atWGAPt6nzYqdQYO5wvDS9l5GtcoyJBtUGfRVE3AolA&cid=CAQSTgAvHhf_ltoI-e4s4mWI_h2piMbFOI6NnBJ8tzlsjfwguZCfFYFxzWqLIY_qRCbJKyvNybVCaHkAA5DpC2yB2iI816g66qXmatwh5ZKG5BgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fmlx.su%2F&ds=l&xdt=1&iif=1&cor=17390372744579009000&adk=929882888&idt=69&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce081fca262dab08c5645d4e2c7b42b9377ec0a1515b165b7efcb22b62bda57d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39658
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 41AD 39 KB
15 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:06:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 670
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 20 Jan 2025 17:06:55 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 5F8A 2 KB
1 KB 45ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Za1RzAAK3noKZNHBAAP_kZQLhs_Ggtw2U93C-A&u=%7CCemNmF7xb6tVFVV0LKnfgQXwEqWIXjCIR39fT7xf5q8%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUETQtbu7-RuG02-JTbIw6iQcfCEIzTmgNg2xIeFvE2zvdEtfqOhKsalW4vSEeM5_U19pF1tXqS7BlfptUmvmJgVOkubhOLtiHX3HyJE6OcHcjAdAqo-24kaXvsuLYajYzyUDjeyKuXSuDNeF0wFdTfPrLiW59sOraaFTYxzevVgQswyWitOOpJOFFWBg2lCOu1Ukc0NNqXfbWS0zDbOZuQnaCq2kMTEgehoAiBKBh_AkCQVhM-Muy2W8LNP1s1ZkdIaQXrJbMqh2uBXg8rlfw-vTD1XHUn1Se3RGW3k7U8XzqOGPYsiWI1Oe1EmskPPy4R5thGtvpm8V3hc8iyj79PiNAIoX-A5HxiDXBOGEVi1d0pDFFAStTFy_FRKs7irknQfpIrc4-jgnFsDweEc2v0S69sai8TndHSnrLHV-iPRvhBGlyNKEKtAgA1lRbVig91EBGf5h_y4FwQ9ie4gWDDz4-WB8d6oIhwrWu1c6ChQ0ph_RDIclF6lQXQAK6c4SCVTdhqiabHS5OzC9ZGKftRcWiG9_FLULu4YTWjrBaBR4RWYnSFhrxfbPAXsE3ZmSFuwQNqsx-izn-WlADpMdi8m7Tmzzww-uoJC4je1NF2T7tr1Zx9UysknuaEb3DGaIs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmPw-zFGtZfq8K8GjkwOR_4-gA8me0rFchf6X93DAjbcBEAEgAGCVgoCAoAeCARdjYS1wdWItNDc5NjE5NTgyMjAzNzU0MMgBCakCnYpr6GVIsj6oAwHIAwKqBKwBT9B16Axn6G45TWYfGMX5_tYkya_LFxtWcVnJSTqVCTSuzHXAu53AYXXrLm82ootS8ZumVwUu8TOhmhjaH7jbvDDi0z8EvDMvpIqeBpZ3M9TkW2vK9L3gcO_TWzsFKBwERycVX3-S5cu0iZH79r8smBVxNK_g5baolFCe51df4e48bEyRIZmDWUoKomMvZSAI4UucaMkupLWzJQPTWF5MUTq768fR8nRlTDYS24AG9aedkJiV_rhwoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WKznoqv-7oMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_00-f30ualMK8O9PvERowawJjyGRQ%26client%3Dca-pub-4796195822037540%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 15 Jan 2025 17:18:05 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 5F8A 2 KB
1 KB 45ms
16ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 15 Jan 2025 17:18:05 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 5F8A 308 B
636 B 45ms
18ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Wed, 15 Jan 2025 17:18:05 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 5F8A 293 B
621 B 44ms
17ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Wed, 15 Jan 2025 17:18:05 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 5F8A 43 B
348 B 62ms
15ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=FyUeg96CE6D-1zVCyUDLT1rTLHQHCAO5qa0c7PN_T3OveV6bNWFJKVbWf4qlIedjxQHCb3QkiASNEEdozRgVm5PLgqgeKHkCpN9mOel0Je35IJjNCA9xnTrny8vOL3A7KifrkYXG5BhIFh8NPr733fHcls5aGHPEtYbzVlC7czruwl0YTBvxfhhfjUHcWZKyHIjghiNRIqajeMyCVFzNzvHKYWPSMq5Y-Lvn5oEqJv2udpisJBeqcrk48CfJ8FBnS9c262mTeSzF7L4XkqqNWk8Sfi2hEsc4eUS0_8HnDm_lGCd8IWvO845QGE73QY83--Jh7twYk9jVZINEJBmINw0ols1QwIgJeBWYVPXWEDrvkPmelqcWEUSjEQtu2iDHOJ9nsPLt90G_Uki7t6iKR7La12tV6Tem-mUb4nQFLGap4UaG6X573Zsy37PznyExQrd-Cg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:04 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1754650
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 5F8A 12 KB
6 KB 41ms
21ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 15 Jan 2025 17:18:05 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 5F8A 0
128 B 51ms
14ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=04fmAkP8JhPDmuZSaj8hn-vxFemOs0AF1Ui7pbUnkq_-IXzolIsa_Z3YKwX1bdJXjU9JIA32bsxdnevwUDCH47_wkRTmOeatBuQkYlEvNFV9Zcxa0gMhafpCnZIJvcEZP0ZF47UuY9UYPCy-ztnUABCpyrtld4b-HutFiWI3fnImXJYBVQHfl0LjhrdtSsJAztleh3igLSyVNXIURDL-PcUCVg4DZOYaidHgzkggAXZImZ0wXEIm8WpDoVBZTz8O0raJoQ&sds=2&rev=90272.1&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 21 Jan 2024 17:18:05 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 5F8A 2 KB
1 KB 44ms
27ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 15 Jan 2025 17:18:05 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 5F8A 2 KB
1 KB 13ms
12ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 15 Jan 2025 17:18:05 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 5EDC 172 KB
61 KB 96ms
29ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 23:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62941
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Jan 2024 23:49:04 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/ Frame 5EDC 12 KB
4 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BsuZI4K-a3S1BkUGok_UjMAHr05ZMOZiS8UdL9gsqCVMxD01Wv7wdkvnH4UiIC_P7WKZNrTBKcaiV4mCWyuJoPDWSWuuMugX0SLRF5rEmZEcuLUScenGoFvwm9pDsoOOP2TNR29ySf9yL9l2BKZ94THuSbEySsTMMmnpRR3QIAssC3H98&dbm_d=AKAmf-DS8iFrvGEZcKsBIm4MDIyhhu71CL9JOnVcbsspFip0xfbhDzVh9O5FV1yVWm-SAYU-iiJ2amlr30cHFHXZFjh99PZaulr4eWsYbSsjAPykYArO7y5pf5QEwNPSRrYjOMZp4wl7nbqHY-69l90Bucefx5gSSJJvmBsLMr5YdQD0B63CuvChqbZQtxF5yfMSRgltkHntL4KGkJxZEiEcDah4k4FseVnafV5rjDRHRAfciVZLTKG_T57XPWcgW5xlemYic5ACemh1CYPhHmiIkRF3rdr8QzY8fr1ol4anK7AUMVZ9-2v_LksY5HiMYnydOE1-yPX-Q1hvJTb-IXPbOmgprqTQ8Rf-RRVfpsGLeAa_rQYRAvvAFLmi7Zg8SriXKFEh3015pVBqcXotugeenLltjMQ2UHkfPL2jmUIytyRIX1wKsAJxzD_nNqY06UDodcYm5TbFSYgaOo4_5A7VTwMCku6ZOILJS6ojyMDLhnyJoxLWGYZNxJzx5jDNz2F_oWzUlqIlqmvPOoUxYWWoyIrK7N3TgrliFmM0hX95fehhk89QNd-w4UMfXIYg9H4mDYifaQFBYpuMMdnmoUmTcBDGyWjwjRAzAi7VPMRUlPTNCnTbRwWU7VCfN0iiACx9J-Pr2NqN76Yz4uIHrbWFWxMbtJDD_Lf5u7PwFO9r-v4k0qt0Y7eKeQtEsPIa1LfKGCqM21PIHTLn0Hag4W8sHfEIJELsckOnhPqgEHcEB-94p35a-RYWiz82Mi3NCj38_p01ZUSCD_n6sQUtciU4RQRAWqxGr7u_mNimO3h4rsh7qG1hnDd4-PiUl0YUnP8CHw90Au2JDPaUqetyTkPOpS4q4ryWVTE1M7qg7XNvE0J9emZbUxKxXDL6NEKEzxDDaHRckWmpbrTkaGrbk_2PJjlVSp7iOrAPqzCKJwIr5pDbLE2z6QXmhS6caZBYZ72XZHa7LZGj0GJjoX9JaPwH5dGBGhbeKnL76P2KmfT3mBeb-TDr3c7N2kmPxAwXsNEUDvpHImZQrlSMsAclkb7f16twjapuI9X-EUvEZb0nAYwieO8VwBqw9TxVS1kxiGrEJK7sQgzpLha2GUSO91ayk4POQTmvfnRqObM70WRRd9Kp8q2m7k6IBJd67ZclIUkdSEGfCNSa5wx80WmHTpj3Qtp7Q61RXkzM8sNyF26zaX44Yj_w7lN_MC2bGYGhRZVLoin_3Hs4Dyc6fA1EHPb5eSkvtzvNNwSVGy1cGTosfnp8rnNCDa0cGrw-vuqjyYbj09egbYp5kInFqPi7SnPg7qei8nf1hlO4ytXTvVKiOH8Rb7bC5uUAJ4t_Y858sNBGeeDDa_qHBf6rMhbtweLwzeQXsvxR_gHBd1MVUlDP_oOSY9b_XONYXUxl-Q6Lh5o0l1Sz5-iDLLxUgZvFCelGOYaCvyBfz99lX-LcIWYufWplXoc0uMv4mYHllKVm4u6fwhENgc3nSV0Y9OFPuDxS4zkBbjmPApuHmnLB0Wn1sqvtarAfFK6ebjM7PwKuAp4Xy_2osSKPx_p9B6xF_c6UEm1dQOEtBQldvd23sqpLLmR02PlNtBm-J4tkFu6vzx_G7kQisBIy34t4atYnJVrWClZUi4sunVCX_izjj4EQ9r7HcrDQpUeiMlQtv5xiQ3cjEKY7fcnJTCSjJa04owcgjjxoG0pq4fSi_xmMCiM4pIAhdw-GABFeWyBF1ux4I8DUDzpfhgkqPvuObSuVUYe7zPqCfblQcguMJqk5Zz9yERC4oBY2ycbEbNvV3RqyBt3JmlY2joiDUjj0F2CryiY_GfPsKN3cR6C7bCHljyYSkBZkzI2r0Gnlr5h-f5n7M4fpBlHpQzwiJHtwPvgMwSY-pO9inqooFaI0X5Mjd6vSr0r8Y7A-qqbmIsRtqjf4o66IVhUwMiScPtnd48HMpHoLkHUr-oRHBJkRt3oqKvy3l2si_kb7rykY_YRr5fpbV4xamnZ9R7g8s0rZJnfnvDxDdeyhHC7Fvi1VpiJ9VdDfmLbcC88VvmoI8lbJVU5k6Sh6Bc38JCIyzmxPcubsnmSKb0g73vdjZU2YgiTPZJFvKm00fbnbAi1rChFF1K_lhtB6yA0_yUDZS3xuVsiII4TW1hVajnsHKkFqrJ6mQJuL_gNOhKaTjqqLN1l9NYeqcZNTWQyHCi8kXUQFKS4ybEK8FMkWVRZc2fSo6uf9npeivD5EhhWwW-vT411HWUv9xczJfn48JH_hS1TYBBZaulhQGQfhlMStPZf2Ru3Mc2utsVxF3u1YCnN-eduYkutJiD7aGqp5Jo7nzHK1b8tW0H9zzNFzVnlUV09qLY0MJsZ6Oc7Ss2SaOzASNau4ZZGQdb3jJ7t23UO8BcH_OHztEa52_9wdMixr1tLFKUMMfjftFXqOwK6DWCz9UHDWGuHnjrWWIZcMeMx9jjLjqVg6gfP3sxZQSjb4kXwK8TxpzCcr5RxrFDUZbx0keuLgOrGmkCP1in9LmXL8Gwe3B3vWJxPqbrgX0T9W4CKfQ5E-yCiOtAfcev6HSPYUadqov5JyYWWnsuKhhZJimxVGzPrxR6W3hvcMRQiwymMt0Cp1k8ijldXaSH9Tm-q7VsLue5Aig4GMO0KOxuaCZkW5aux39itDL-wdYgg0PTn3NqgoazMNuktklHzsumAHPHsMTjRCi22tBdDZYTB0vD5H_oZdaRaLekX9-oqxQkC-mAeRRZKdeBNarDPf6cpERWYcVgztGPhwwip1YGBIM8pwvgBR1nQKH0FerTsPH4r_h9_ZxwAizmRVz18RcrCNoHrbl7Y0__k_rlQmvnffA4oxcJpzL5gXM5aPIdAJCwDz22Cc-ofCAmq11GHqTCm7wAVv_iy_axRIZQoKWpIQSh6awjlBA1-lUBv2KkyUcDhseeYIwHogQZrcCrE9tzABGRzyM0M160A04tpv-ieOjGCh9AwE7dKWHPeJJX2Z2rknl-Ia-9KJkaEkGpWjlDDeumAg2hyu2Sj0JGriPgUQzHxnhJJQJcILpvLWi9qQUcW1RCBHXVyC_RWyy_RexzhP_CBFOWfKVAV279FcWEbX8XwbZOBU6FcQU07uUvYuoyLVvDrAP5AKs7vYmoYHWnlDim4Wsw1Sk4qBVceX6tV0G-VfxZDTRfvPOAg-Dv5vJMjXnK34jJkWN8s-YDImuY_GSQt2NPEaQiVXisQGRy0tT9EU7uWQ7FcMXgum28uXpsQ0SAsrzN83bgNVqw7kEavPzFZklU-yWU4dZpehFtniji8OYbNCuR4boA8GJSI6lnw2RtmTQUsnl7XvQFAJp88Vc6ztEvvzlDnVnSS-7xQT3xJn8QhCEAN7WuPAy8w-fr0uXEBU-CMsMON274rrXaWv_ak2VC_NganZcC0AXa2LijdjJaiArH24d7RIqYEEr5MR8Mg71TPHKjFZz_6OKJ0Z79oz5ra880eak_9w1WfXeMGpqAUocCYWkC0jpWSr0wmnu7OBNEVlhL0VQIyRih8atWGAPt6nzYqdQYO5wvDS9l5GtcoyJBtUGfRVE3AolA&cid=CAQSTgAvHhf_ltoI-e4s4mWI_h2piMbFOI6NnBJ8tzlsjfwguZCfFYFxzWqLIY_qRCbJKyvNybVCaHkAA5DpC2yB2iI816g66qXmatwh5ZKG5BgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fmlx.su%2F&ds=l&xdt=1&iif=1&cor=17390372744579009000&adk=929882888&idt=69&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 18:30:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82076
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Feb 2024 18:30:09 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame 5EDC 31 KB
12 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 18:30:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82076
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Feb 2024 18:30:09 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 5EDC 41 KB
14 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:28:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 398992
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jan 2025 02:28:13 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 4202 38 KB
13 KB 14ms
14ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 419037
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 20:54:08 GMT
expires: Wed, 15 Jan 2025 20:54:08 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js Show response
pagead2.googlesyndication.com/bg/ Frame 3FD6 50 KB
19 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

010010798b734ebaa5db582651f1efd8c77e4ed3a396d1886a3f7f0f6c92ee58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:23:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 399247
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19642
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jan 2025 02:23:58 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 41AD 0
20 B 167ms
167ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bg5p0zVGtZZjgEfbb7_UPnuSRwA4AAAAAOAHgBAI&bg=!ODulO3TNAAa8BdJLnAU7ADQBe5WfONA8J_0i4zt9m_CxpVkJrZBBNo3yo4Cz0AUP6a6LyXMS13zuhy84huo06CqFEDFGAgAAAF9SAAAAAmgBBwoAEfqOrEg7AMQ8y8vSO8o21xURmQLjZODVY0ilnguHi5P84bgO-wYu9n768MQ6iyy0aLhv6ki0ylWKvYf3BOLGQQLIu9D8r8ofPjl7j60wk2HO_c5Dts-IbPljOrzUmFS4dCjq6o1lCXJ1dl-tkYz9a5ARcn2sysuipTRcpcDqbzLnassRidmUnLJX3psAO3_ADDsCxpokZ_xd5Dv6mbUz3QbjIcddIhCoUfiGBRpVyIf_qAEmQYHlrtqXDZQB1gvaIMp4PKUxjEK8OzQaKEojt_0PObktghpO6TbPe3hUnxbt6IckTnIO2uf1_RQP6z6CPL9MbnL551Gyrft7s_Zbf0o4XJnABDxTW5JSsdeEAgMVrs4DxGlHP267ZLYSNBdrWomGviIMBiWS9MHpJMMAvz0j6NCae1M06kdaUnqVbXAoT7Cf5jBWHrAQ5RQOL0vZCPl1SHoRN0dL0vahnzJz-mC-vMWpQ49urVwTi9Db3QGmtYmihU0vOq0jJwsRJvtggDWz7sZNoGIorvepAYqapwhTe9Qcc9AEoMoK4iDgTCRutLnDG6TGtG6O3L7AxokumD5DQbkbfWsqtJLb06YLwAACzos2c_yeY-CiUO6yB_Kg1b_Kwug2Qf0TjT8MC5yL3L3YWM0I_YsNwKL-sYQMrjvm8XJ9rjxUDMzRIBLaJJj6_NHNghS3cAb0snqvC7xOipciwrjmS52yeV6EBRDiWqiTFaCCIvs9rIaRXLPjB2bqsR20La5sx6TD7OQA64IHqK21O1bW24UH2elcKRhfsH8NnIbeTUDg-S_mFyBTwxEBSyF4KaMW4xnLAeDP866sRGisQ96gMzvvaVzBKaiD7cWAy2nKACeJ2tgG-Kb-HYcDHaE7ldqFMb-ZdF6hPtPaWjjLdkg-mP57S2lyDsrkJ6FQIEBqhR7bAlJwa7XTnDrY0gi0delcDwr6tfbSx6z8A7VExxWsnVhV9mQsyHNl9dLCfRXTsjHfjMFHATKF4tArgn0e_rUxfg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 4202 39 KB
15 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:06:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 670
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 20 Jan 2025 17:06:55 GMT

GET
H2 200 e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 62AC 0
326 B 1095ms
1046ms Document
application/javascript 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=22136800089563704444554012576010&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f49655b3e5&subid=&uid=853ca7bb12e769ad&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUvi_zFGtZY3JL5mvs8IPsemPoAym5b2gaa2VnKfJD_AuEAEgzt_EKWCVgoCAoAfIAQmpAp2Ka-hlSLI-qAMByAObBKoE9AFP0MeksTlisbvEpyfsqhR6E8bq2aHvtb6HN6Hk92U8c0Jv2gX0akBT6TRkij3fF9OpQ75uimXJl6eMd-8TTaExruAL33ka65QNnkimqH3iLmT8G9w5JugMQy77wXOmJsru6BUWLdnFIvbkmxb7dB_jCZed4cLMsPco9utN132sU_YkH7-e2TOy3FKdfaf_rI1Dz5D7l2JED97qxydZk2mfGMO50hwSJBta8-Ihiytcqr-crh-iDcqUJbY744SyQqYnYwG2lpruZy2ZzeuJM6iUuBQEdKL4FtgkDgcRvEkCEFSt7cmmd4USLA_QwdOWu-x5TgzCwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WKXwoqv-7oMDgAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_lz2a-NnlShXOeUU0elKN698RRKbKDDJUhWzfeX4WMHvxqdrp4cGwSmCwHwz2QJ4uzPt6Vawl0u9NLFZewhjFpFKR_Ue06CT3ux0YAQ%26sig%3DAOD64_1uuj4_gy2iAbM2dwkbQGXUJNVrug%26client%3Dca-pub-4796195822037540%26dbm_c%3DAKAmf-CJtzBwdMjsv5tHVlanq8IzMNHBEHyg3uhsq5ng2DKNfWlCDCQ879nsAffFb1rEcqrjcVqEdoVYI5iSgWuPmplzWOxg7IobZiP59QWBQi-wIISFdrbSoiFxaJfQMPoEva-ygXHmiS2oUdUladrWcqXtaoO0i0uKB_ZFQ5Hz01j9Yo6Z8dQ%26cry%3D1%26dbm_d%3DAKAmf-DnrB9kCo-S2dSFtGb_K3Vqp8ZNN2GBsparOSYB4yxMF83WreeS7QBR8t1wXEt2qEJH5ofGNDs81pjliG14LPxuCABy2ZPvS-AbKyeQ6hgdfuRvzmFtG9QFPqigu7liGE-6HIqLjH2Z5Ji2ECCsjw9M4WerMeCwOuVT-7A5IKk0bRjp6xQQpuUr0x9V_YD0Ybn8xjqm3Slhi7HpXKtreiAVrF-OjNcqCpBJmKszRH8VOgW_L2uXxT9kaRY-R3ld_MYJ1eWeO0HyYdZanL26cB8H9LmCoMp-d-GvCvAfUVQ1j21anCCxEckfF2tj8SKl13f_PqvbXS4Qgw2Dmn17ANTXyuHwnrHDLH-VJcN7lF4vbx5L5tK-M2wKGeJ5CHCxQ7pg0sCZnWWRIihDlworDLIj4vTjN7o3kdJ6MrjJB-PEXM1aSZEXR8s2SrVs9p7njUE9wyIJY5zBAaKD_2z0zHLbpj85PAMEOus77dwSwAFXTm3Po0BNsZ2X85u_KgcpupT3ySFj9LLPuI3CuyeqdOBlaxOsevTyLP8cZk9v0lYHpuDZfwM%26adurl%3D&documentReferer=http%3A%2F%2Fmlx.su%2F&ancestorOrigins=http%3A%2F%2Fmlx.su&random=2466316537734&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript; charset=utf-8
date: Sun, 21 Jan 2024 17:18:06 GMT
host: pv.medialead.de
proxy-host: pv.medialead.de
server: nginx
vary: Origin

GET
H2 200 / Show response
adv.office-partner.de/ Frame E8BB 930 B
923 B 76ms
7ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f49655b3e5&subid=&uid=853ca7bb12e769ad&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUvi_zFGtZY3JL5mvs8IPsemPoAym5b2gaa2VnKfJD_AuEAEgzt_EKWCVgoCAoAfIAQmpAp2Ka-hlSLI-qAMByAObBKoE9AFP0MeksTlisbvEpyfsqhR6E8bq2aHvtb6HN6Hk92U8c0Jv2gX0akBT6TRkij3fF9OpQ75uimXJl6eMd-8TTaExruAL33ka65QNnkimqH3iLmT8G9w5JugMQy77wXOmJsru6BUWLdnFIvbkmxb7dB_jCZed4cLMsPco9utN132sU_YkH7-e2TOy3FKdfaf_rI1Dz5D7l2JED97qxydZk2mfGMO50hwSJBta8-Ihiytcqr-crh-iDcqUJbY744SyQqYnYwG2lpruZy2ZzeuJM6iUuBQEdKL4FtgkDgcRvEkCEFSt7cmmd4USLA_QwdOWu-x5TgzCwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WKXwoqv-7oMDgAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_lz2a-NnlShXOeUU0elKN698RRKbKDDJUhWzfeX4WMHvxqdrp4cGwSmCwHwz2QJ4uzPt6Vawl0u9NLFZewhjFpFKR_Ue06CT3ux0YAQ%26sig%3DAOD64_1uuj4_gy2iAbM2dwkbQGXUJNVrug%26client%3Dca-pub-4796195822037540%26dbm_c%3DAKAmf-CJtzBwdMjsv5tHVlanq8IzMNHBEHyg3uhsq5ng2DKNfWlCDCQ879nsAffFb1rEcqrjcVqEdoVYI5iSgWuPmplzWOxg7IobZiP59QWBQi-wIISFdrbSoiFxaJfQMPoEva-ygXHmiS2oUdUladrWcqXtaoO0i0uKB_ZFQ5Hz01j9Yo6Z8dQ%26cry%3D1%26dbm_d%3DAKAmf-DnrB9kCo-S2dSFtGb_K3Vqp8ZNN2GBsparOSYB4yxMF83WreeS7QBR8t1wXEt2qEJH5ofGNDs81pjliG14LPxuCABy2ZPvS-AbKyeQ6hgdfuRvzmFtG9QFPqigu7liGE-6HIqLjH2Z5Ji2ECCsjw9M4WerMeCwOuVT-7A5IKk0bRjp6xQQpuUr0x9V_YD0Ybn8xjqm3Slhi7HpXKtreiAVrF-OjNcqCpBJmKszRH8VOgW_L2uXxT9kaRY-R3ld_MYJ1eWeO0HyYdZanL26cB8H9LmCoMp-d-GvCvAfUVQ1j21anCCxEckfF2tj8SKl13f_PqvbXS4Qgw2Dmn17ANTXyuHwnrHDLH-VJcN7lF4vbx5L5tK-M2wKGeJ5CHCxQ7pg0sCZnWWRIihDlworDLIj4vTjN7o3kdJ6MrjJB-PEXM1aSZEXR8s2SrVs9p7njUE9wyIJY5zBAaKD_2z0zHLbpj85PAMEOus77dwSwAFXTm3Po0BNsZ2X85u_KgcpupT3ySFj9LLPuI3CuyeqdOBlaxOsevTyLP8cZk9v0lYHpuDZfwM%26adurl%3D&documentReferer=http%3A%2F%2Fmlx.su%2F&ancestorOrigins=http%3A%2F%2Fmlx.su&random=2466316537734&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Sun, 21 Jan 2024 17:18:05 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Sun, 28 Jan 2024 17:18:05 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame 94FF 2 KB
2 KB 153ms
74ms Script
text/html 18.132.155.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=22136800089563704444554012576010&nw=1
Requested by: Host: mlx.su
URL: http://mlx.su/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.132.155.94 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-132-155-94.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 369f379d66bdfc647d007825256038da16af59137c7195e11c50e865a2197794

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
last-modified: Sun, 21 Jan 2024 17:18:05 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Sun, 21 Jan 2024 17:19:05 GMT

GET
H2

200

activityi;dc_pre=CIud6Kv-7oMDFaQKigMdYG4KWg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=901719249174.1244 Show response
5994599.fls.doubleclick.net/ Frame 3CAB
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=901719249174.1244?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIud6Kv-7oMDFaQKigMdYG4KWg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=901719249174.1244?

391 B
328 B

848ms
847ms

Document
text/html

142.250.184.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CIud6Kv-7oMDFaQKigMdYG4KWg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=901719249174.1244?

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f6.1e100.net

Software

cafe /

Resource Hash

f1eb58bc70c7f8af70d0eda0afa7effc5afe0f548fc5f8d771ae426402eb4e80

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 219
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 17:18:05 GMT
expires: Sun, 21 Jan 2024 17:18:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 17:18:05 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIud6Kv-7oMDFaQKigMdYG4KWg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=901719249174.1244?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900010.redintelligence.net/ Frame 5862 7 KB
2 KB 34ms
12ms Document
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/request_content.php?s=22136800089563704444554012576010&a=5770fe66
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f49655b3e5&subid=&uid=853ca7bb12e769ad&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUvi_zFGtZY3JL5mvs8IPsemPoAym5b2gaa2VnKfJD_AuEAEgzt_EKWCVgoCAoAfIAQmpAp2Ka-hlSLI-qAMByAObBKoE9AFP0MeksTlisbvEpyfsqhR6E8bq2aHvtb6HN6Hk92U8c0Jv2gX0akBT6TRkij3fF9OpQ75uimXJl6eMd-8TTaExruAL33ka65QNnkimqH3iLmT8G9w5JugMQy77wXOmJsru6BUWLdnFIvbkmxb7dB_jCZed4cLMsPco9utN132sU_YkH7-e2TOy3FKdfaf_rI1Dz5D7l2JED97qxydZk2mfGMO50hwSJBta8-Ihiytcqr-crh-iDcqUJbY744SyQqYnYwG2lpruZy2ZzeuJM6iUuBQEdKL4FtgkDgcRvEkCEFSt7cmmd4USLA_QwdOWu-x5TgzCwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WKXwoqv-7oMDgAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_lz2a-NnlShXOeUU0elKN698RRKbKDDJUhWzfeX4WMHvxqdrp4cGwSmCwHwz2QJ4uzPt6Vawl0u9NLFZewhjFpFKR_Ue06CT3ux0YAQ%26sig%3DAOD64_1uuj4_gy2iAbM2dwkbQGXUJNVrug%26client%3Dca-pub-4796195822037540%26dbm_c%3DAKAmf-CJtzBwdMjsv5tHVlanq8IzMNHBEHyg3uhsq5ng2DKNfWlCDCQ879nsAffFb1rEcqrjcVqEdoVYI5iSgWuPmplzWOxg7IobZiP59QWBQi-wIISFdrbSoiFxaJfQMPoEva-ygXHmiS2oUdUladrWcqXtaoO0i0uKB_ZFQ5Hz01j9Yo6Z8dQ%26cry%3D1%26dbm_d%3DAKAmf-DnrB9kCo-S2dSFtGb_K3Vqp8ZNN2GBsparOSYB4yxMF83WreeS7QBR8t1wXEt2qEJH5ofGNDs81pjliG14LPxuCABy2ZPvS-AbKyeQ6hgdfuRvzmFtG9QFPqigu7liGE-6HIqLjH2Z5Ji2ECCsjw9M4WerMeCwOuVT-7A5IKk0bRjp6xQQpuUr0x9V_YD0Ybn8xjqm3Slhi7HpXKtreiAVrF-OjNcqCpBJmKszRH8VOgW_L2uXxT9kaRY-R3ld_MYJ1eWeO0HyYdZanL26cB8H9LmCoMp-d-GvCvAfUVQ1j21anCCxEckfF2tj8SKl13f_PqvbXS4Qgw2Dmn17ANTXyuHwnrHDLH-VJcN7lF4vbx5L5tK-M2wKGeJ5CHCxQ7pg0sCZnWWRIihDlworDLIj4vTjN7o3kdJ6MrjJB-PEXM1aSZEXR8s2SrVs9p7njUE9wyIJY5zBAaKD_2z0zHLbpj85PAMEOus77dwSwAFXTm3Po0BNsZ2X85u_KgcpupT3ySFj9LLPuI3CuyeqdOBlaxOsevTyLP8cZk9v0lYHpuDZfwM%26adurl%3D&documentReferer=http%3A%2F%2Fmlx.su%2F&ancestorOrigins=http%3A%2F%2Fmlx.su&random=2466316537734&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 576d855c1a90b815cf07ff532e9d79d60d5c22dc3fe778e27926d193108de49b

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2033
Content-Type: text/html; charset=utf-8
Date: Sun, 21 Jan 2024 17:18:05 GMT
Expires: Sun, 21 Jan 2024 17:18:05 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H2

200

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 94FF
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=22136800089563704444554012576010&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=22136800089563704444554012576010&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
361 B

1029ms
1029ms

Image
image/gif

91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=22136800089563704444554012576010&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4796195822037540&output=html&h=250&slotname=3369457514&adk=1395306997&adf=2772626519&pi=t.ma~as.3369457514&w=300&lmt=1705857484&format=300x250&url=http%3A%2F%2Fmlx.su%2F&wgl=1&dt=1705857484304&bpp=1&bdt=354&idt=288&shv=r20240118&mjsv=m202401160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C468x60&nras=1&correlator=1273574755516&frm=20&pv=1&ga_vid=2130617466.1705857484&ga_sid=1705857485&ga_hid=1541986788&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=815&ady=248&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326&oid=2&pvsid=118611438461066&tmod=642202981&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=291
Protocol: H2
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:06 GMT
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx
host: pv.medialead.de
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 43
proxy-host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=22136800089563704444554012576010&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Sun, 21 Jan 2024 17:18:05 GMT
server: nginx
content-length: 138
content-type: text/html

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 94FF 43 B
702 B 228ms
157ms Image
image/gif 23.192.250.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=22136800089563704444554012576010&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.192.250.178 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-192-250-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 21 Jan 2024 17:18:05 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame 94FF 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 97a5bfd1230c912b673fa01e252e9a353af8032a5b9ccdf2103ed5f2602a728f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/16194089670991452542/ Frame 6681 673 B
438 B 54ms
24ms Document
text/html 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da10d8b8587c8c2f57b549a436dff23e35c7ba130d315e39be083470275b47fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 409
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 17:18:05 GMT
expires: Mon, 20 Jan 2025 17:18:05 GMT
last-modified: Tue, 16 Jan 2024 15:24:49 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5EDC 0
0 95ms
54ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstsmWogwzqirkq_cAD6fxrctThi0lmiW2U0MuZYXKzu0oBMoGjWU7-f_b_g6Gti_5bQh2zkGnukVhDCwefKejjlAb72gAlAmLE2t2sUUm0l-LKACBadLR8j-mtbHMiNaIrvFJpV17ZF388JD6p7zycBUZr7MBoN6_esXJteemHncmfNKkp5wwLuoEn7ZkWwS-kNfGNMs_ugvhbqdGGYw5-3TZtjxXXHUDxweOCtWyqdHYro5NyMsb5JRbXdCG28O-n4QhB9J9PgZ_1xos8_SpQFs-ix9m2wSRrQ6tPYbzh50WlRWnusJS-_hL0CLw2eTd0zfk8BVD569joruwXKnNaNGrXsiujZ0tmONEbOJwIp7zBRXUuN_fS7c9xBrgvydn3g5DEdON0QSjo4ewN0PXtCYl2L9ZdxjlZcbtlmZXbI3jHHuoCiod94lS5aaaBAFF7Q7T98XYbinZ_0Z0VuFe5PjUP039MHxCB7-Z6fg-ufIaNE7c4cgjY41bHAMHTtZajlLsgaaHnE_89ve0hP6iWXgneE9bYfU4LJC6AWI148We_IL-Pm6OL9SwIgNyhDt05ZT58XTlfKdGGASouWQoEpVnMcVFhJ-RcvKq9DO5hSVHOW1pISQjMzjQfofsgvWBxe-i7dGM9zA7l4rdAmzeg2MfcFyhzlSa8iRfwtgOB2ZbpxayhGYL32BZN_qAk-Xb3qdC9H9congp-kdC-wDlrwnb7UKGWAeFsbnXwX1nR0bhOEbCa4YQ1CjDp4QirGJGvVtH5KRtblekB_vGsH5PqJCMZUaD_L7cmIlZq8Emanly5wheFLadP8vcIMtgjTqbkTRaL5el86QeBBDeEOSwJnuGKDZdEYcm06tcXu-ewQQHvZEAnsauowus6W808Ixhu8dwQo0yir0rva-c-PP8gdtYwbQG8T5cRj38pudIxvFVy7zy0I97MgNbqO4GCmoNB2-xcIWDhZk6H3gyBN_jzCtkD47R5z9kMv1Q4-xczPokXXtknpG88h3EyBtiaERHjaqFapC2tnElx1IzRXKzWvHWceQlAvciX8eRiuGHPwuZaagJFMcoB9kTcgYM2P3mQVTHBEdtjCI9GV4SvEL_ldObkNHeTRTsYq98pcQiqhi6yp1xusqsmyZ1luiINyu7NlEnlJynRMXcqdUwx-Ilt9rPROq8SeYa3ItdQ6qdTMtC7nB0CxKlp6SGLRAoYpZ2RFag2Xv7SDitV-3yCMogfYn_sh6cY_TkAgJIxDIvZ-LTIkl2Mn&sai=AMfl-YSg2XqObzjs-30VocB6o2HvFYLYytqELhOBiTitnmAKzZ0-erscuFCCCnZJxneheCo3H4wEYga-TiGhU7ldsE6OWMJhfFKHwHOX_9sWvO9lBA74BgLpcCR-7p5WbqnmL6NH_g0WLuArdif1QdqLVwbG9R1N_0XXelnFXgqilGApkwUSsDykfrQr1hUahFerm1O_tyKzS8F77NQHoPPO1XPTOf-j_Y0Kx7HImhn0_KEl6BA70qY5ZpN6YZRJA-LfLoXP8Bmh6wrckisITmaCnnfvi5UKz0bqWHyVQw&sig=Cg0ArKJSzLs8cleNhLS5EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=154&cbvp=1&cstd=148&cisv=r20240118.27201&arae=0&ftch=1&adurl=

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 21 Jan 2024 17:18:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 5862 5 KB
682 B 35ms
34ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=22136800089563704444554012576010&a=5770fe66

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 21 Jan 2024 17:18:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 5862 17 KB
17 KB 38ms
16ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=22136800089563704444554012576010&a=5770fe66
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 6001cd05140d479d12358ef496ff369c87cc8bbefa464c2ab69278ac81e85037

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:05 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16990
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 5862 16 KB
16 KB 36ms
14ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=22136800089563704444554012576010&a=5770fe66
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: c098baa1abe1b573dac8b4035acf6f34a0436a95e6b568f018dd9ca4243f1fad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:05 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16512
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 5862 11 KB
11 KB 37ms
13ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=22136800089563704444554012576010&a=5770fe66
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ae46f7995e1b4b3deb22a5aa78ddac53e1c6c0418d446549458175c1e8c7248c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:05 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10940
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 6681 120 KB
41 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 11:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21641
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Jan 2024 11:17:24 GMT

GET
H3 200 template-2d058155.js Show response
s0.2mdn.net/sadbundle/16194089670991452542/ Frame 6681 37 KB
13 KB 24ms
23ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16194089670991452542/template-2d058155.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55ee9510e78623f5fd1309067dc6e7a15f70d48e23e5658a0aa81be100ad232b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 15:25:19 GMT
date: Tue, 16 Jan 2024 15:25:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 438766
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13540
x-xss-protection: 0
last-modified: Tue, 16 Jan 2024 15:24:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 index-70c4f56f.css
s0.2mdn.net/sadbundle/16194089670991452542/ Frame 6681 4 KB
1 KB 17ms
16ms Stylesheet
text/css 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16194089670991452542/index-70c4f56f.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70c4f56f8e13e9387d9c65b17636a678eb6ccf82a8255cb1d2eb9192f7e478bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 15:25:19 GMT
date: Tue, 16 Jan 2024 15:25:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 438766
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1455
x-xss-protection: 0
last-modified: Tue, 16 Jan 2024 15:24:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame E8BB 179 KB
64 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cc6bec26f8a92aaea972740f1b17484d8058f44b59c736ab320558343bf86ba3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65194
x-xss-protection: 0
last-modified: Sun, 21 Jan 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H/1.1 200
OK viewability Show response
hal900010.redintelligence.net/ Frame 5862 0
150 B 38ms
13ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/viewability?s=22136800089563704444554012576010&a=7421000f&vb=m
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=22136800089563704444554012576010&a=5770fe66
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/request_content.php?s=22136800089563704444554012576010&a=5770fe66
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:05 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 5862 14 KB
15 KB 88ms
25ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900010.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 08:36:49 GMT
x-content-type-options: nosniff
age: 376876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jan 2025 08:36:49 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 5862 15 KB
15 KB 87ms
24ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900010.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 00:04:46 GMT
x-content-type-options: nosniff
age: 148399
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Jan 2025 00:04:46 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4202 0
20 B 173ms
173ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BU4DSzVGtZbGqG4vox_APzIKmyA8AAAAAOAHgBAI&bg=!rK-lr-DNAAa8BdJLnAU7ADQBe5WfOKv6duLchdFPhZ9Ftpn_l6qSSY3lpPe-eD-t4yc9ocERPDWqITygvBBsnDtXUBYFAgAAAH9SAAAAAWgBB5kDBV1Z75x4Mw12MsFRQhTsDGEnu1Z_zFfayEzJ8Ijxz2xa5V2kFe48imBhFYm5YS0lg8fsO33hmggrcVGKpStwutCtcSJVKr6b1Kj1sD6C3G4J_WicDeLdA2VP6MieNDjOE-Pw1Eb9BdfVDUT_XpzIHfb7La4NpHckLytyxzIcHtujCNG9_a9slcmAzovMNzNN00q1BziJDU9dByz56UPgCc40Lx-vbVuKuTxVKlciWv5sQk2TdUvzi1aD82pTTyChbhUNM0A-6AJnxE_kPsntzAR9b9B9uSdaQDI8REu1U_15ob7T6amykd8S12dPgrnx2wl9PMngwiBqC68KnD-5_JoJLWvU7IGtHvp9vuzYj1g-Ev_fqsMOzTnpidOG2FBrln6bcvNRdrsIs1As1S6_7n4HNjtxPrZNwRSY9jIFsffCQ9jXo0CiJk3Bzrn-KIjjI9OkRv4fxDGa8CKrtyg5njbDyxR8LgW77BB_5Ih3KDm6Pk1o2B8_f2lI0tiAZ04C1eil779RR1fVZpWlceHF0HPPZzyM53pc8gSxTbdXTlbvMQazEoOp-uKac4-mG1NkoVtx3vk0KMIbxUyTVB1n1C-CkpyiHltSw9z9gEu7CnupJyuMK1RPb5NFLlZDgDIzLpig-Jri8-2VRjlI17y9MtDL8Xy89_yDmobf3PtDG-hZRntRh8BW8NJMd5JsXtm36PgIo7VEl9o7SS91a8BiRAYVulZ7S6ZK9sNK_bV40qWDBBIjNSuNCnTm9YfEKSvsNhDcUAp5dOZpaEe_vcCkkYvFI9fMM4ONU1K0WEZqf0HEoiPa5M2KuWwpF1ilE8q39zB9QzPsSYYw1BUnHV9UCazSZBOM1dtcCeu7TJI69dz3wd1Lmug5JGRK6fyh6cdP_CKFeeTDmwfejBdMhz3wd_Y048tdchmLH5ueW4CEnCTMgsDiYGN51-lNKDwQLsPU1MVvbvpqK0UVnDLp58allJgUF4QGjsfY5Za_1cfoZgOIzpxSh5DKLYA_7ExYGuhnq5NvWCIl

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5EDC 0
0 51ms
51ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstsmWogwzqirkq_cAD6fxrctThi0lmiW2U0MuZYXKzu0oBMoGjWU7-f_b_g6Gti_5bQh2zkGnukVhDCwefKejjlAb72gAlAmLE2t2sUUm0l-LKACBadLR8j-mtbHMiNaIrvFJpV17ZF388JD6p7zycBUZr7MBoN6_esXJteemHncmfNKkp5wwLuoEn7ZkWwS-kNfGNMs_ugvhbqdGGYw5-3TZtjxXXHUDxweOCtWyqdHYro5NyMsb5JRbXdCG28O-n4QhB9J9PgZ_1xos8_SpQFs-ix9m2wSRrQ6tPYbzh50WlRWnusJS-_hL0CLw2eTd0zfk8BVD569joruwXKnNaNGrXsiujZ0tmONEbOJwIp7zBRXUuN_fS7c9xBrgvydn3g5DEdON0QSjo4ewN0PXtCYl2L9ZdxjlZcbtlmZXbI3jHHuoCiod94lS5aaaBAFF7Q7T98XYbinZ_0Z0VuFe5PjUP039MHxCB7-Z6fg-ufIaNE7c4cgjY41bHAMHTtZajlLsgaaHnE_89ve0hP6iWXgneE9bYfU4LJC6AWI148We_IL-Pm6OL9SwIgNyhDt05ZT58XTlfKdGGASouWQoEpVnMcVFhJ-RcvKq9DO5hSVHOW1pISQjMzjQfofsgvWBxe-i7dGM9zA7l4rdAmzeg2MfcFyhzlSa8iRfwtgOB2ZbpxayhGYL32BZN_qAk-Xb3qdC9H9congp-kdC-wDlrwnb7UKGWAeFsbnXwX1nR0bhOEbCa4YQ1CjDp4QirGJGvVtH5KRtblekB_vGsH5PqJCMZUaD_L7cmIlZq8Emanly5wheFLadP8vcIMtgjTqbkTRaL5el86QeBBDeEOSwJnuGKDZdEYcm06tcXu-ewQQHvZEAnsauowus6W808Ixhu8dwQo0yir0rva-c-PP8gdtYwbQG8T5cRj38pudIxvFVy7zy0I97MgNbqO4GCmoNB2-xcIWDhZk6H3gyBN_jzCtkD47R5z9kMv1Q4-xczPokXXtknpG88h3EyBtiaERHjaqFapC2tnElx1IzRXKzWvHWceQlAvciX8eRiuGHPwuZaagJFMcoB9kTcgYM2P3mQVTHBEdtjCI9GV4SvEL_ldObkNHeTRTsYq98pcQiqhi6yp1xusqsmyZ1luiINyu7NlEnlJynRMXcqdUwx-Ilt9rPROq8SeYa3ItdQ6qdTMtC7nB0CxKlp6SGLRAoYpZ2RFag2Xv7SDitV-3yCMogfYn_sh6cY_TkAgJIxDIvZ-LTIkl2Mn&sai=AMfl-YSg2XqObzjs-30VocB6o2HvFYLYytqELhOBiTitnmAKzZ0-erscuFCCCnZJxneheCo3H4wEYga-TiGhU7ldsE6OWMJhfFKHwHOX_9sWvO9lBA74BgLpcCR-7p5WbqnmL6NH_g0WLuArdif1QdqLVwbG9R1N_0XXelnFXgqilGApkwUSsDykfrQr1hUahFerm1O_tyKzS8F77NQHoPPO1XPTOf-j_Y0Kx7HImhn0_KEl6BA70qY5ZpN6YZRJA-LfLoXP8Bmh6wrckisITmaCnnfvi5UKz0bqWHyVQw&sig=Cg0ArKJSzLs8cleNhLS5EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=258&vt=11&dtpt=104&dett=3&cstd=148&cisv=r20240118.27201&arae=0&ftch=1&adurl=

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6681 8 KB
6 KB 85ms
56ms XHR
application/json 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b388092468489b95a626d000b006cf4987b5f287a8d1fa8f2adaf192b6ac7bcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5938
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5EDC 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 75103a015c73f96e7eea3d6d3d8db1a225689c0f7adc3b84c82fa0df26eecdf2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo-v2.svg
s0.2mdn.net/4528404/1687769488937/ Frame 6681 5 KB
2 KB 15ms
15ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687769488937/logo-v2.svg

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59196f295fdadd3391cfbb187fef654f77ae385d6f8555c588963b521b1a98a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 09:56:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26484
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1838
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 08:51:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Jan 2024 09:56:41 GMT

GET
H3 200 Xiaomi_13T_Pro_M12_Green_Front.png
s0.2mdn.net/4528404/ Frame 6681 1 MB
1 MB 18ms
18ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/Xiaomi_13T_Pro_M12_Green_Front.png

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86b935a864f99677f1f29ae168dd1cc98d754129e7f6ab6e38db3b46e15593d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 06:56:23 GMT
x-content-type-options: nosniff
age: 37302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1127443
x-xss-protection: 0
last-modified: Fri, 24 Nov 2023 09:30:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Jan 2024 06:56:23 GMT

GET
H3 200 cta_mit-pfeil_01.svg
s0.2mdn.net/4528404/1687937402098/ Frame 6681 2 KB
1 KB 16ms
15ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687937402098/cta_mit-pfeil_01.svg

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a9cba16c5a30dc7cc3bdcbba2a45e9e2e28ec4437894302c6676369ed0ec732

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 15:56:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4909
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1134
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 07:30:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Jan 2024 15:56:16 GMT

GET
H3 200 stoerer-360sparen-links-orange.svg
s0.2mdn.net/4528404/1700818208366/ Frame 6681 5 KB
2 KB 16ms
16ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1700818208366/stoerer-360sparen-links-orange.svg

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80a4d563bc94881303dd2de053433c12767a69af685424317eb9901a65fcd09c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:44:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2168
x-xss-protection: 0
last-modified: Fri, 24 Nov 2023 09:30:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Jan 2024 21:44:38 GMT

GET
H3 200 logo-d0d80991.svg
s0.2mdn.net/sadbundle/16194089670991452542/ Frame 6681 5 KB
2 KB 17ms
17ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16194089670991452542/logo-d0d80991.svg

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0d80991c6e4b62d5c77985c1e293aad44cc120e03aee7ae6936c79d25a0e467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 02:19:03 GMT
date: Wed, 17 Jan 2024 02:19:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 399542
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1913
x-xss-protection: 0
last-modified: Tue, 16 Jan 2024 15:24:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame E8BB 276 KB
91 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0a5426717f892108bc000905102d71bc5a136255d1405d17b4dfdd3b07956f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93265
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 94FF 54 KB
19 KB 111ms
29ms Script
application/javascript 18.244.28.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=22136800089563704444554012576010&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.28.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-28-99.cdg52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5ca4b5260e5b7a45b242e3c117e96451cb1d43563baee057f0d609548a112db7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 05:23:26 GMT
content-encoding: gzip
via: 1.1 cebe30988b6bcd134d2b6982893e289a.cloudfront.net (CloudFront)
last-modified: Thu, 11 Jan 2024 16:01:13 GMT
server: AmazonS3
x-amz-cf-pop: CDG52-P5
age: 42880
x-amz-server-side-encryption: AES256
etag: W/"1885e2f5560c2347761a6db4984ea717"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: JW9725iE4VxhpFbsFYCDOZhZhs4ANuwOPsY6787AoS-yKyYb0ykifg==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame 94FF 85 B
437 B 77ms
22ms Image
image/gif 18.155.129.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1705857785&Signature=lZl92KbWK8wBNdTw0DXPH9RxlVqiBOdgm~XzivbKFVO4oqiE~MBTF51OkPsrY9Wc13mNTodQeTy-t0cdZ5GZHeGCjVvl1rr3BSxCJeRQ4Co7AClGen50Vxn~7ggtYgyg~nv7hBEWAPM3-v-O36s46koAbNFicGUdS95Fh0w3p4ZLjX7kxq76LV-4dabpIjshm7ARi05uMweKDBu6JFxXPnrLCUiBgm0MhNwpe823bWvnvnwbLGlZLY7zS9Lmls6ObWapF-IFFIAChT~HYJ2~CRXeqSp~3AWkeedXUDf8UQ2Qy10n43s2jKylD~GjB8kZ7SubqNjVisD0N0wWlwN1yQ__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4796195822037540&output=html&h=250&slotname=3369457514&adk=1395306997&adf=2772626519&pi=t.ma~as.3369457514&w=300&lmt=1705857484&format=300x250&url=http%3A%2F%2Fmlx.su%2F&wgl=1&dt=1705857484304&bpp=1&bdt=354&idt=288&shv=r20240118&mjsv=m202401160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C468x60&nras=1&correlator=1273574755516&frm=20&pv=1&ga_vid=2130617466.1705857484&ga_sid=1705857485&ga_hid=1541986788&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=815&ady=248&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44759837%2C31079438%2C31080533%2C95320870%2C95321627%2C95322166%2C95322326&oid=2&pvsid=118611438461066&tmod=642202981&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.155.129.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-129-30.cdg52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

x-amz-version-id: null
date: Sun, 21 Jan 2024 09:01:17 GMT
via: 1.1 67bbe30c2f887b8968a0f0c3b05ac564.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: CDG52-P4
age: 29871
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: Jn1pPSfr1ugvMJnTejdlovAsfdJHc5RFkv85eeRk__DhCVWcGEwIsA==

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6681 17 KB
6 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 21 Jan 2024 17:18:05 GMT

GET
H3 200 InterstateCondensed.woff2
s0.2mdn.net/creatives/assets/4925812/ Frame 6681 28 KB
28 KB 14ms
14ms Font
font/woff2 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4925812/InterstateCondensed.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16194089670991452542/index-70c4f56f.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

241bb801b29748e542884f7b902c02f12f6a318ba97f70224986634926dbc433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index-70c4f56f.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:07:03 GMT
x-content-type-options: nosniff
age: 662
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28596
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 09:13:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Jan 2024 17:22:03 GMT

GET
H3 200 InterstateCondensedBlack.woff2
s0.2mdn.net/creatives/assets/4925812/ Frame 6681 14 KB
14 KB 15ms
15ms Font
font/woff2 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4925812/InterstateCondensedBlack.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16194089670991452542/index-70c4f56f.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3b7bf416424abed17314649bb71a1de7a3afc6af66840d04b730e69652e27ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index-70c4f56f.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:11:18 GMT
x-content-type-options: nosniff
age: 407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14644
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 09:13:06 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Jan 2024 17:26:18 GMT

GET
H3 200 logo-v2.svg
s0.2mdn.net/4528404/1687769488937/ Frame 6681 5 KB
2 KB 15ms
15ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687769488937/logo-v2.svg

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59196f295fdadd3391cfbb187fef654f77ae385d6f8555c588963b521b1a98a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 09:56:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26484
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1838
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 08:51:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Jan 2024 09:56:41 GMT

GET
H3 200 Xiaomi_13T_Pro_M12_Green_Front.png
s0.2mdn.net/4528404/ Frame 6681 1 MB
1 MB 16ms
16ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/Xiaomi_13T_Pro_M12_Green_Front.png

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86b935a864f99677f1f29ae168dd1cc98d754129e7f6ab6e38db3b46e15593d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 06:56:23 GMT
x-content-type-options: nosniff
age: 37302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1127443
x-xss-protection: 0
last-modified: Fri, 24 Nov 2023 09:30:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Jan 2024 06:56:23 GMT

GET
H3 200 cta_mit-pfeil_01.svg
s0.2mdn.net/4528404/1687937402098/ Frame 6681 2 KB
1 KB 17ms
16ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687937402098/cta_mit-pfeil_01.svg

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a9cba16c5a30dc7cc3bdcbba2a45e9e2e28ec4437894302c6676369ed0ec732

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 15:56:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4909
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1134
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 07:30:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Jan 2024 15:56:16 GMT

GET
H3 200 stoerer-360sparen-links-orange.svg
s0.2mdn.net/4528404/1700818208366/ Frame 6681 5 KB
2 KB 17ms
17ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1700818208366/stoerer-360sparen-links-orange.svg

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80a4d563bc94881303dd2de053433c12767a69af685424317eb9901a65fcd09c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index.html?e=69&leftOffset=0&topOffset=0&c=ZlSWHUqOKy&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:44:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2168
x-xss-protection: 0
last-modified: Fri, 24 Nov 2023 09:30:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Jan 2024 21:44:38 GMT

GET
H2 200 dc_oe=ChMI8cTUq_7ugwMVC_QRCB1MgQn5EAAYACCe44NdQhMI-dKnq_7ugwMVwdFkCh2R_wM0;dc_eps=AHas8cD7Q7XtAIbjRJme2EsYiE4W6BPvjd4L9D79Z8todfnAtOglCiF9xJh1K28dTWafpzH4YLWhAfE;stragg=1;&timestamp=1705857485876;s...
ade.googlesyndication.com/ddm/activity/ Frame 5EDC 42 B
401 B 224ms
168ms Image
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI8cTUq_7ugwMVC_QRCB1MgQn5EAAYACCe44NdQhMI-dKnq_7ugwMVwdFkCh2R_wM0;dc_eps=AHas8cD7Q7XtAIbjRJme2EsYiE4W6BPvjd4L9D79Z8todfnAtOglCiF9xJh1K28dTWafpzH4YLWhAfE;stragg=1;&timestamp=1705857485876;str=nextSlide;strtype=1

Requested by

Host: mlx.su
URL: http://mlx.su/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 InterstateRegular.woff2
s0.2mdn.net/creatives/assets/4925812/ Frame 6681 29 KB
29 KB 24ms
24ms Font
font/woff2 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4925812/InterstateRegular.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16194089670991452542/index-70c4f56f.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

619fdeaed027f4e2b96cb82baa60c9c6615e7b24172f08eed907e617537171e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16194089670991452542/index-70c4f56f.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:06:31 GMT
x-content-type-options: nosniff
age: 694
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29508
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 09:13:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Jan 2024 17:21:31 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame C75C 39 KB
15 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:06:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 670
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 20 Jan 2025 17:06:55 GMT

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 104ms
20ms Preflight 18.171.41.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.171.41.162 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-171-41-162.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Sun, 21 Jan 2024 17:18:06 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 94FF 16 B
209 B 66ms
66ms Fetch
application/json 18.171.41.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.171.41.162 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-171-41-162.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 21 Jan 2024 17:18:06 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 94FF 42 B
64 B 169ms
169ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsscIHjvPROfnMT2JZ_p_gH71XxpX3yn4UgawJUWB40lb_7xAELv7gRl4eSesuUx2Ly6LOR9Emd2q_BYaG6OAv_9KCQRkXZ528uF-Y3I0XwTmxFgPCCFnmFKdC5sZyy294gC7tHifbkedBo&sai=AMfl-YQJbBEu5zq69M8Ut9-a6XOr_hnEpYu-IPaxKHuRXTTdQetxp8uOgMhf7JKbfbXImJqykcH-UF8HCSUPrMGR5VmMAnVxGQ0Ql8Kt0rqAVaMUpis0iEtO6tgMu1pmYAMggrpG2Sf2371M7WNQUvY7EA&sig=Cg0ArKJSzEeCgAsXmpwREAE&cid=CAQSTwAvHhf_lz2a-NnlShXOeUU0elKN698RRKbKDDJUhWzfeX4WMHvxqdrp4cGwSmCwHwz2QJ4uzPt6Vawl0u9NLFZewhjFpFKR_Ue06CT3ux0YAQ&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1395306997&rs=2&la=0&cr=0&vs=4&r=v&rst=1705857484595&rpt=1042&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CIud6Kv-7oMDFaQKigMdYG4KWg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=901719249174.1244
adservice.google.com/ddm/fls/z/ Frame 3CAB 42 B
401 B 202ms
167ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIud6Kv-7oMDFaQKigMdYG4KWg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=901719249174.1244

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIud6Kv-7oMDFaQKigMdYG4KWg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=901719249174.1244?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5EDC 0
20 B 160ms
159ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6232747581764&version=m202309260101&ct=76&x=1&cor=17390372744579009000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5EDC 42 B
64 B 169ms
169ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsupRVZTN_hLesTLi6bWXwpaz_uYw_6b4WNpSYuhJIc3HpQPsfrLS5LSpgD0bbDjpzwHpm97i2Db5mNQd3FMHIH4QNOUmKFAlORS1vwXfOvfRk_IwCxWgE51Kp4DCeoSQLvz30TW2-9o6LvCQqMVeiI2dEen&sai=AMfl-YR2tUZw1r6mF1pINy2dksvqsJpvZJsW-aBe8wRehjbHkQysF3vgtA6Z6b1oj-XCFI_gP-m-PxL8tIyA4rTJXnAWj23bggB8JFBz6HJDlpWJjoTNY4MoQPkRVi4pGCXzeiUAlAUAT-ZnA8I8e4cD&sig=Cg0ArKJSzCWjntb_RH1-EAE&cid=CAQSTgAvHhf_ltoI-e4s4mWI_h2piMbFOI6NnBJ8tzlsjfwguZCfFYFxzWqLIY_qRCbJKyvNybVCaHkAA5DpC2yB2iI816g66qXmatwh5ZKG5BgB&id=lidar2&mcvt=1004&p=0,0,600,160&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&vs=4&r=v&rst=1705857485337&rpt=183&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900010.redintelligence.net/ Frame 5862 0
150 B 35ms
13ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/viewability?s=22136800089563704444554012576010&a=7421000f&vb=v
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=22136800089563704444554012576010&a=5770fe66
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/request_content.php?s=22136800089563704444554012576010&a=5770fe66
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

Date: Sun, 21 Jan 2024 17:18:06 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 59ms
58ms XHR
application/json 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240118&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c93ee8ed5d47db57af633c22f2baf28c934735879592db40c396bdee0ce9ad3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12308
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 21 Jan 2024 17:18:06 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2289 13 KB
5 KB 15ms
15ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://mlx.su/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 480
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 17:10:06 GMT
expires: Mon, 20 Jan 2025 17:10:06 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6A90 829 B
998 B 25ms
24ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

399e4f1a451396f82368d534fec4533954e0fd2207b8b72aa2180efa39aab21a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0l-7zgGhy7AteDJmmTQRSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://mlx.su/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-0l-7zgGhy7AteDJmmTQRSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 21 Jan 2024 17:18:06 GMT
expires: Sun, 21 Jan 2024 17:18:06 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 2289 39 KB
15 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:06:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 672
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 20 Jan 2025 17:06:55 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6A90 0
0 160ms
159ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240118&jk=118611438461066&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2289 0
10 B 15ms
15ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?0fpvMg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

date: Sun, 21 Jan 2024 17:18:07 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 166ms
166ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240118&jk=118611438461066&bg=!f3ylfDPNAAa8BdJLnAU7ADQBe5WfOEnk1eVjyO_IwYbZgWzpur8GwY2txwhbmMEjohd5x3r-rfSoSb44M5qc2pG_mHtQAgAAAC1SAAAAAmgBB5kCogRHR0QeZzYxVa5vuvJxOC7M08nUYp-izjx_G9XeIHWHVwPk_AEzooljZ-aFVnxdqIJLc_Q5GLqlOh69eusxOPwVVKr2bi9rM5W2n2adQn961Db5YcHv8DUDiXxVdJEn1kwlYilCGO2G5tb0UETXFyabwa-RkaSqyu-rOeIfx7i8u7e_TD-yihOEogIAcxO3iqWSTTQcpGyL1cipGKY26ViwNcZdmioe9sQZkadcCzk71-4PKGOaJjWYwrqCJdiOKDnzrAs7_E9NhA9miAGNJy02Ereom1roPQlu2CJJnLf6jCb9VPMPDYwAu5DnPAuvpWDep3wqL9dDdXInUyV-JBKpfKRqJ56WdX8aHadjoPFM7gm0cQmNXFst6_kLtS5QKDfXPHkFxKgOmL5WjibUvRDcdu-JN9aFRQyzz_qczlEjBkmm9bTE00Akec5-g5mCXaJ9qmTnLLCSC6-dVhwUfKysKb7bfzuC56JIvVMb_EI77imLIGtVci57pCNHQQgb6zxPLbYVwARz7nIwlijWucKqgAEwk_G1_lYu8X82hkx1dJSr6l0b3diM3pWHhH1wLBVQ5KE5BgqHR8iTsty_gylX3NA4L2nnHlWOAErngVsK_CxV25vXLwyP5Js78Gie-PUOEmyH2hgyOh-9PGd9HAC4SbF2m7VtsHx62ZMl6yLRxY6O4zt8OVnS_NyE8rgOa-7Ukt5nkQXH1lETQJW3z34I33kGMsEGDI7veqeyPQxph8VtMvvJp07x1Nkz-0NwMg8_I5GIsa_IrNLHnPHg4m9omT-EH7KZThnMtF4GFAjzMIFpL_bCuxaGDdlR_mNjzap1k7ndY1TD6dRbUj6epUUxpEFcXWzUrIAv2k3-Zsjsvcz_AQQvsD0iPl9WmK76Bgjp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 94FF 0
20 B 161ms
160ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2758958659364&version=m202309260101&ct=77&x=1&cor=12570625638764892000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 21ms
21ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-0ZVBMKGN8Y&gtm=45je41h0v9111752233&_p=1705857484176&gcd=11l1l1l1l2&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=2130617466.1705857484&ir=1&_eu=EBAI&_s=2&dl=http%3A%2F%2Fmlx.su%2F&dt=MLX%20Tools%20-%20Useful%20tools%20for%20you&sid=1705857484&sct=1&seg=1&en=page_view&_ee=1&_et=2&tfd=5761
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0ZVBMKGN8Y&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://mlx.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 17:18:09 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://mlx.su
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

20 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mlx.su/	1970-01-20 17:52:23	Name: _gid Value: GA1.2.1460153446.1705857484
.mlx.su/	1970-01-20 17:50:57	Name: _gat Value: 1
.mlx.su/	1970-01-20 17:50:57	Name: _gat_gtag_UA_1293902_20 Value: 1
.mlx.su/	1970-01-21 03:26:57	Name: _ga_XSN8X7N395 Value: GS1.1.1705857484.1.0.1705857484.60.0.0
.mlx.su/	1970-01-21 03:26:57	Name: _ga Value: GA1.1.2130617466.1705857484
.mlx.su/	1970-01-21 03:26:57	Name: _ga_0ZVBMKGN8Y Value: GS1.2.1705857484.1.1.1705857484.60.0.0
.mlx.su/	1970-01-21 03:12:33	Name: __gads Value: ID=57b81b7a48c5a78f:T=1705857484:RT=1705857484:S=ALNI_MZbvelmQxeDr52aKfqNwceU8HKFOA
.mlx.su/	1970-01-21 03:12:33	Name: __gpi Value: UID=00000d45c1950031:T=1705857484:RT=1705857484:S=ALNI_Mb3Mzt8TdLVLPRuAcV4xG4NowX9Sw
.doubleclick.net/	1970-01-21 03:12:33	Name: IDE Value: AHWqTUlyoEv4t34Zt5NWjPIfaUl0N2KlZTBGu9TB9A6PHcDbPnWvsBeeEh9FXbIHzic
.adnxs.com/	1970-01-20 20:00:33	Name: uuid2 Value: 8910190458966245042
.casalemedia.com/	1970-01-21 02:36:33	Name: CMID Value: Za1RzWdYqIMDcuv3jMtFPQAA
.casalemedia.com/	1970-01-20 20:00:33	Name: CMPS Value: 5212
.casalemedia.com/	1970-01-20 20:00:33	Name: CMPRO Value: 5212
.adnxs.com/	1970-01-20 20:00:33	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C'$utDYb!]tbPl1M>e)ZlrFUfJ+tGXxpS:E.]9QNpiPI.$TjL=if*E<#dQc?2JDBQ%2T3If)y3KL9D3I?+X:5JNX
.adnxs.com/	1970-01-21 03:26:57	Name: XANDR_PANID Value: 8lJENx4961vR01aR5AmfHQGDCvpfpeYoAwMNIJnIXdncpTMQgYM1tY9PFvD7lmZ3qyZ3Z_cgOmd3iItF1IKru0V2iJXezo8tv2wGGBPE164.
.redintelligence.net/	1970-01-20 20:00:33	Name: 8lcfmzhxc8d6_uid Value: 607a2077bfd82964
.doubleclick.net/	1970-01-20 18:34:09	Name: ar_debug Value: 1
.office-partner.de/	1970-01-21 03:26:57	Name: source Value: {"webgains_webgains":{"timestamp":1705857485784,"clickCookie":false}}
.awin1.com/	1970-01-20 18:01:02	Name: awpv11601 Value: 113440\|1705857485\|0a477050-b881-11ee-a4ff-226608db104b
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 357526:3266505

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1(Line 17) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
ad.doubleclick.net
ade.googlesyndication.com
ads.eu.criteo.com
adservice.google.com
adv.office-partner.de
analytics.webgains.io
api.webgains.io
cat.nl3.eu.criteo.com
cdn.track.production.webgains.team
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.jquery.com
csm.eu.criteo.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900010.redintelligence.net
ib.adnxs.com
maxcdn.bootstrapcdn.com
medialead.de
mlx.su
pagead2.googlesyndication.com
pv.medialead.de
region1.analytics.google.com
s0.2mdn.net
s7.addthis.com
static.criteo.net
stats.g.doubleclick.net
tpc.googlesyndication.com
track.webgains.com
www.awin1.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.18.36.155
138.201.63.145
142.250.184.198
142.250.184.230
142.250.185.162
142.250.185.194
142.250.185.66
178.250.1.6
18.132.155.94
18.155.129.30
18.171.41.162
18.244.28.99
2.16.184.115
2001:4860:4802:34::36
23.192.250.178
2606:4700:3034::ac43:ab1a
2606:4700::6811:190e
2606:4700::6812:bcf
2a00:1450:4001:802::2001
2a00:1450:4001:810::2008
2a00:1450:4001:813::2003
2a00:1450:4001:81c::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:827::200e
2a00:1450:4001:828::2002
2a00:1450:4001:828::2004
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2006
2a00:1450:4001:831::2003
2a00:1450:400c:c07::9a
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::3
2a04:4e42:400::649
2a0b:4d07:102::1
37.252.171.53
91.121.248.44
94.23.99.218
010010798b734ebaa5db582651f1efd8c77e4ed3a396d1886a3f7f0f6c92ee58
06d24424fe8c15dd335c668f21183ad1445c22328a06403b5e9ec176194a9b8f
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a5426717f892108bc000905102d71bc5a136255d1405d17b4dfdd3b07956f9f
0b827a356de86e7ede120744088d83d693014ef7b8d4915642cd144dba094938
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bf966569adeba9c13afd6182d2faf0054b08889626ea01cd45ea8c27da2207e
17881e4f695f51467cea3870acb51f1612c0d5f4f1a5810324f9041c8ef2f834
1a9cba16c5a30dc7cc3bdcbba2a45e9e2e28ec4437894302c6676369ed0ec732
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1d9fa332f592dfbe54205676cac4d1311768af479cdb60787721a5b11c4bc1f1
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
241bb801b29748e542884f7b902c02f12f6a318ba97f70224986634926dbc433
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ea441241f5e96cc6e9a2f61a10d681a4513afed985a8517790e5cfecf3ba417
307003b8521a972055b9b3eeaf396f1d99b0877a0ee4f022fc996d7fb8c01c5a
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
32e0174550fcf17b9fb41ba5918e6d322c45b4ecb0a6e1862d724d7b583509b7
369f379d66bdfc647d007825256038da16af59137c7195e11c50e865a2197794
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
399e4f1a451396f82368d534fec4533954e0fd2207b8b72aa2180efa39aab21a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4402418fc5cd77aa922d7e94a2d49cc7923f5b577801be59c2f82e3233455b86
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
45009a243d571ef5211356c6f18f81da12766f57142eb8c483906558f033f74f
46894f8af00c2de2a7b68d5af0d2b8b148a811bdc8deab9f306c2f4bd6425a46
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
55ee9510e78623f5fd1309067dc6e7a15f70d48e23e5658a0aa81be100ad232b
576d855c1a90b815cf07ff532e9d79d60d5c22dc3fe778e27926d193108de49b
579a10a2485055e988338be054f866cbe713c8510442130cbda0ce11ced6c49f
59196f295fdadd3391cfbb187fef654f77ae385d6f8555c588963b521b1a98a8
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5bac92308fc46c5e0d26a87335cf69d7f86ee2ce712f7643c44d5c34fb036944
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5ca4b5260e5b7a45b242e3c117e96451cb1d43563baee057f0d609548a112db7
5d05b5c409c699263dbe63602c31ec16e76e2e21a4a3cd9eeedee12167a4fc87
5db9f8abcb1e4da240266eaa7e1e8fb5028e33fcebf620ec9c8697442eba542e
6001cd05140d479d12358ef496ff369c87cc8bbefa464c2ab69278ac81e85037
619fdeaed027f4e2b96cb82baa60c9c6615e7b24172f08eed907e617537171e1
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
637b48080f08742cbdd4ffd5874582e86f894bdbf4de37521a70988ad0245846
69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0
6bf2f6cd332cabaa2a5781823d9c2a9b3ea677d57f123de9a30c96fa59d4831e
70c4f56f8e13e9387d9c65b17636a678eb6ccf82a8255cb1d2eb9192f7e478bb
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
75103a015c73f96e7eea3d6d3d8db1a225689c0f7adc3b84c82fa0df26eecdf2
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7dd05dd8d5b14a6b2ac0e2cb569cf341be47deaee54b6a074394828e13c72e0e
80a4d563bc94881303dd2de053433c12767a69af685424317eb9901a65fcd09c
80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86b935a864f99677f1f29ae168dd1cc98d754129e7f6ab6e38db3b46e15593d3
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
91088a015cd36dabb6639d0b6d08fadc57be7f1b85011f5f882d4e7a8611df31
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
949d09e167c9b01dcc2c1536850e2bd3dc209d9d6dfec750b4f427fda41321b6
972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651
97a5bfd1230c912b673fa01e252e9a353af8032a5b9ccdf2103ed5f2602a728f
99a6a4c892d66a3c254c7225754a4557920c0fe414fb77d5a66e0ea34be1da04
9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
aade75d409ef95edca2a02c0a60c8263c656e955244ed0b67dfcd37e23cfd9a3
ae46f7995e1b4b3deb22a5aa78ddac53e1c6c0418d446549458175c1e8c7248c
aebf611c1438dc7ec748e9a6364c734066b34bf2a1c7e2fc6511ed784635b50e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b388092468489b95a626d000b006cf4987b5f287a8d1fa8f2adaf192b6ac7bcd
c098baa1abe1b573dac8b4035acf6f34a0436a95e6b568f018dd9ca4243f1fad
c3b7bf416424abed17314649bb71a1de7a3afc6af66840d04b730e69652e27ac
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
c93ee8ed5d47db57af633c22f2baf28c934735879592db40c396bdee0ce9ad3a
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
cc6bec26f8a92aaea972740f1b17484d8058f44b59c736ab320558343bf86ba3
cdacb012543e54643594e5ea00746269874a1678f49bc91fd7749aa01ae3df0e
ce081fca262dab08c5645d4e2c7b42b9377ec0a1515b165b7efcb22b62bda57d
d0d80991c6e4b62d5c77985c1e293aad44cc120e03aee7ae6936c79d25a0e467
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
da10d8b8587c8c2f57b549a436dff23e35c7ba130d315e39be083470275b47fc
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0948ab26397a3912e2fc7086f64a39872e89e5791720f5610d6a609a69b51bf
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e537bb0b81601eabcdc6dd4e2eb938917a7c6887765651882ec0ed5081c26c67
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
e7eac36e5fa43812e97a6ed35d766ff5cc815cd3d5831fb3f762bd6df4f6523b
e86370811b31d2333999248eeb6f6b8e7d719a0679f305fa23b3a737ab18dab8
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
edae388813eb1624d43fcd1fd86ef7930238ff87dd6d2bf2692d0e8d2c790908
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f187dc8de7fe50f1f8825c3500b64080cc78ac39df7efd31a4b1bc562be9ca3d
f1eb58bc70c7f8af70d0eda0afa7effc5afe0f548fc5f8d771ae426402eb4e80
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f753043c9ccd4002880163506e7d7b5643af80bab3f36dba3bd3bd926d4e4f73
fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9
fb3a2ca25c916b02b4cc9871f9ab332435437d01fb5031fe3e962b91b0360acd
fe491bd2842d5bd39f983ff81431e710df2d3f80862cc02cda481400d04a511b

mlx.su Open in urlscan Pro 2606:4700:3034::ac43:ab1a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

194 Requests

81 %HTTPS

57 %IPv6

26 Domains

41 Subdomains

40 IPs

7 Countries

4989 kBTransfer

9339 kBSize

20 Cookies

1 Outgoing links

Redirected requests

194 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

mlx.su Open in urlscan Pro
2606:4700:3034::ac43:ab1a Public Scan

Screenshot
Live screenshot

Full Image

194
Requests

81 %
HTTPS

57 %
IPv6

26
Domains

41
Subdomains

40
IPs

7
Countries

4989 kB
Transfer

9339 kB
Size

20
Cookies

194 HTTP transactions
2 data transactions